qingtian.whaisiup.com Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response qingtian.whaisiup.com/	20 KB 7 KB	527ms 321ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://qingtian.whaisiup.com/ Protocol HTTP/1.1 Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1b0bf212519fda9b33118d47f14355f06c8f3cb92ba4ffd00a57e7f9d469cd01 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 7b81800d3b9506c0-AMS Connection keep-alive Content-Encoding gzip Content-Type text/html Date Sat, 15 Apr 2023 04:38:39 GMT Last-Modified Sun, 09 Apr 2023 13:10:59 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3J4SxfG%2FhpX2T9SpoOfBCEx8TqfxmnoiC2ArEjc%2BoYz%2Fup7AhErnvnbyt7DcUXS9DNjZpHxUe%2BQ8pbCn0qG4Gz2y6GP2sW9xtea2%2BmsCYQ%2BE0lZDGpgCGbPQN8QWrHjzL4bIy%2BiMjQg3n3aRv30RrbQ%2FAeM%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H/1.1	200 OK	cssm_qr.fd652868ecd9e5bd5fccf5a20a5da0d1.css qingtian.whaisiup.com/WhatsApp_files/	63 KB 32 KB	448ms 447ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://qingtian.whaisiup.com/WhatsApp_files/cssm_qr.fd652868ecd9e5bd5fccf5a20a5da0d1.css Requested by Host: qingtian.whaisiup.com URL: http://qingtian.whaisiup.com/ Protocol HTTP/1.1 Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 65dc95f0c6c655162478c4ad552330a77cf38f31a94ba0646c20d1761de554ab Request headers accept-language nl-NL,nl;q=0.9 Referer http://qingtian.whaisiup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers Date Sat, 15 Apr 2023 04:38:39 GMT Content-Encoding gzip CF-Cache-Status MISS NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Content-Length 31738 Last-Modified Wed, 05 Apr 2023 13:17:46 GMT Server cloudflare ETag "fdcc-5f8969e3aac04-gzip" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oKmRez7h9jVf4frLLUEOgwWBIMJKsNdJuOekFd%2BZvutoTpqDiUBWsZTagWH%2B7R3LFHeJGx3kabvgS2MWxVFkv%2BH%2BPsdIihJ%2B9Eon7Jg4HJ1B%2BtlaWMF5Dz9hTcpuCT5CRplN80HLnZ4RrOS0qseFaCwNbys%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css Cache-Control max-age=14400 Accept-Ranges bytes CF-RAY 7b81800f4cd706c0-AMS
GET H/1.1	200 OK	cssm_app.aaa9f35c34c2bd47b672edaf77e8bba4.css qingtian.whaisiup.com/WhatsApp_files/	239 KB 48 KB	639ms 613ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://qingtian.whaisiup.com/WhatsApp_files/cssm_app.aaa9f35c34c2bd47b672edaf77e8bba4.css Requested by Host: qingtian.whaisiup.com URL: http://qingtian.whaisiup.com/ Protocol HTTP/1.1 Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cc4c1420afc60b8d8cab06a650c3e5616217dda0ed312b4bbd9a5cc58c322a6f Request headers accept-language nl-NL,nl;q=0.9 Referer http://qingtian.whaisiup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers Date Sat, 15 Apr 2023 04:38:39 GMT Content-Encoding gzip CF-Cache-Status MISS NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Content-Length 48346 Last-Modified Wed, 05 Apr 2023 13:17:46 GMT Server cloudflare ETag "3ba46-5f8969e391d94-gzip" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cMnxuMbBmmHXQrmP%2Bvn9TxcbHeM8Zz95UOcEzZUyWvZAR4T%2BaGcU0dNnDSR%2B%2BdNDsHEvd9gFyMtJ9x5QrQU3Cp1u8%2Ftz838kiTTysF%2Baz1MIT3h%2FFNwe0i0cUb%2F9EQOpYNu9B%2FmPRQ1Bh9lJQGDhu7NbTIA%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/css Cache-Control max-age=14400 Accept-Ranges bytes CF-RAY 7b81800f6d030b4e-AMS
GET H/1.1	200 OK	jquery.min.js Show response cdn.staticfile.org/jquery/1.10.2/	91 KB 33 KB	3078ms 31ms	Script application/javascript	163.181.56.169 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Requested by Host: qingtian.whaisiup.com URL: http://qingtian.whaisiup.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 163.181.56.169 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash 89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e Request headers accept-language nl-NL,nl;q=0.9 Referer http://qingtian.whaisiup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers X-Log X-Log Date Fri, 14 Apr 2023 05:53:00 GMT Via cache4.l2us1[0,0,304-0,H], cache20.l2us1[0,0], ens-cache8.de4[0,0,200-0,H], ens-cache2.de4[1,0] Content-Encoding gzip X-Svr IO X-Reqid 6agAAABCTd1Nt1UX Age 81941 X-Swift-CacheTime 70631 X-Cache HIT TCP_MEM_HIT dirn:8:225401352 Content-Transfer-Encoding binary Content-Disposition inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js Connection keep-alive X-Swift-SaveTime Fri, 14 Apr 2023 10:15:50 GMT Content-Length 32989 Last-Modified Tue, 16 Feb 2016 04:22:54 GMT Server Tengine Etag "FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz" Access-Control-Max-Age 2592000 Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin * Ali-Swift-Global-Savetime 1681451581 Access-Control-Expose-Headers X-Log, X-Reqid Cache-Control public, max-age=31536000 Accept-Ranges bytes X-Qiniu-Zone 0 Timing-Allow-Origin * EagleId 2ff62b1a16815335222608023e
GET H/1.1	200 OK	progress.d6b49e71f39a81300686.js Show response qingtian.whaisiup.com/WhatsApp_files/	12 KB 6 KB	348ms 323ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://qingtian.whaisiup.com/WhatsApp_files/progress.d6b49e71f39a81300686.js Requested by Host: qingtian.whaisiup.com URL: http://qingtian.whaisiup.com/ Protocol HTTP/1.1 Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 956a484097417e953d97fd922b864bb9584bf8d619b53df91ceed45092ddf3ae Request headers accept-language nl-NL,nl;q=0.9 Referer http://qingtian.whaisiup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers Date Sat, 15 Apr 2023 04:38:39 GMT Content-Encoding gzip CF-Cache-Status MISS NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Content-Length 5761 Last-Modified Wed, 05 Apr 2023 13:17:47 GMT Server cloudflare ETag "3036-5f8969e3dad8c-gzip" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZyGVMLFL5bTD4kXbOKqsjwSgH%2Bp%2BiiInnSp0hoJoH%2F9pamRzXHfAA4KnsaN4YzoEx6cBg6K8UhZa1EUm1GpDJ%2Bo%2FtiFr%2B64QAhh4iaG64NSTKov%2Bl5Rn7dzLtMmzUvx7HD2v9TIaSz9S5xhDV5JpRW4gk6Q%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Cache-Control max-age=14400 Accept-Ranges bytes CF-RAY 7b81800f6b26b766-AMS
GET H/1.1	200 OK	main.js Show response qingtian.whaisiup.com/	2 KB 1 KB	346ms 321ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://qingtian.whaisiup.com/main.js?ver=1.8 Requested by Host: qingtian.whaisiup.com URL: http://qingtian.whaisiup.com/ Protocol HTTP/1.1 Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 56f10a63da95e8cccfae69ce4d625a42174861d6619de1adca147e687fd5d0cc Request headers accept-language nl-NL,nl;q=0.9 Referer http://qingtian.whaisiup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers Date Sat, 15 Apr 2023 04:38:39 GMT Content-Encoding gzip CF-Cache-Status MISS NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Connection keep-alive alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Content-Length 648 Last-Modified Sun, 09 Apr 2023 12:53:37 GMT Server cloudflare ETag "88a-5f8e6bf3771a1-gzip" Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSCdJMTWBfs0KrZRGZoZDupwluBjbjC2wLufjsEubQsa4KRzoB11vqZPKb%2Bp4Y%2BR2sR%2BIrHWNmJdmG2Kywq46sLRr24uKXtKSav63RsPAPa0ZqVqBuOXQ2sZMW2HPI3%2FC3rZ9LaT3h%2Fut7nu4DbM9y2Heg8%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Cache-Control max-age=14400 Accept-Ranges bytes CF-RAY 7b81800f6b060df4-AMS
GET H/1.1	404 Not Found	vendor1.99c20f1ecd87cc34efff.js qingtian.whaisiup.com/	0 0	318ms 317ms	Script text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://qingtian.whaisiup.com/vendor1.99c20f1ecd87cc34efff.js Requested by Host: qingtian.whaisiup.com URL: http://qingtian.whaisiup.com/WhatsApp_files/progress.d6b49e71f39a81300686.js Protocol HTTP/1.1 Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer http://qingtian.whaisiup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers Date Sat, 15 Apr 2023 04:38:42 GMT Content-Encoding gzip CF-Cache-Status MISS NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5MDQ3DaThKXOQ6BMe1pWh1mRKdPZacAD2Ne11c9EAPAeXLXfD7GufsKAcDmbla%2BDcj9j7B5GAyalvKyWlsablNZc0jE%2FlkNKORRDYap0tIzj5hll5WX%2Belaht0B%2BLasue7Usif%2FJNFHcpgPEReZmv%2B5bIZc%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/html; charset=iso-8859-1 Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7b818022ccb20b4e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H/1.1	404 Not Found	vendor2.ec3b8281cb6ba51b3d53.js qingtian.whaisiup.com/	0 0	312ms 311ms	Script text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://qingtian.whaisiup.com/vendor2.ec3b8281cb6ba51b3d53.js Requested by Host: qingtian.whaisiup.com URL: http://qingtian.whaisiup.com/WhatsApp_files/progress.d6b49e71f39a81300686.js Protocol HTTP/1.1 Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer http://qingtian.whaisiup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers Date Sat, 15 Apr 2023 04:38:42 GMT Content-Encoding gzip CF-Cache-Status MISS NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fy%2FuxDaIZEyXlcb7w%2Fz6RHDMeLd9fLasBRjJWpIoEF%2FkQBE8WNROu8PeKGrDOBXr1UbG1goIfhNzFoVt19%2BU7IlkRHMktu8%2BlF7xYIOumqiUzy29cq98cVnSLhQgojh6AgIj4qLx2CI3DNy3PP4BPNtn%2BfA%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/html; charset=iso-8859-1 Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7b818022ca9006c0-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H/1.1	404 Not Found	app.fcc4530fc12b9a9a1faa.js qingtian.whaisiup.com/	0 0	310ms 309ms	Script text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://qingtian.whaisiup.com/app.fcc4530fc12b9a9a1faa.js Requested by Host: qingtian.whaisiup.com URL: http://qingtian.whaisiup.com/WhatsApp_files/progress.d6b49e71f39a81300686.js Protocol HTTP/1.1 Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer http://qingtian.whaisiup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers Date Sat, 15 Apr 2023 04:38:42 GMT Content-Encoding gzip CF-Cache-Status MISS NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CDdC08bvDMrMPTQ4y9okx2%2Fy5%2Fr3A80xGaBYUvDUFKJPDyuiO5NWzHuCWUeEJ9jbBaJ%2BuTC4naH3UoYTPlADPy%2BZy2Q5cAxO9wzzG%2Ftfav1ipvVL3OTmmEnvcD6Fb%2B8PFpvxzxzAQXgxda8cXRNEKMZK7s0%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/html; charset=iso-8859-1 Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7b818022cce1b766-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	status Show response server.whaisaup.com/	2 B 496 B	716ms 551ms	XHR text/html	2606:4700:3036::6815:4370 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://server.whaisaup.com/status?uuid=7968d669-b640-4707-8857-8a7e83e8f3a7&timestamp=1681533522350 Requested by Host: cdn.staticfile.org URL: https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:4370 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash cf3bae39dd692048a8bf961182e6a34dfd323eeb0748e162eaf055107f1cb873 Request headers Accept */* Referer http://qingtian.whaisiup.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers date Sat, 15 Apr 2023 04:38:43 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KD%2FdKkEzrJz3L5Kwb%2FaL3Kkq2%2BQ1yKPOeG%2BlZEUpz3LTIM%2B%2FZQu9OvdnB8KPFNCXK1Tatd19FgTO%2BKU0q15VkUDExiz87nPp7ic1IVRcfp8uQmitrkpWvSZn5vcv5Vh3Z8IuAOnZygUo5DoEtVNAUF%2BZ"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 access-control-allow-origin * cf-ray 7b818023de920a51-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	Init Show response server.whaisaup.com/	7 B 294 B	728ms 564ms	XHR text/html	2606:4700:3036::6815:4370 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://server.whaisaup.com/Init?uuid=7968d669-b640-4707-8857-8a7e83e8f3a7&timestamp=1681533522352 Requested by Host: cdn.staticfile.org URL: https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:4370 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 8dc1988eec3739141e40a2ad99d074688909520375239340484bc65d852b9cb1 Request headers Accept */* Referer http://qingtian.whaisiup.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers date Sat, 15 Apr 2023 04:38:43 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l6FVF9SvG1jtbKSkdExy3TNmDR%2BBM5pbVOqimSv1ivLvWyjPB40nZrDltpRl18Sb0ku%2FLC9qhI9ifg8o%2BLEVmSgscG%2BjouoEVHDmuVajXtocEPrNHK2zgrzZSsiWEtlutBLgDac%2B2cpAgykALeCXk7yh"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 access-control-allow-origin * cf-ray 7b818023de930a51-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST		wa_clb_data crashlogs.whatsapp.net/	0 0
GET H/1.1	404 Not Found	app.fcc4530fc12b9a9a1faa.js qingtian.whaisiup.com/	0 0	310ms 310ms	Script text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://qingtian.whaisiup.com/app.fcc4530fc12b9a9a1faa.js Requested by Host: qingtian.whaisiup.com URL: http://qingtian.whaisiup.com/WhatsApp_files/progress.d6b49e71f39a81300686.js Protocol HTTP/1.1 Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer http://qingtian.whaisiup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers Date Sat, 15 Apr 2023 04:38:43 GMT Content-Encoding gzip CF-Cache-Status MISS NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FMcz4myTOLb8TJkVIpEPnbJDueBxnO77oT8ssMpVPHhfWkzaXxo8j8OGRT%2FPLoVwEF3mYnt5k0v0UY1DpQaiRNDfnQMXAyOGMtKJrNr2fH4GJ28I8MCPVG3yDZQU8VTZhVaaucGu%2Fx5TBeT%2B8X9IAyY7WuQ%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/html; charset=iso-8859-1 Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7b81802b0c160b4e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST		wa_clb_data crashlogs.whatsapp.net/	0 0
GET H2	200	status Show response server.whaisaup.com/	2 B 288 B	296ms 295ms	XHR text/html	2606:4700:3036::6815:4370 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://server.whaisaup.com/status?uuid=7968d669-b640-4707-8857-8a7e83e8f3a7&timestamp=1681533524081 Requested by Host: cdn.staticfile.org URL: https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:4370 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash cf3bae39dd692048a8bf961182e6a34dfd323eeb0748e162eaf055107f1cb873 Request headers Accept */* Referer http://qingtian.whaisiup.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers date Sat, 15 Apr 2023 04:38:44 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9kbzVw9pVLn8GyOjESOoyJieENQhAn8kPC5%2BBYLEUwrrhgOpx0UjsvMw02LBepxgSNs1iNm%2BxwSL%2F8R6YbGiH4tYofb756yx8VfcGXm22LiUJbJYirayT7PZC1pT4PPe50Jl2oSQiNULT%2BdGIS6kKHfw"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 access-control-allow-origin * cf-ray 7b81802d9dcb0a51-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	qrcode-7968d669-b640-4707-8857-8a7e83e8f3a7 Show response server.whaisaup.com/	0 290 B	292ms 291ms	XHR text/plain	2606:4700:3036::6815:4370 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://server.whaisaup.com/qrcode-7968d669-b640-4707-8857-8a7e83e8f3a7?timestamp=1681533524082 Requested by Host: cdn.staticfile.org URL: https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:4370 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer http://qingtian.whaisiup.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers date Sat, 15 Apr 2023 04:38:44 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8dsKKy8RDXQ48yJbcZmtI3jVPiWbGMv8L%2FtvKrOprcBvi0xjibi2d8kKA7xh7jnlLOT7Qf0I6orvaY9BIYI%2BfqE0uB62Sk%2Bvp4FJ%2B3zz0yzSgi6qFlE21bPNB%2FY8ZxN2601tY9blMqwRlJts%2FS5hxjTC"}],"group":"cf-nel","max_age":604800} access-control-allow-origin * cf-ray 7b81802d9dc90a51-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0
GET H3	200	status Show response server.whaisaup.com/	2 B 473 B	527ms 526ms	XHR text/html	2606:4700:3036::6815:4370 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://server.whaisaup.com/status?uuid=7968d669-b640-4707-8857-8a7e83e8f3a7&timestamp=1681533525081 Requested by Host: cdn.staticfile.org URL: https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:4370 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash cf3bae39dd692048a8bf961182e6a34dfd323eeb0748e162eaf055107f1cb873 Request headers Accept */* Referer http://qingtian.whaisiup.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers date Sat, 15 Apr 2023 04:38:45 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iO06vxqiNaJGHzo0zJs%2BNszup3u3sa9GmlCORLaY0OdPVuzzhETqj1tEJt8nD%2FguGgWv0CaoLLJEk5goXdMsdQrSiJlMgk05BdezDafgLc0trqTVDbSqsgeGOrmrZA1MxnJYiPgfpP4t%2FyViubEuM4Pk"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 access-control-allow-origin * cf-ray 7b818033de670b75-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	qrcode-7968d669-b640-4707-8857-8a7e83e8f3a7 Show response server.whaisaup.com/	0 430 B	544ms 543ms	XHR text/plain	2606:4700:3036::6815:4370 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://server.whaisaup.com/qrcode-7968d669-b640-4707-8857-8a7e83e8f3a7?timestamp=1681533525082 Requested by Host: cdn.staticfile.org URL: https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:4370 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept */* Referer http://qingtian.whaisiup.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers date Sat, 15 Apr 2023 04:38:45 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jsBz1dt2VwwiArum4Xpm%2FaMxzCLjmNAup1vpZ1ltVVXaLQ%2Flogv0HSD%2BbBU68KqMQMUydwvWvLSApBrz3XVrQA56qEoRNOKf8MYb%2FYvEGRBwLWmaG3RyGc00FRwbRGqk1rqgEgs%2BhhVlHndZxOA4Th7s"}],"group":"cf-nel","max_age":604800} access-control-allow-origin * cf-ray 7b818033de690b75-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 0
GET H/1.1	404 Not Found	app.fcc4530fc12b9a9a1faa.js qingtian.whaisiup.com/	0 0	30ms 30ms	Script text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://qingtian.whaisiup.com/app.fcc4530fc12b9a9a1faa.js Requested by Host: qingtian.whaisiup.com URL: http://qingtian.whaisiup.com/WhatsApp_files/progress.d6b49e71f39a81300686.js Protocol HTTP/1.1 Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer http://qingtian.whaisiup.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers Date Sat, 15 Apr 2023 04:38:46 GMT Content-Encoding gzip CF-Cache-Status HIT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Age 3 Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uQWAPks5N%2Bxd1zOX1%2F%2FiGejOb4LlSDrZqvcW9rtWL5FZPUJN24WYiiY3iyeOgpSynoJ%2BXAj97hJ4AuYVkvDF3qWQToyXWsng%2FfvX0Qv3eQ2XleWYBfRWNIoG04ooLYL02x65Tsvh56EoUo67p8umeYfLcBM%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/html; charset=iso-8859-1 Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7b8180397fde0b4e-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST		wa_clb_data crashlogs.whatsapp.net/	0 0
GET H3	200	status Show response server.whaisaup.com/	2 B 438 B	278ms 278ms	XHR text/html	2606:4700:3036::6815:4370 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://server.whaisaup.com/status?uuid=7968d669-b640-4707-8857-8a7e83e8f3a7&timestamp=1681533526081 Requested by Host: cdn.staticfile.org URL: https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:4370 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash cf3bae39dd692048a8bf961182e6a34dfd323eeb0748e162eaf055107f1cb873 Request headers Accept */* Referer http://qingtian.whaisiup.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers date Sat, 15 Apr 2023 04:38:46 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q6ZjaSnP82%2F16bo3zLDFU5m3O4C6h3wwcaZRQqiplV4McMVfA2Q9iH1LfetWDbFheRMyz4xMmqi4xD8go8vB0ZuwQuWa49y9srDu4IPFFTYBsm6e4udFtW%2BEPAlFjsmxdf46S5mI3IYXznZ8VqZefHs%2B"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 access-control-allow-origin * cf-ray 7b81803a1b210b75-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	qrcode-7968d669-b640-4707-8857-8a7e83e8f3a7 Show response server.whaisaup.com/	217 B 622 B	286ms 286ms	XHR text/html	2606:4700:3036::6815:4370 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://server.whaisaup.com/qrcode-7968d669-b640-4707-8857-8a7e83e8f3a7?timestamp=1681533526081 Requested by Host: cdn.staticfile.org URL: https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::6815:4370 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash ff019128667e9f8d27981416cbe7b30c8d47957ab42bec89f34798255f7934a6 Request headers Accept */* Referer http://qingtian.whaisiup.com/ accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36 Response headers date Sat, 15 Apr 2023 04:38:46 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lysjya0lTKxkuoKGI3MTqnqdYbSbmte1WBlIEmHaQdj6%2BZf8KdBeuZZ4VdlkCQCrF1%2F3DPrWtLhvDO8sfkIXN%2F2ObNcXCczge0FKh7l7chS0aLPsFwqjNuBz6LaoQ9vseT0uhpWXpOyp7q%2FWsF4dQm75"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 access-control-allow-origin * cf-ray 7b81803a1b220b75-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET		7968d669-b640-4707-8857-8a7e83e8f3a7.png server.whaisaup.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

crashlogs.whatsapp.net

URL

https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af

Domain

crashlogs.whatsapp.net

URL

https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af

Domain

crashlogs.whatsapp.net

URL

https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af

Domain

server.whaisaup.com

URL

https://server.whaisaup.com/7968d669-b640-4707-8857-8a7e83e8f3a7.png?1681533526369

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery function| isIE function| guid function| getUUID string| uuid function| webpackJsonp object| qr function| refreshQRCode string| ckUuid string| domain object| ws function| status_callback

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://qingtian.whaisiup.com/WhatsApp_files/progress.d6b49e71f39a81300686.js(Line 1) Message: WebSocket connection to 'wss://web.whatsapp.com/ws' failed: Error during WebSocket handshake: Unexpected response code: 404
network	error	URL: http://qingtian.whaisiup.com/app.fcc4530fc12b9a9a1faa.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://qingtian.whaisiup.com/vendor2.ec3b8281cb6ba51b3d53.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://qingtian.whaisiup.com/vendor1.99c20f1ecd87cc34efff.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: http://qingtian.whaisiup.com/ Message: Access to XMLHttpRequest at 'https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af' from origin 'http://qingtian.whaisiup.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://facebook.com' that is not equal to the supplied origin.
network	error	URL: https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af Message: Failed to load resource: net::ERR_FAILED
network	error	URL: http://qingtian.whaisiup.com/app.fcc4530fc12b9a9a1faa.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: http://qingtian.whaisiup.com/ Message: Access to XMLHttpRequest at 'https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af' from origin 'http://qingtian.whaisiup.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://facebook.com' that is not equal to the supplied origin.
network	error	URL: https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af Message: Failed to load resource: net::ERR_FAILED
network	error	URL: http://qingtian.whaisiup.com/app.fcc4530fc12b9a9a1faa.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: http://qingtian.whaisiup.com/ Message: Access to XMLHttpRequest at 'https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af' from origin 'http://qingtian.whaisiup.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://facebook.com' that is not equal to the supplied origin.
network	error	URL: https://crashlogs.whatsapp.net/wa_clb_data?access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.staticfile.org
crashlogs.whatsapp.net
qingtian.whaisiup.com
server.whaisaup.com
crashlogs.whatsapp.net
server.whaisaup.com
163.181.56.169
2606:4700:3036::6815:4370
2a06:98c1:3121::3
1b0bf212519fda9b33118d47f14355f06c8f3cb92ba4ffd00a57e7f9d469cd01
56f10a63da95e8cccfae69ce4d625a42174861d6619de1adca147e687fd5d0cc
65dc95f0c6c655162478c4ad552330a77cf38f31a94ba0646c20d1761de554ab
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8dc1988eec3739141e40a2ad99d074688909520375239340484bc65d852b9cb1
956a484097417e953d97fd922b864bb9584bf8d619b53df91ceed45092ddf3ae
cc4c1420afc60b8d8cab06a650c3e5616217dda0ed312b4bbd9a5cc58c322a6f
cf3bae39dd692048a8bf961182e6a34dfd323eeb0748e162eaf055107f1cb873
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ff019128667e9f8d27981416cbe7b30c8d47957ab42bec89f34798255f7934a6