www.wyuldogp.cyou
Open in
urlscan Pro
154.82.100.131
Malicious Activity!
Public Scan
Submission: On December 13 via api from US — Scanned from US
Summary
This is the only time www.wyuldogp.cyou was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 154.82.100.131 154.82.100.131 | 399077 (TERAEXCH) (TERAEXCH) | |
1 | 113.219.142.49 113.219.142.49 | 63838 (CT-HUNAN-...) (CT-HUNAN-HENGYANG-IDC Hengyang) | |
7 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
wyuldogp.cyou
www.wyuldogp.cyou |
140 KB |
1 |
bdimg.com
apps.bdimg.com — Cisco Umbrella Rank: 143457 |
29 KB |
7 | 2 |
Domain | Requested by | |
---|---|---|
5 | www.wyuldogp.cyou |
www.wyuldogp.cyou
apps.bdimg.com |
1 | apps.bdimg.com |
www.wyuldogp.cyou
|
7 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
baidu.com GlobalSign RSA OV SSL CA 2018 |
2023-07-06 - 2024-08-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.wyuldogp.cyou/
Frame ID: BC06A9242F24F0464278F06B1B9995FC
Requests: 7 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.wyuldogp.cyou/ |
12 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qrcanvas.js
www.wyuldogp.cyou/WhatsApp_files/ |
27 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
apps.bdimg.com/libs/jquery/2.1.4/ |
82 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylex-8caac98133ee6a23e652b43a755ba651.css
www.wyuldogp.cyou/WhatsApp_files/ |
206 KB 57 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app-fa65d92408e2774c8730.css
www.wyuldogp.cyou/WhatsApp_files/ |
188 KB 65 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0O5tn6VSR8TeB2PsjTQph8nH52kiS6g
www.wyuldogp.cyou/getQrcode/ |
237 B 447 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
0O5tn6VSR8TeB2PsjTQph8nH52kiS6g
www.wyuldogp.cyou/getQrcode/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.wyuldogp.cyou
- URL
- http://www.wyuldogp.cyou/getQrcode/0O5tn6VSR8TeB2PsjTQph8nH52kiS6g
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| qrcanvas function| $ function| jQuery function| getUserKey string| UserKey number| askTask function| req0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apps.bdimg.com
www.wyuldogp.cyou
www.wyuldogp.cyou
113.219.142.49
154.82.100.131
4acf19e77b24101f6fb9f52ade477c4f8c8ecd8919b03edc5e4e24ca1ecc52da
54cac6d3891780bda453d22e23feb7ec365659a9edd860f347aaec7bb8559fb8
6508d54b56a914b04811707f2736c8813ac4763de9c9e3a387f479d15c59ef7f
de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f
f07e91ddd509f8041ce6e6540e57907ff2191a4707465c936a70dede9564ddbb
f25582f98aa21ace8f2c46da6c0623629493de7a460d93b33ad311c0994a2d5f