Report - whatsapp-sa.com/

Report Overview

Submitted URL
whatsapp-sa.com/
IP
5.196.114.203
ASN
#16276 OVH SAS
Submitted
2024-04-16 17:02:06
Access
public
Website Title
Whatsapp
Final URL
whatsapp-sa.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-16	436 B	3.9 kB	142.250.74.106
whatsapp-sa.com	unknown	2021-04-24	2021-04-24	2024-02-25	1.6 kB	4.7 kB	5.196.114.203
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-16	1.0 kB	80 kB	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	whatsapp-sa.com/	WhatsApp
2024-04-16	medium	whatsapp-sa.com/	WhatsApp

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

whatsapp-sa.com/

5.196.114.203

200 OK

1.9 kB

URL User Request GET HTTP/1.1
whatsapp-sa.com/
IP
5.196.114.203:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectwhatsapp-sa.com
Fingerprint89:D2:0E:A0:5A:0A:C1:20:88:E3:4B:F2:40:21:2F:AF:BA:60:97:EA
ValidityTue, 27 Feb 2024 05:41:22 GMT - Mon, 27 May 2024 05:41:21 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
1.9 kB (1855 bytes)
Hash
33241a5045d819ae6d1d348c9b756c31
991915509ba2d51dcde01339fb67de866759edd4
1e96ffcfe73743d372390613c5e30dd253c6d75f4bb7001b9da8250782e90e6a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET / HTTP/1.1
Host: whatsapp-sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 16 Apr 2024 17:01:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ijg0NmFxeHhOWHczelpNaE9vVk1LZFE9PSIsInZhbHVlIjoidWxZaWRyRmlySkZJd0FCcjlxTFJQTUlSWlRqZ2cvbkkwbkFnYVVvR0NYTHdBb2FubGdZM3VWNlpBSCtLYXBnWHEvNm5Ga3pIc1hTRGdQNi9OSXFtQUh3emVNMlBYNGtVVytTWjNoSDdCVnpvdVVzS3JMeHdXRWI0bTg1MnFZUWkiLCJtYWMiOiIxZDVkZjhiMDM4NzY5NDA0NjRjNDllNWQ0YTUzNWY4ZjEwYjYwN2YzY2Q3ODM5ZmQxYTMwY2U5ZDQ4Y2ZmODk0In0%3D; expires=Wed, 17-Apr-2024 05:01:41 GMT; Max-Age=43200; path=/; samesite=lax
whatsapp_session=eyJpdiI6Im9xRzVlSVdMMnlLb2xpQTU2SnRnT3c9PSIsInZhbHVlIjoidXV1bUc0L0tERndpVUpSMjJaSnBBQzlmamxqN2Q0b1Jub3ErNFF0d09uV2FiaXV5Slo4LzhrMGtJQXl0OFN5TVJyNDdudytNeWtIR1p4M3NON1dBRXdBYWlVcFM1WWpHSHNKd0tNNXM4V2h1YUtoNU1kRFFlZmRYQTBmQ0FxY3YiLCJtYWMiOiJhMGRkMjdiYWUxOTcxYWM0ZDdmMjE1YzRjZGVhODMwNWZkZWYyYjY1NzZlMGEwZjY5ZDlkNjg2OGNjY2ZhYzBhIn0%3D; expires=Wed, 17-Apr-2024 05:01:41 GMT; Max-Age=43200; path=/; httponly; samesite=lax

whatsapp-sa.com/favicon.ico

5.196.114.203

404 Not Found

1.6 kB

URL GET HTTP/1.1
whatsapp-sa.com/favicon.ico
IP
5.196.114.203:443
ASN
#16276 OVH SAS

Requested by
https://whatsapp-sa.com/
Certificate
IssuerLet's Encrypt
Subjectwhatsapp-sa.com
Fingerprint89:D2:0E:A0:5A:0A:C1:20:88:E3:4B:F2:40:21:2F:AF:BA:60:97:EA
ValidityTue, 27 Feb 2024 05:41:22 GMT - Mon, 27 May 2024 05:41:21 GMT

File type
HTML document, ASCII text
Size
1.6 kB (1552 bytes)
Hash
47172e62787300b279ae2e1d21763c81
8bc8206ab37105da07312f4d39d8e57cc9763e00
258682bcb3d7d927aaf47bfe1c01788db1f0cda4bf2240001e5e7408a6f559ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: whatsapp-sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://whatsapp-sa.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ijg0NmFxeHhOWHczelpNaE9vVk1LZFE9PSIsInZhbHVlIjoidWxZaWRyRmlySkZJd0FCcjlxTFJQTUlSWlRqZ2cvbkkwbkFnYVVvR0NYTHdBb2FubGdZM3VWNlpBSCtLYXBnWHEvNm5Ga3pIc1hTRGdQNi9OSXFtQUh3emVNMlBYNGtVVytTWjNoSDdCVnpvdVVzS3JMeHdXRWI0bTg1MnFZUWkiLCJtYWMiOiIxZDVkZjhiMDM4NzY5NDA0NjRjNDllNWQ0YTUzNWY4ZjEwYjYwN2YzY2Q3ODM5ZmQxYTMwY2U5ZDQ4Y2ZmODk0In0%3D; whatsapp_session=eyJpdiI6Im9xRzVlSVdMMnlLb2xpQTU2SnRnT3c9PSIsInZhbHVlIjoidXV1bUc0L0tERndpVUpSMjJaSnBBQzlmamxqN2Q0b1Jub3ErNFF0d09uV2FiaXV5Slo4LzhrMGtJQXl0OFN5TVJyNDdudytNeWtIR1p4M3NON1dBRXdBYWlVcFM1WWpHSHNKd0tNNXM4V2h1YUtoNU1kRFFlZmRYQTBmQ0FxY3YiLCJtYWMiOiJhMGRkMjdiYWUxOTcxYWM0ZDdmMjE1YzRjZGVhODMwNWZkZWYyYjY1NzZlMGEwZjY5ZDlkNjg2OGNjY2ZhYzBhIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 16 Apr 2024 17:01:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, private

fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.74.163

200 OK

39 kB

URL GET HTTP/2
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://whatsapp-sa.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://whatsapp-sa.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 04:30:40 GMT
expires: Wed, 16 Apr 2025 04:30:40 GMT
cache-control: public, max-age=31536000
age: 45061
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

142.250.74.163

200 OK

39 kB

URL GET HTTP/2
fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://whatsapp-sa.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 39124, version 1.0
Size
39 kB (39124 bytes)
Hash
86b73ab5f530be7984b704414f2a711d
8e297794ed7b6f5ea476d14b5270df12e8f3e42a
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

HTTP Headers

GET /s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://whatsapp-sa.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 39124
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 04:30:40 GMT
expires: Wed, 16 Apr 2025 04:30:40 GMT
cache-control: public, max-age=31536000
age: 45061
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Nunito:200,600

142.250.74.106

200 OK

3.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Nunito:200,600
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://whatsapp-sa.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (3388), with no line terminators
Size
3.3 kB (3308 bytes)
Hash
3490a5adb3b199f8835bb7d4206a57c8
3af402730e5c2a2fc42f23eff107d4e8c33fc4b4
26bba67b4929162c59218f1d8f07519159262f0986540e7cf3673a418e29bfb5

HTTP Headers

GET /css?family=Nunito:200,600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://whatsapp-sa.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 16 Apr 2024 17:01:41 GMT
date: Tue, 16 Apr 2024 17:01:41 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (5)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers