what-whatsapp.cyou Open in urlscan Pro
47.246.50.208 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://what-whatsapp.cyou/
Submission: On September 06 via automatic, source certstream-suspicious (September 6th 2024, 9:22:41 pm UTC) — Scanned from FR

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 47.246.50.208, located in Paris, France and belongs to TAOBAO Zhejiang Taobao Network Co.,Ltd, CN. The main domain is what-whatsapp.cyou.
TLS certificate: Issued by R10 on September 6th 2024. Valid for: 3 months.

This is the only time what-whatsapp.cyou was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
10	47.246.50.208 47.246.50.208		24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
10	2

10 47.246.50.208 (Paris, France)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

what-whatsapp.cyou	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	what-whatsapp.cyou what-whatsapp.cyou	1 MB
10	1

	Domain	Requested by
10	what-whatsapp.cyou	what-whatsapp.cyou
10	1

This site contains no links.

Subject Issuer	Validity	Valid
what-whatsapp.cyou R10	`2024-09-06` - `2024-12-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://what-whatsapp.cyou/
Frame ID: 9C1F3B0E7CDB4B78279156B23C0CEEE7
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1520 kB
Transfer

1525 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response what-whatsapp.cyou/	663 B 1005 B	1353ms 288ms	Document text/html	47.246.50.208 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://what-whatsapp.cyou/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.50.208 Paris, France, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `9a163d0e9041c76396fbee2a672a82b80b32f0dcc1a9f0d448573528b293ba30` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 663 Content-Type text/html Date Fri, 06 Sep 2024 21:22:36 GMT ETag "66c0d82f-297" EagleId 2ff6329517256577559272617e Last-Modified Sat, 17 Aug 2024 17:04:47 GMT Server Tengine Timing-Allow-Origin * Via cache4.l2hk2[20,0], ens-cache1.fr4[266,0]
GET H/1.1	200 OK	chunk-vendors.2d0f66d6.js Show response what-whatsapp.cyou/js/	997 KB 998 KB	260ms 259ms	Script application/javascript	47.246.50.208 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://what-whatsapp.cyou/js/chunk-vendors.2d0f66d6.js Requested by Host: what-whatsapp.cyou URL: https://what-whatsapp.cyou/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.50.208 Paris, France, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `cbd34c53b484edf9599838cf44ffc4d2d71b5b396140d39d90b8a165f9551a8d` Request headers Referer https://what-whatsapp.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 21:22:36 GMT Via cache29.l2hk2[23,0], ens-cache1.fr4[235,0] Last-Modified Sat, 17 Aug 2024 17:04:47 GMT Server Tengine ETag "66c0d82f-f94b0" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 1021104 EagleId 2ff6329517256577562283075e
GET H/1.1	200 OK	app.c155c5b5.js Show response what-whatsapp.cyou/js/	18 KB 18 KB	308ms 259ms	Script application/javascript	47.246.50.208 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://what-whatsapp.cyou/js/app.c155c5b5.js Requested by Host: what-whatsapp.cyou URL: https://what-whatsapp.cyou/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.50.208 Paris, France, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `3f210b3001d493308dbdc6dd474cb64d103bb5e2917c7cd181f3a2e56994d4c3` Request headers Referer https://what-whatsapp.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 21:22:36 GMT Via cache37.l2hk2[14,0], ens-cache13.fr4[225,0] Last-Modified Sat, 17 Aug 2024 17:04:47 GMT Server Tengine ETag "66c0d82f-463d" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 17981 EagleId 2ff632a117256577562783615e
GET H/1.1	200 OK	chunk-vendors.10dd4e95.css what-whatsapp.cyou/css/	206 KB 207 KB	319ms 276ms	Stylesheet text/css	47.246.50.208 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://what-whatsapp.cyou/css/chunk-vendors.10dd4e95.css Requested by Host: what-whatsapp.cyou URL: https://what-whatsapp.cyou/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.50.208 Paris, France, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `fa6f1d96e529b170226115b7eb039ed98b1c74687495207ff4bf95a8a2ced3bc` Request headers Referer https://what-whatsapp.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 21:22:36 GMT Via cache30.l2hk2[11,0], ens-cache20.fr4[244,0] Last-Modified Sat, 17 Aug 2024 17:04:47 GMT Server Tengine ETag "66c0d82f-338cd" Content-Type text/css Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 211149 EagleId 2ff632a817256577562723129e
GET H/1.1	200 OK	app.c194d7f5.css what-whatsapp.cyou/css/	43 B 384 B	312ms 265ms	Stylesheet text/css	47.246.50.208 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://what-whatsapp.cyou/css/app.c194d7f5.css Requested by Host: what-whatsapp.cyou URL: https://what-whatsapp.cyou/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.50.208 Paris, France, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `b53ebee3b114de429f4d77ad35253c3b3d1e77b4d3fd7cc4c19e13130f5e572a` Request headers Referer https://what-whatsapp.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 21:22:36 GMT Via cache29.l2hk2[23,0], ens-cache17.fr4[242,0] Last-Modified Sat, 17 Aug 2024 17:04:47 GMT Server Tengine ETag "66c0d82f-2b" Content-Type text/css Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 43 EagleId 2ff632a517256577562698333e
GET H/1.1	200 OK	221.4fa48ea5.css what-whatsapp.cyou/css/	2 KB 2 KB	297ms 296ms	Stylesheet text/css	47.246.50.208 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://what-whatsapp.cyou/css/221.4fa48ea5.css Requested by Host: what-whatsapp.cyou URL: https://what-whatsapp.cyou/js/app.c155c5b5.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.50.208 Paris, France, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `08a7c311e19baa0bd60b111954e7c62496db8ffa173376c5ef181605b27f0ae2` Request headers Referer https://what-whatsapp.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 21:22:37 GMT Via cache24.l2hk2[28,0], ens-cache1.fr4[274,0] Last-Modified Sat, 17 Aug 2024 17:04:47 GMT Server Tengine ETag "66c0d82f-70d" Content-Type text/css Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 1805 EagleId 2ff6329517256577575044921e
GET H/1.1	200 OK	221.318862e7.js Show response what-whatsapp.cyou/js/	15 KB 15 KB	280ms 280ms	Script application/javascript	47.246.50.208 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://what-whatsapp.cyou/js/221.318862e7.js Requested by Host: what-whatsapp.cyou URL: https://what-whatsapp.cyou/js/app.c155c5b5.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.50.208 Paris, France, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `d0b8a908d4ffe5e1c45833f1e12a666b46dad2d0363d2e5a8dc55c8c1ec086ba` Request headers Referer https://what-whatsapp.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 21:22:37 GMT Via cache18.l2hk2[36,0], ens-cache20.fr4[260,0] Last-Modified Sat, 17 Aug 2024 17:04:47 GMT Server Tengine ETag "66c0d82f-3aa6" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 15014 EagleId 2ff632a817256577575074896e
GET DATA	200 OK	truncated /	4 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dcc382764aca43c0541ae7bd54d0f06458d429e05280bcd8fe6de205b08049d0` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `34f1c77d2d4a93afb80b6b515a8fabf37013640b8e517bab8aba27e56d82d543` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	tips_en.fd590467.png what-whatsapp.cyou/img/	275 KB 275 KB	269ms 269ms	Image image/png	47.246.50.208 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Show image Full URL https://what-whatsapp.cyou/img/tips_en.fd590467.png Requested by Host: what-whatsapp.cyou URL: https://what-whatsapp.cyou/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.50.208 Paris, France, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `dccd0348e2e1f4d70e79c95afa0c715eaa870433e9aebbe710f91b9414251e57` Request headers Referer https://what-whatsapp.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 21:22:37 GMT Via cache29.l2hk2[35,0], ens-cache1.fr4[246,0] Last-Modified Sat, 17 Aug 2024 17:04:47 GMT Server Tengine ETag "66c0d82f-44b4e" Content-Type image/png Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 281422 EagleId 2ff6329517256577578105378e
POST H/1.1	200	enterWeb Show response what-whatsapp.cyou/api/wsapp/	7 B 264 B	290ms 289ms	XHR application/json	47.246.50.208 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://what-whatsapp.cyou/api/wsapp/enterWeb Requested by Host: what-whatsapp.cyou URL: https://what-whatsapp.cyou/js/chunk-vendors.2d0f66d6.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.50.208 Paris, France, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27` Request headers Accept application/json, text/plain, / Referer https://what-whatsapp.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Type application/json Response headers Date Fri, 06 Sep 2024 21:22:38 GMT Via cache30.l2hk2[39,0], ens-cache20.fr4[270,0] Server Tengine Content-Type application/json Connection keep-alive Timing-Allow-Origin * Content-Length 7 EagleId 2ff632a817256577578145364e
GET H/1.1	200 OK	favicon.ico what-whatsapp.cyou/	4 KB 5 KB	289ms 289ms	Other image/x-icon	47.246.50.208 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://what-whatsapp.cyou/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.50.208 Paris, France, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445` Request headers Referer https://what-whatsapp.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Date Fri, 06 Sep 2024 21:22:38 GMT Via cache24.l2hk2[22,0], ens-cache1.fr4[267,0] Last-Modified Sat, 17 Aug 2024 17:04:47 GMT Server Tengine ETag "66c0d82f-10be" Content-Type image/x-icon Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 4286 EagleId 2ff6329517256577581145851e

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkmy_vue2 function| clearImmediate function| setImmediate function| _

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

what-whatsapp.cyou
47.246.50.208
08a7c311e19baa0bd60b111954e7c62496db8ffa173376c5ef181605b27f0ae2
34f1c77d2d4a93afb80b6b515a8fabf37013640b8e517bab8aba27e56d82d543
3f210b3001d493308dbdc6dd474cb64d103bb5e2917c7cd181f3a2e56994d4c3
9a163d0e9041c76396fbee2a672a82b80b32f0dcc1a9f0d448573528b293ba30
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b53ebee3b114de429f4d77ad35253c3b3d1e77b4d3fd7cc4c19e13130f5e572a
cbd34c53b484edf9599838cf44ffc4d2d71b5b396140d39d90b8a165f9551a8d
d0b8a908d4ffe5e1c45833f1e12a666b46dad2d0363d2e5a8dc55c8c1ec086ba
db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445
dcc382764aca43c0541ae7bd54d0f06458d429e05280bcd8fe6de205b08049d0
dccd0348e2e1f4d70e79c95afa0c715eaa870433e9aebbe710f91b9414251e57
fa6f1d96e529b170226115b7eb039ed98b1c74687495207ff4bf95a8a2ced3bc

what-whatsapp.cyou Open in urlscan Pro 47.246.50.208 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

1520 kBTransfer

1525 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

what-whatsapp.cyou Open in urlscan Pro
47.246.50.208 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1520 kB
Transfer

1525 kB
Size

0
Cookies

10 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!