whats-app.support-helper.com Open in urlscan Pro
95.217.26.233  Malicious Activity! Public Scan

79 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response whats-app.support-helper.com/	801 KB 803 KB	148ms 46ms	Document text/html	95.217.26.233 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://whats-app.support-helper.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 95.217.26.233 , Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS static.233.26.217.95.clients.your-server.de Software nginx/1.19.3 / Express Resource Hash 932602d39f5c9514566d09de4b2b2a05258c7df0fa8eeb8392e0614437f66db3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers :method GET :authority whats-app.support-helper.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers server nginx/1.19.3 date Wed, 16 Dec 2020 17:06:22 GMT content-type text/html; charset=UTF-8 content-length 820670 x-powered-by Express access-control-allow-origin * accept-ranges bytes cache-control public, max-age=0 last-modified Wed, 16 Dec 2020 16:48:41 GMT etag W/"c85be-1766c742a28" strict-transport-security max-age=31536000
GET H2	200	jquery-3.5.1.min.js Show response code.jquery.com/	87 KB 30 KB	33ms 15ms	Script application/javascript	2001:4de0:ac19::1:b:1b HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.5.1.min.js Requested by Host: whats-app.support-helper.com URL: https://whats-app.support-helper.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US), Reverse DNS Software nginx / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Request headers Origin https://whats-app.support-helper.com Referer https://whats-app.support-helper.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 16 Dec 2020 17:06:22 GMT content-encoding gzip last-modified Mon, 04 May 2020 23:02:39 GMT server nginx etag W/"5eb09f0f-15d84" vary Accept-Encoding x-hw 1608138382.dop237.fr8.t,1608138382.cds208.fr8.hc,1608138382.cds142.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30879
GET H2	200	bootstrap.min.js Show response stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/	59 KB 16 KB	392ms 31ms	Script text/javascript	209.197.3.15 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js Requested by Host: whats-app.support-helper.com URL: https://whats-app.support-helper.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS vip0x00f.map2.ssl.hwcdn.net Software / Resource Hash 5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548 Security Headers Name Value X-Content-Type-Options nosniff Request headers Origin https://whats-app.support-helper.com Referer https://whats-app.support-helper.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 16 Dec 2020 17:06:22 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 28 Nov 2019 17:52:52 GMT etag "1574963572" vary Accept-Encoding x-cache HIT content-type text/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes timing-allow-origin * content-length 15919
GET H2	200	css fonts.googleapis.com/	2 KB 636 B	16ms 15ms	Stylesheet text/css	2a00:1450:4001:802::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto Requested by Host: whats-app.support-helper.com URL: https://whats-app.support-helper.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash c68d781eeb01bd19249e5301c2e13974cf71f00e32efe05c043b14142c0d2a00 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://whats-app.support-helper.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 16 Dec 2020 15:29:19 GMT server ESF date Wed, 16 Dec 2020 17:06:22 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 16 Dec 2020 17:06:22 GMT
GET H2	200	api:client.js Show response apis.google.com/js/	12 KB 6 KB	49ms 27ms	Script application/javascript	2a00:1450:4001:81a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/js/api:client.js Requested by Host: whats-app.support-helper.com URL: https://whats-app.support-helper.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 83003b61840cc855426538742d338fce1ac70fd3f12277a6b55c5ae5cad4308d Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-1z43cthoT8mrMIbjNV5vug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://whats-app.support-helper.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 16 Dec 2020 17:06:22 GMT content-encoding gzip x-content-type-options nosniff p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 x-ua-compatible IE=edge, chrome=1 server ESF x-frame-options SAMEORIGIN etag "eec6049337ac9445ed5ad2fd3b61a331" strict-transport-security max-age=31536000 content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control private, max-age=1800, stale-while-revalidate=1800 content-security-policy script-src 'report-sample' 'nonce-1z43cthoT8mrMIbjNV5vug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport timing-allow-origin * expires Wed, 16 Dec 2020 17:06:22 GMT
GET H2	200	axios.min.js Show response cdnjs.cloudflare.com/ajax/libs/axios/0.21.0/	14 KB 5 KB	30ms 13ms	Script application/javascript	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/axios/0.21.0/axios.min.js Requested by Host: whats-app.support-helper.com URL: https://whats-app.support-helper.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 38f9f561f70487d5b6a701758924bec83934f7db588fea654ab092e84b1af4d0 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Origin https://whats-app.support-helper.com Referer https://whats-app.support-helper.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 16 Dec 2020 17:06:22 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 1087520 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 4405 cf-request-id 070e1d74e20000d721a2b24000000001 timing-allow-origin * last-modified Fri, 23 Oct 2020 16:44:19 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5f930863-379d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nQteEDMLfHMbf%2FmzbRb2bfwdbK0ZEHaKbQVI9H%2BJfC%2FTZPsrTD3uXDot7ClMpm7KZI4kZoeWgi6QHVOPzY1QVjp5T56H8rP2qmeyJlA2vwwQBu9F7UHH0mt3dihUQjqF5A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6029fe9b08fdd721-FRA expires Mon, 06 Dec 2021 17:06:22 GMT
GET H2	200	utils.js Show response whats-app.support-helper.com/assets/	3 KB 3 KB	102ms 101ms	Script application/javascript	95.217.26.233 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://whats-app.support-helper.com/assets/utils.js Requested by Host: whats-app.support-helper.com URL: https://whats-app.support-helper.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 95.217.26.233 , Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS static.233.26.217.95.clients.your-server.de Software nginx/1.19.3 / Express Resource Hash dac06b28ce7dd0b087bdf63aefe2548f408e51fae7b1d9e04babeede6505a17e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://whats-app.support-helper.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 16 Dec 2020 17:06:22 GMT last-modified Wed, 16 Dec 2020 15:51:57 GMT server nginx/1.19.3 x-powered-by Express etag W/"ccb-1766c403948" strict-transport-security max-age=31536000 content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=0 accept-ranges bytes content-length 3275
GET H3-Q050	200	cb=gapi.loaded_0 Show response apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.sazTpAB7NWc.O/m=client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMGRnMhese6OTxesnN0rDvhruAGIg/	301 KB 103 KB	27ms 13ms	Script text/javascript	2a00:1450:4001:81a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.sazTpAB7NWc.O/m=client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMGRnMhese6OTxesnN0rDvhruAGIg/cb=gapi.loaded_0 Requested by Host: apis.google.com URL: https://apis.google.com/js/api:client.js Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5be97a7efbb7091c7252d84339c2008c0e66a41b233831fbd53122f42b2444b4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://whats-app.support-helper.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 16 Dec 2020 06:10:31 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 19 Nov 2020 17:03:00 GMT server sffe age 39351 vary Accept-Encoding, Origin content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 104873 x-xss-protection 0 expires Thu, 16 Dec 2021 06:10:31 GMT
GET H3-Q050	200	cb=gapi.loaded_1 Show response apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.sazTpAB7NWc.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMGRnMhese6OTxesnN0rDvhruAGIg/	71 B 156 B	27ms 16ms	Script text/javascript	2a00:1450:4001:81a::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.sazTpAB7NWc.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMGRnMhese6OTxesnN0rDvhruAGIg/cb=gapi.loaded_1 Requested by Host: apis.google.com URL: https://apis.google.com/js/api:client.js Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 586a4abfe9225dbb5521b32799d3b346da9e997452fec205a0812a360dd470ab Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://whats-app.support-helper.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 12 Dec 2020 21:08:34 GMT x-content-type-options nosniff last-modified Thu, 19 Nov 2020 17:03:00 GMT server sffe age 331068 vary Origin content-type text/javascript; charset=UTF-8 cache-control public, immutable, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 71 x-xss-protection 0 expires Sun, 12 Dec 2021 21:08:34 GMT
GET H2	200	-r3j-x8ZnM7.svg whats-app.support-helper.com/	5 KB 5 KB	48ms 48ms	Image image/svg+xml	95.217.26.233 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://whats-app.support-helper.com/-r3j-x8ZnM7.svg Requested by Host: whats-app.support-helper.com URL: https://whats-app.support-helper.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 95.217.26.233 , Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS static.233.26.217.95.clients.your-server.de Software nginx/1.19.3 / Express Resource Hash 4c38e1097b864a873243dee54c73acca2dbcfd48112e5afde26973b627b40835 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://whats-app.support-helper.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 16 Dec 2020 17:06:23 GMT last-modified Mon, 14 Dec 2020 10:30:57 GMT server nginx/1.19.3 x-powered-by Express etag W/"1323-17660cd9ee8" strict-transport-security max-age=31536000 content-type image/svg+xml access-control-allow-origin * cache-control public, max-age=0 accept-ranges bytes content-length 4899
GET H2	200	KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 fonts.gstatic.com/s/roboto/v20/	11 KB 11 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:825::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://whats-app.support-helper.com Referer https://fonts.googleapis.com/css?family=Roboto User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 15 Dec 2020 17:20:25 GMT x-content-type-options nosniff last-modified Wed, 24 Jul 2019 01:18:50 GMT server sffe age 85557 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 11016 x-xss-protection 0 expires Wed, 15 Dec 2021 17:20:25 GMT
GET H2	200	iframe accounts.google.com/o/oauth2/ Frame 5D58	0 0	60ms 40ms	Document text/html	2a00:1450:4001:81f::200d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://accounts.google.com/o/oauth2/iframe Requested by Host: apis.google.com URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.sazTpAB7NWc.O/m=client/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCMGRnMhese6OTxesnN0rDvhruAGIg/cb=gapi.loaded_0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81f::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-YDIfTt3h5OUrOG2NJZM5kg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport X-Xss-Protection 0 Request headers :method GET :authority accounts.google.com :scheme https :path /o/oauth2/iframe pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://whats-app.support-helper.com/ accept-encoding gzip, deflate, br accept-language en-US cookie NID=205=DgWpFFyJ6Jk50YZurRQBM40TC_x63z680Q3WcwBxy52c2tBxNfhTXj242TKOI1hMdFTPZeGcorDIWwyVpUDk6T7IbUsQUnrDkHFJa-4dLNAanMHyHSjWXsdq0D487IPjf35dC0A6qpgzi_2owGeloygFYi0DgH6U4x87koKBSgg Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://whats-app.support-helper.com/ Response headers content-type text/html; charset=utf-8 cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache expires Mon, 01 Jan 1990 00:00:00 GMT date Wed, 16 Dec 2020 17:06:23 GMT content-language en-US content-security-policy script-src 'report-sample' 'nonce-YDIfTt3h5OUrOG2NJZM5kg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport content-encoding gzip server ESF x-xss-protection 0 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated number| _cstart function| $ function| jQuery object| bootstrap object| gapi object| ___jsl function| axios function| download function| openDialog function| getFile function| filenameFromContentDispositionHeader function| downloadFile object| googleUser function| startApp function| attachSignin function| envFlush object| Env number| __DEV__ function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer function| getErrorSafe object| ErrorGuard object| ErrorUtils function| Arbiter object| JSCC function| ge object| Parent object| gadgets object| osapi object| shindig object| googleapis object| oauth2 object| iframer object| __gapi_jstiming__ function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| auth2

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.google.com/	1970-01-19 19:05:49	Name: NID Value: 205=DgWpFFyJ6Jk50YZurRQBM40TC_x63z680Q3WcwBxy52c2tBxNfhTXj242TKOI1hMdFTPZeGcorDIWwyVpUDk6T7IbUsQUnrDkHFJa-4dLNAanMHyHSjWXsdq0D487IPjf35dC0A6qpgzi_2owGeloygFYi0DgH6U4x87koKBSgg
			.whats-app.support-helper.com/	1978-01-11 21:30:57	Name: G_ENABLED_IDPS Value: google

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://whats-app.support-helper.com/(Line 47) Message: customBtn

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
apis.google.com
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
stackpath.bootstrapcdn.com
whats-app.support-helper.com
2001:4de0:ac19::1:b:1b
209.197.3.15
2606:4700::6810:135e
2a00:1450:4001:802::200a
2a00:1450:4001:81a::200e
2a00:1450:4001:81f::200d
2a00:1450:4001:825::2003
95.217.26.233
38f9f561f70487d5b6a701758924bec83934f7db588fea654ab092e84b1af4d0
4c38e1097b864a873243dee54c73acca2dbcfd48112e5afde26973b627b40835
586a4abfe9225dbb5521b32799d3b346da9e997452fec205a0812a360dd470ab
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548
5be97a7efbb7091c7252d84339c2008c0e66a41b233831fbd53122f42b2444b4
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
83003b61840cc855426538742d338fce1ac70fd3f12277a6b55c5ae5cad4308d
932602d39f5c9514566d09de4b2b2a05258c7df0fa8eeb8392e0614437f66db3
c68d781eeb01bd19249e5301c2e13974cf71f00e32efe05c043b14142c0d2a00
dac06b28ce7dd0b087bdf63aefe2548f408e51fae7b1d9e04babeede6505a17e
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d