whatsapps-zh.com Open in urlscan Pro
2606:4700:3031::6815:2311  Malicious Activity! Public Scan

Submitted URL: http://whatsapps-zh.com/
Effective URL: https://whatsapps-zh.com/
Submission: On February 20 via automatic, source openphish — Scanned from DE

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3031::6815:2311, located in United States and belongs to CLOUDFLARENET, US. The main domain is whatsapps-zh.com.
TLS certificate: Issued by GTS CA 1P5 on January 10th 2023. Valid for: 3 months.
This is the only time whatsapps-zh.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
11 47.75.19.55 45102 (ALIBABA-C...)
12 2
Apex Domain
Subdomains
Transfer
11 aliyuncs.com
top100htmls.oss-cn-hongkong.aliyuncs.com
309 KB
2 whatsapps-zh.com
whatsapps-zh.com
8 KB
12 2
Domain Requested by
11 top100htmls.oss-cn-hongkong.aliyuncs.com whatsapps-zh.com
top100htmls.oss-cn-hongkong.aliyuncs.com
2 whatsapps-zh.com 1 redirects
12 2

This site contains links to these domains. Also see Links.

Domain
www.whatsapp.com
web.whatsapp.com
www.facebook.com
blog.whatsapp.com
faq.whatsapp.com
twitter.com
Subject Issuer Validity Valid
*.whatsapps-zh.com
GTS CA 1P5
2023-01-10 -
2023-04-10
3 months crt.sh
*.oss-cn-hongkong.aliyuncs.com
GlobalSign Organization Validation CA - SHA256 - G3
2023-01-30 -
2024-03-02
a year crt.sh

This page contains 1 frames:

Primary Page: https://whatsapps-zh.com/
Frame ID: DFE7B02C9D863CF9FE82E25A16EA59D2
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

WhatsApp

Page URL History Show full URLs

  1. http://whatsapps-zh.com/ HTTP 301
    https://whatsapps-zh.com/ Page URL

Page Statistics

12
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

316 kB
Transfer

782 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://whatsapps-zh.com/ HTTP 301
    https://whatsapps-zh.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
whatsapps-zh.com/
Redirect Chain
  • http://whatsapps-zh.com/
  • https://whatsapps-zh.com/
61 KB
7 KB
Document
General
Full URL
https://whatsapps-zh.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:2311 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
099b573cb8300d84f3c8024edea5683e7a44cd12891d515ec2675da275f65677

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
79c7787add1d9b40-FRA
content-encoding
br
content-type
text/html; charset=gb2312
date
Mon, 20 Feb 2023 13:08:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2UDjdaqvk1z5VfFcOPkj3402mDbzdynOh1RIgX4J1YcP22qjtkJatkDtFPGBslBPQBarLTVqXfUxrJsg497xHDLymjno13vqZxGgQCBwdfvx8D6xTT7YNrfFjJiQedQuVaIlPN4vp7pwhCUHGZ81"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-RAY
79c7787a9d6a3645-FRA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Mon, 20 Feb 2023 13:08:22 GMT
Expires
Mon, 20 Feb 2023 14:08:22 GMT
Location
https://whatsapps-zh.com/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xlY9bOEjBBbagUjETMxcpVPBCHMjC7T%2FlgvCsyCNZufVIvOwxCClTyavQaMMgiBWqIOMeMOpwSNse0gYnJOTMjUJogVVF9%2BwIe5RUSSLxpwmUde7%2FkB0d9Hyz7qSTs8PkA3jSo25v2TGHV23k%2FZA"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
main.css
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
338 KB
43 KB
Stylesheet
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/main.css
Requested by
Host: whatsapps-zh.com
URL: https://whatsapps-zh.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
fc48ac4177bfe4027c7566c719281a294492273afba9dde53dd6bba2f45a88ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://whatsapps-zh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-oss-object-type
Normal
Date
Mon, 20 Feb 2023 13:08:24 GMT
Content-Encoding
gzip
x-oss-request-id
63F370C88A23F73937B04B0F
Last-Modified
Tue, 10 Jan 2023 05:04:55 GMT
Server
AliyunOSS
Content-MD5
fmN0ndfbyDW5r63b9uYMWQ==
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
x-oss-storage-class
Standard
Connection
keep-alive
x-oss-hash-crc64ecma
2834374715442820766
x-oss-server-time
6
C2fHuK6eV5E.css
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
7 KB
2 KB
Stylesheet
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/C2fHuK6eV5E.css
Requested by
Host: whatsapps-zh.com
URL: https://whatsapps-zh.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
5d25fc039de768564d39bedbd355926f6612dcf06d40ade793709502ea296d8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://whatsapps-zh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-oss-object-type
Normal
Date
Mon, 20 Feb 2023 13:08:24 GMT
Content-Encoding
gzip
x-oss-request-id
63F370C87E084E34384A37A1
Last-Modified
Tue, 10 Jan 2023 05:04:49 GMT
Server
AliyunOSS
Content-MD5
7YRNYcRigoD0BV8arsGhgQ==
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
x-oss-storage-class
Standard
Connection
keep-alive
x-oss-hash-crc64ecma
14491634128326308371
x-oss-server-time
2
ltFhh1WeWrF.css
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
132 KB
24 KB
Stylesheet
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/ltFhh1WeWrF.css
Requested by
Host: whatsapps-zh.com
URL: https://whatsapps-zh.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
ef1b29898525cd6bff0e1a63d5d5876fe8340076154f400d94fde5104c5f0f1a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://whatsapps-zh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-oss-object-type
Normal
Date
Mon, 20 Feb 2023 13:08:24 GMT
Content-Encoding
gzip
x-oss-request-id
63F370C8FDBA0C3931949770
Last-Modified
Tue, 10 Jan 2023 05:04:55 GMT
Server
AliyunOSS
Content-MD5
2Z08ILWDJEY7iNbPr5P4Yg==
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
x-oss-storage-class
Standard
Connection
keep-alive
x-oss-hash-crc64ecma
281078286795213125
x-oss-server-time
5
bN3-bDb4nrT.css
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
10 KB
3 KB
Stylesheet
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/bN3-bDb4nrT.css
Requested by
Host: whatsapps-zh.com
URL: https://whatsapps-zh.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
b8e0af9b8c88ae7a0da234cb6e60bca744490ced6b2b29f5be0156949977356c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://whatsapps-zh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-oss-object-type
Normal
Date
Mon, 20 Feb 2023 13:08:24 GMT
Content-Encoding
gzip
x-oss-request-id
63F370C822C82A3137684829
Last-Modified
Tue, 10 Jan 2023 05:04:49 GMT
Server
AliyunOSS
Content-MD5
onwWMLbDAl8meU9jTioxwQ==
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
x-oss-storage-class
Standard
Connection
keep-alive
x-oss-hash-crc64ecma
8865632731380820202
x-oss-server-time
5
36B424nhiL4.svg
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
9 KB
9 KB
Image
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/36B424nhiL4.svg
Requested by
Host: whatsapps-zh.com
URL: https://whatsapps-zh.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
7a1bdfa52a52e3efd65feeff5f81b9e537f4b53ff32bbede1036da8e627acb00

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://whatsapps-zh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-oss-object-type
Normal
Date
Mon, 20 Feb 2023 13:08:24 GMT
x-oss-request-id
63F370C80E14E439365F7984
Last-Modified
Tue, 10 Jan 2023 05:04:49 GMT
Server
AliyunOSS
Content-MD5
Qy5SLoD+94kf03dCmsGlSg==
ETag
"432E522E80FEF7891FD377429AC1A54A"
Content-Type
image/svg+xml
x-oss-storage-class
Standard
Connection
keep-alive
Accept-Ranges
bytes
x-oss-hash-crc64ecma
7052859738757986786
Content-Length
8730
x-oss-server-time
4
lOol7j-zq4u.svg
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
3 KB
3 KB
Image
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/lOol7j-zq4u.svg
Requested by
Host: whatsapps-zh.com
URL: https://whatsapps-zh.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
11a571c7b69f2526034b228668c5417149ea804801cf1589de0b8636d286754c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://whatsapps-zh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-oss-object-type
Normal
Date
Mon, 20 Feb 2023 13:08:24 GMT
x-oss-request-id
63F370C8051F68383319F43D
Last-Modified
Tue, 10 Jan 2023 05:04:55 GMT
Server
AliyunOSS
Content-MD5
2dXkKk0VUa69YH/c/L7eJQ==
ETag
"D9D5E42A4D1551AEBD607FDCFCBEDE25"
Content-Type
image/svg+xml
x-oss-storage-class
Standard
Connection
keep-alive
Accept-Ranges
bytes
x-oss-hash-crc64ecma
6655016568637440916
Content-Length
2647
x-oss-server-time
5
199496234_481826579786653_2728461741738467210_n.png
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
22 KB
22 KB
Image
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/199496234_481826579786653_2728461741738467210_n.png
Requested by
Host: whatsapps-zh.com
URL: https://whatsapps-zh.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
736ec0b63c70e29a0dad38ffb5a2f40c1b66062ac2e31ee4c21e43f2890b00e2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://whatsapps-zh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-oss-object-type
Normal
Date
Mon, 20 Feb 2023 13:08:24 GMT
x-oss-request-id
63F370C87E084E3438D938A1
Last-Modified
Tue, 10 Jan 2023 05:04:49 GMT
Server
AliyunOSS
Content-MD5
hT9fnRsQEnINsBVHjpRfXw==
ETag
"853F5F9D1B1012720DB015478E945F5F"
Content-Type
image/png
x-oss-storage-class
Standard
Connection
keep-alive
Accept-Ranges
bytes
x-oss-hash-crc64ecma
16698094351045065108
Content-Length
22083
x-oss-server-time
2
199550118_324755862565614_5691081457398710133_n.png
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
22 KB
22 KB
Image
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/199550118_324755862565614_5691081457398710133_n.png
Requested by
Host: whatsapps-zh.com
URL: https://whatsapps-zh.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
cd899e99d525898009bc4673d29cf38ebdc2ddc6d14bd7263f2c53e322ef2ef4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://whatsapps-zh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-oss-object-type
Normal
Date
Mon, 20 Feb 2023 13:08:24 GMT
x-oss-request-id
63F370C822C82A31370B4A29
Last-Modified
Tue, 10 Jan 2023 05:04:49 GMT
Server
AliyunOSS
Content-MD5
4X8yNa9L2WXcBoW5HAVHLQ==
ETag
"E17F3235AF4BD965DC0685B91C05472D"
Content-Type
image/png
x-oss-storage-class
Standard
Connection
keep-alive
Accept-Ranges
bytes
x-oss-hash-crc64ecma
15385399702402161065
Content-Length
22023
x-oss-server-time
4
web_download.png
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
180 KB
181 KB
Image
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/web_download.png
Requested by
Host: whatsapps-zh.com
URL: https://whatsapps-zh.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
AliyunOSS /
Resource Hash
5e6fe7b4e4981959699752f4dc6ba27d8994ffcb94fbaa32b3f575e89c635347

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://whatsapps-zh.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-oss-object-type
Normal
Date
Mon, 20 Feb 2023 13:08:24 GMT
x-oss-request-id
63F370C80E14E43936DC7A84
Last-Modified
Tue, 10 Jan 2023 05:04:55 GMT
Server
AliyunOSS
Content-MD5
ZdKRcgA0+/cuhF8XMR277Q==
ETag
"65D291720034FBF72E845F17311DBBED"
Content-Type
image/png
x-oss-storage-class
Standard
Connection
keep-alive
Accept-Ranges
bytes
x-oss-hash-crc64ecma
9673241798872127230
Content-Length
184744
x-oss-server-time
6
css.css
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
0
0
Stylesheet
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/css.css
Requested by
Host: top100htmls.oss-cn-hongkong.aliyuncs.com
URL: https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

css1.css
top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/
0
0
Stylesheet
General
Full URL
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/css1.css
Requested by
Host: top100htmls.oss-cn-hongkong.aliyuncs.com
URL: https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
47.75.19.55 Central, Hong Kong, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/css.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://top100htmls.oss-cn-hongkong.aliyuncs.com/0110s/css1.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)