newgrubwhatsapp.cf Open in urlscan Pro
13.88.0.150  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response newgrubwhatsapp.cf/	244 KB 41 KB	683ms 216ms	Document text/html	13.88.0.150 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL http://newgrubwhatsapp.cf/ Protocol HTTP/1.1 Server 13.88.0.150 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software LiteSpeed / Resource Hash 88500544c496f384c1267b3ee7803f5460c3fe18a7f05fe831e50ea7f2801e70 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers Connection Keep-Alive Keep-Alive timeout=5, max=100 content-type text/html; charset=UTF-8 transfer-encoding chunked content-encoding gzip vary Accept-Encoding date Sat, 25 Dec 2021 12:09:13 GMT server LiteSpeed
GET H2	200	2pHP5xrv6KN.css static.xx.fbcdn.net/rsrc.php/v3/yU/l/0,cross/	7 KB 2 KB	16ms 4ms	Stylesheet text/css	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yU/l/0,cross/2pHP5xrv6KN.css?_nc_x=Ij3Wp8lg5Kz Requested by Host: newgrubwhatsapp.cf URL: http://newgrubwhatsapp.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b980336ae6233c5b062fbc04d7112da80a6e3228b6489db13916e39c5106dedf Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://newgrubwhatsapp.cf/ Origin http://newgrubwhatsapp.cf Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 3OzNsfaCpGEIjp3wejfhlQ== document-policy force-load-at-top content-security-policy-report-only default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 1506 x-fb-rlafr 0 x-fb-debug kAF0dLwKjca32RIDbvelJrAf6hd6vTKiuIQ8Mnb0us82VCytfMnJEI2pplbT/nC+JbiWe1jmse5OL8JslgQQHQ== x-fb-trip-id 382461245 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Thu, 15 Dec 2022 22:45:34 GMT
GET H2	200	5B9R2lqywN1.css static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/	222 KB 25 KB	16ms 5ms	Stylesheet text/css	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/5B9R2lqywN1.css?_nc_x=Ij3Wp8lg5Kz Requested by Host: newgrubwhatsapp.cf URL: http://newgrubwhatsapp.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aaaa91bf7302b83b221c535c5311967433c2fabd2ed78b8bcad80046290cac2a Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://newgrubwhatsapp.cf/ Origin http://newgrubwhatsapp.cf Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 SGGSxt5/NMMJ2Fec6jYR1Q== document-policy force-load-at-top content-security-policy-report-only default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 25566 x-fb-rlafr 0 x-fb-debug x9YGPd4MkQegr+cbUI3Nw/CjD4zqzB5+akBaISGQzQoXQoZKx7selOmxEwi2Zb3TJqIr92rl/jR5Pk+E3OtzwA== x-fb-trip-id 382461245 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Fri, 16 Dec 2022 00:27:23 GMT
GET H2	200	zOdqciBFLvK.css static.xx.fbcdn.net/rsrc.php/v3/yl/l/0,cross/	10 KB 3 KB	17ms 6ms	Stylesheet text/css	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yl/l/0,cross/zOdqciBFLvK.css?_nc_x=Ij3Wp8lg5Kz Requested by Host: newgrubwhatsapp.cf URL: http://newgrubwhatsapp.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 098887bcea6e0da18953353b86885342ac5d46793a83e2360dbebfdf2148c5a6 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://newgrubwhatsapp.cf/ Origin http://newgrubwhatsapp.cf Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 GNE1+FS9qS7hs/52Z3/Ekg== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 2655 x-fb-rlafr 0 x-fb-debug i0Uayh9bihcCD7xSdy9oY/1jS2jaCFHtEwbi3SMfDdul2E0dzNFlafdQufLrOOK1itS3dOjGxhV3mMtgt1Z69Q== x-fb-trip-id 382461245 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Thu, 22 Dec 2022 02:40:34 GMT
GET H2	200	28bZN702Ikw.css static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/	745 B 724 B	15ms 4ms	Stylesheet text/css	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/28bZN702Ikw.css?_nc_x=Ij3Wp8lg5Kz Requested by Host: newgrubwhatsapp.cf URL: http://newgrubwhatsapp.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 7ee108ce2fd052caa06a711abe8287fb29e0022e482a646ebca7d18727cc56a6 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://newgrubwhatsapp.cf/ Origin http://newgrubwhatsapp.cf Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 hGa8h1R3nwGG/FmFVUILMA== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 272 x-fb-rlafr 0 x-fb-debug A9CEY9n79bqym2h3TaD4YyTIpBy713Z14bCE0ra8RTvuhEG417JdPqyYlA7BCPBwABSVkyizWgXIp3NUKlNe+w== x-fb-trip-id 382461245 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * expires Thu, 15 Dec 2022 23:11:33 GMT
GET H2	200	7n_BeVS2Sch.js Show response static.xx.fbcdn.net/rsrc.php/v3/yI/r/	306 KB 83 KB	17ms 6ms	Script application/x-javascript	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/7n_BeVS2Sch.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: newgrubwhatsapp.cf URL: http://newgrubwhatsapp.cf/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b59d883c46b6715220b0c2cab3d4e3d8c3a4a5709b8fecaa88d316f2e7b6af13 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://newgrubwhatsapp.cf/ Origin http://newgrubwhatsapp.cf Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 FM4XKoLy4hPVduMGp/G6Ug== document-policy force-load-at-top content-security-policy-report-only default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 84357 x-fb-rlafr 0 x-fb-debug TmJdHi1kyIh3p9ILdQGuN7bFElNIYZmlbPPIS4WIYtvXNb/ErZNMjEN8DEe9HBylfgIOufwrkAxeMelD9pacdw== x-fb-trip-id 382461245 last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Fri, 16 Dec 2022 00:27:10 GMT
GET H3	200	36B424nhiL4.svg static.xx.fbcdn.net/rsrc.php/ym/r/	9 KB 3 KB	7ms 3ms	Image image/svg+xml	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://static.xx.fbcdn.net/rsrc.php/ym/r/36B424nhiL4.svg Requested by Host: newgrubwhatsapp.cf URL: http://newgrubwhatsapp.cf/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 708f4f787db19dcb4cca817e1c38fba2baf0216b092c90d59648464791d57abb Security Headers Name Value Content-Security-Policy default-src data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://newgrubwhatsapp.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers content-security-policy default-src data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; content-encoding br x-content-type-options nosniff content-md5 4iKO8q+In3Sl/CFIcSZsgA== document-policy force-load-at-top content-security-policy-report-only default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 3307 x-xss-protection 0 x-fb-debug +nQR/lvYQ55eFe99GuWt2bwlfs1d1PT9hiEsFpz9gudZkZT30b2Rdw/L/DIghRfpgc8NiTWH7eRewj5zJEOjIQ== last-modified Mon, 01 Jan 2001 08:00:00 GMT date Sat, 25 Dec 2021 12:09:13 GMT vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public,max-age=31536000,immutable x-fb-rlafr 0 timing-allow-origin * priority u=3,i expires Fri, 23 Dec 2022 05:16:50 GMT
GET H3	200	lOol7j-zq4u.svg static.xx.fbcdn.net/rsrc.php/yz/r/	3 KB 1 KB	5ms 4ms	Image image/svg+xml	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://static.xx.fbcdn.net/rsrc.php/yz/r/lOol7j-zq4u.svg Requested by Host: newgrubwhatsapp.cf URL: http://newgrubwhatsapp.cf/ Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://newgrubwhatsapp.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 vQiA34i6I9zhuN5oMyk4pQ== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 1145 x-xss-protection 0 x-fb-debug HkB/WGW0c3aAUzdR7WPS7wMNgOjN/FuoFZCrpWmA5Mke+FbyNBVGspdPFkX+OFXFAZm+SAAre/7BeqYxlwtkow== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * cache-control public,max-age=31536000,immutable x-fb-rlafr 0 timing-allow-origin * priority u=3,i expires Fri, 23 Dec 2022 04:44:31 GMT
GET H3	200	ioxK2Ojkb1E.js Show response static.xx.fbcdn.net/rsrc.php/v3/ys/r/	6 KB 2 KB	11ms 7ms	Script application/x-javascript	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/ioxK2Ojkb1E.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: static.xx.fbcdn.net URL: https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/7n_BeVS2Sch.js?_nc_x=Ij3Wp8lg5Kz Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 9b64a5b128eda6b44c3703ad43fd34789d7e2f460953c5c862418bce96aecaa7 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://newgrubwhatsapp.cf/ Origin http://newgrubwhatsapp.cf Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 zEQWCgC/jgu2oSpjJY1/7g== document-policy force-load-at-top content-security-policy-report-only default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 2088 x-fb-rlafr 0 x-fb-debug lTZHi0M7qTvytnLg7uzHMrFGryPdQchGBtQqxOlWd7jyPE+zqv6cB/cNedgv3g18qfCGpwdOJbjfsBtxNR57NA== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Fri, 23 Dec 2022 16:07:26 GMT
GET H/1.1	200 OK	group.jpeg newgrubwhatsapp.cf/img/	76 KB 76 KB	106ms 106ms	Image image/jpeg	13.88.0.150 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL http://newgrubwhatsapp.cf/img/group.jpeg Requested by Host: newgrubwhatsapp.cf URL: http://newgrubwhatsapp.cf/ Protocol HTTP/1.1 Server 13.88.0.150 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software LiteSpeed / Resource Hash 47e3f073cb3c4dbdc992eaca862588dca76e4df97196b88d229fb44c6abd3b65 Request headers Accept-Language jp-JP,jp;q=0.9 Referer http://newgrubwhatsapp.cf/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT last-modified Mon, 20 Dec 2021 00:00:46 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 Connection Keep-Alive accept-ranges bytes Keep-Alive timeout=5, max=100 content-length 77785 expires Sat, 01 Jan 2022 12:09:13 GMT
GET H3	200	URSNyudEoKP.js Show response static.xx.fbcdn.net/rsrc.php/v3/yG/r/	36 KB 12 KB	3ms 3ms	Script application/x-javascript	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/URSNyudEoKP.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: static.xx.fbcdn.net URL: https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/7n_BeVS2Sch.js?_nc_x=Ij3Wp8lg5Kz Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash d7a2670dfc68f523a482b75b9ce678360522fab8b21ab403ce05dba31f4e21c8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://newgrubwhatsapp.cf/ Origin http://newgrubwhatsapp.cf Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 DcQHhlEmJ6DiCbTmMEh5Jg== document-policy force-load-at-top content-security-policy-report-only default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 11748 x-fb-rlafr 0 x-fb-debug VApfELMCM7EW6td7cvBlQSUMsToG4wwVHk0o4FIr7bST5fvwL6wrZkQOie6ab9z8PfRYJRWF7rvo99XN2iaeLg== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Thu, 15 Dec 2022 17:02:38 GMT
GET H3	200	d623pSa5MoD.js Show response static.xx.fbcdn.net/rsrc.php/v3i7M54/yU/l/en_US/	75 KB 20 KB	4ms 4ms	Script application/x-javascript	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yU/l/en_US/d623pSa5MoD.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: static.xx.fbcdn.net URL: https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/7n_BeVS2Sch.js?_nc_x=Ij3Wp8lg5Kz Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 38d392e0f6e9b87785fb7d397d2b6e90733e1e7554b8f13025fcf3e587867636 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://newgrubwhatsapp.cf/ Origin http://newgrubwhatsapp.cf Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 r4sOrVKynY7jKZk8F0Kmew== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 20132 x-fb-rlafr 0 x-fb-debug suECX3xp1WtQBKUm2XJnar3V+8JRtAH1uq7f28g83rraKlSo4LrkSox7nCmu7kUOP0Dl77/HgWLq0vtmYXb+7g== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Thu, 22 Dec 2022 02:40:35 GMT
GET H3	200	VdSN32O1rVd.js Show response static.xx.fbcdn.net/rsrc.php/v3iqES4/y1/l/en_US/	87 KB 26 KB	5ms 5ms	Script application/x-javascript	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3iqES4/y1/l/en_US/VdSN32O1rVd.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: static.xx.fbcdn.net URL: https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/7n_BeVS2Sch.js?_nc_x=Ij3Wp8lg5Kz Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ba89e569b44651f8a4c2bb2d9cacab5f53c9a02432826c71dd981db64317b506 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://newgrubwhatsapp.cf/ Origin http://newgrubwhatsapp.cf Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 atF2SpgaKfv1xfIVhGXNyw== document-policy force-load-at-top content-security-policy-report-only default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 26333 x-fb-rlafr 0 x-fb-debug TCW1c5GIBxRrO4U1ThAdkEuXtPBCDbpJ2jOKoXqz21oWPcUoV4ky6qfRTn/wDmwsJboGY/EvPuLuRjXaf+Ho5A== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Fri, 16 Dec 2022 00:17:17 GMT
GET H3	200	cN-N4Eu_deZ.js Show response static.xx.fbcdn.net/rsrc.php/v3/yv/r/	7 KB 2 KB	4ms 3ms	Script application/x-javascript	2a03:2880:f00f:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/cN-N4Eu_deZ.js?_nc_x=Ij3Wp8lg5Kz Requested by Host: static.xx.fbcdn.net URL: https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/7n_BeVS2Sch.js?_nc_x=Ij3Wp8lg5Kz Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f00f:8:face:b00c:0:1 Tokyo, Japan, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 095eceabca5358699a8efc64f4e44b27576d45c2ab864f1f50c3401676f9a827 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer http://newgrubwhatsapp.cf/ Origin http://newgrubwhatsapp.cf Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sat, 25 Dec 2021 12:09:13 GMT content-encoding br x-content-type-options nosniff content-md5 XkHzn1WHKMxOAJmWI3FJ7A== document-policy force-load-at-top content-security-policy-report-only default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script'; cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=3600,h3-29=":443"; ma=3600 content-length 2277 x-fb-rlafr 0 x-fb-debug G/huSc2pxrCY0SHd7a79yCySyIcra5M34o1IyVPIZfF9g2ivxUzEzTI2cBQNbgGaCD/yn+CiOCNfMCoa5ah17A== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * cache-control public,max-age=31536000,immutable timing-allow-origin * priority u=3,i expires Thu, 15 Dec 2022 03:26:22 GMT
POST H/1.1	404 Not Found	bz Show response newgrubwhatsapp.cf/ajax/	1 KB 1 KB	106ms 106ms	XHR text/html	13.88.0.150 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL http://newgrubwhatsapp.cf/ajax/bz?__a=1&__ccg=UNKNOWN&__comet_req=0&__csr=&__dyn=7wKBwjbg7ebwKBWo5O12wAxu13w8CewSwMxW0SUhw5cx60Vo1upE4W0OE2Wwce0yE1Vrzo5-0me220qu0SU2swdq0Ho2ew4Kw6iyE158&__hs=18975.BP%3Awhatsapp_www_pkg.2.0.0.0.&__hsi=7041588725475861312-0&__req=1&__rev=1004863141&__s=2cqx1l%3Am7mpju%3Ag8hcnf&__user=0&dpr=1&jazoest=21887&lsd=PkvR34Lx7F28V7OgXjmooz Requested by Host: static.xx.fbcdn.net URL: https://static.xx.fbcdn.net/rsrc.php/v3iqES4/y1/l/en_US/VdSN32O1rVd.js?_nc_x=Ij3Wp8lg5Kz Protocol HTTP/1.1 Server 13.88.0.150 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software LiteSpeed / Resource Hash 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807 Request headers Referer http://newgrubwhatsapp.cf/ Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Content-Type multipart/form-data; boundary=----WebKitFormBoundary6XI3t5iURBWiqUgk Response headers pragma no-cache date Sat, 25 Dec 2021 12:09:14 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 server LiteSpeed Connection close content-length 1238 content-type text/html

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| _cstart function| envFlush object| Env number| __DEV__ function| CavalryLogger function| __annotator function| __bodyWrapper function| __t function| __w function| emptyFunction function| FB_enumerate function| __m object| babelHelpers function| define function| require function| importDefault function| importNamespace function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ function| getErrorSafe object| ErrorGuard object| ErrorSerializer object| ErrorUtils function| Arbiter object| JSCC function| $ function| ge object| Parent object| TimeSlice function| goURI object| Bootloader object| PageEvents function| _domcontentready function| onloadRegister_DEPRECATED function| onloadRegister function| onafterloadRegister_DEPRECATED function| onafterloadRegister function| onleaveRegister function| onbeforeunloadRegister function| onunloadRegister function| $E number| __bigPipeFactory string| _script_path object| onloadhooks function| now_inl number| __bigPipeFR number| __bigPipeCtor object| bigPipe object| PageHooks function| _domreadyHook function| _onloadHook function| runHook function| runHooks function| keep_window_set_as_loaded object| domreadyhooks function| AsyncRequest object| onbeforeunloadhooks boolean| domready object| __FB_STORE object| onafterunloadhooks object| onunloadhooks boolean| loaded

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://newgrubwhatsapp.cf/ajax/bz?__a=1&__ccg=UNKNOWN&__comet_req=0&__csr=&__dyn=7wKBwjbg7ebwKBWo5O12wAxu13w8CewSwMxW0SUhw5cx60Vo1upE4W0OE2Wwce0yE1Vrzo5-0me220qu0SU2swdq0Ho2ew4Kw6iyE158&__hs=18975.BP%3Awhatsapp_www_pkg.2.0.0.0.&__hsi=7041588725475861312-0&__req=1&__rev=1004863141&__s=2cqx1l%3Am7mpju%3Ag8hcnf&__user=0&dpr=1&jazoest=21887&lsd=PkvR34Lx7F28V7OgXjmooz Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

newgrubwhatsapp.cf
static.xx.fbcdn.net
13.88.0.150
2a03:2880:f00f:8:face:b00c:0:1
095eceabca5358699a8efc64f4e44b27576d45c2ab864f1f50c3401676f9a827
098887bcea6e0da18953353b86885342ac5d46793a83e2360dbebfdf2148c5a6
38d392e0f6e9b87785fb7d397d2b6e90733e1e7554b8f13025fcf3e587867636
47e3f073cb3c4dbdc992eaca862588dca76e4df97196b88d229fb44c6abd3b65
533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
708f4f787db19dcb4cca817e1c38fba2baf0216b092c90d59648464791d57abb
7ee108ce2fd052caa06a711abe8287fb29e0022e482a646ebca7d18727cc56a6
88500544c496f384c1267b3ee7803f5460c3fe18a7f05fe831e50ea7f2801e70
9b64a5b128eda6b44c3703ad43fd34789d7e2f460953c5c862418bce96aecaa7
aaaa91bf7302b83b221c535c5311967433c2fabd2ed78b8bcad80046290cac2a
b59d883c46b6715220b0c2cab3d4e3d8c3a4a5709b8fecaa88d316f2e7b6af13
b980336ae6233c5b062fbc04d7112da80a6e3228b6489db13916e39c5106dedf
ba89e569b44651f8a4c2bb2d9cacab5f53c9a02432826c71dd981db64317b506
d7a2670dfc68f523a482b75b9ce678360522fab8b21ab403ce05dba31f4e21c8