yyd.wshatsapp.xyz Open in urlscan Pro
2606:4700:3032::ac43:c456 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://yyd.wshatsapp.xyz/
Submission: On October 03 via api (October 3rd 2024, 12:08:49 pm UTC) from US — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 2606:4700:3032::ac43:c456, located in United States and belongs to CLOUDFLARENET, US. The main domain is yyd.wshatsapp.xyz.
TLS certificate: Issued by WE1 on October 3rd 2024. Valid for: 3 months.

This is the only time yyd.wshatsapp.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
8	2606:4700:303... 2606:4700:3032::ac43:c456		13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2

8 2606:4700:3032::ac43:c456 (United States)

ASN13335 (CLOUDFLARENET, US)

yyd.wshatsapp.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	wshatsapp.xyz yyd.wshatsapp.xyz	140 KB
8	1

	Domain	Requested by
8	yyd.wshatsapp.xyz	yyd.wshatsapp.xyz
8	1

This site contains no links.

Subject Issuer	Validity	Valid
wshatsapp.xyz WE1	`2024-10-03` - `2025-01-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://yyd.wshatsapp.xyz/
Frame ID: E07CB70D06703C38DB8733B543744713
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

140 kB
Transfer

398 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response yyd.wshatsapp.xyz/	610 B 773 B	482ms 352ms	Document text/html	2606:4700:3032::ac43:c456 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yyd.wshatsapp.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:c456 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1589de4aad6918ba0e3298db9992dfeeda7255f5662c93f5ab9727d70418baf6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers cf-cache-status DYNAMIC cf-ray 8cccd1ba38f4a03d-FRA content-encoding br content-type text/html date Thu, 03 Oct 2024 12:08:44 GMT last-modified Wed, 02 Oct 2024 07:39:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTdX4vH0ZMsxH0c%2B6rTOGGGGVVOvb830FAnyNtxrz%2F5wgHCbRc3BfPVOJqBnFtszRpobVKC6N7kRaMy3eLD8O6xm1oIuC1aMUIFXr0S%2Bp0eB%2BahQfiYmk7Xhaya%2F82c9Hqkg32gpkpKe00X3GbSfPA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation"
GET H2	200	speculation yyd.wshatsapp.xyz/cdn-cgi/	128 B 479 B	51ms 50ms	Other application/speculationrules+json	2606:4700:3032::ac43:c456 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yyd.wshatsapp.xyz/cdn-cgi/speculation Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:c456 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://yyd.wshatsapp.xyz Referer https://yyd.wshatsapp.xyz/ Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pG0A612BUDS705u%2FjvwdJko%2FiZFrng%2B1GWDbduogN3DVbn93zbCJZVseAjD0CpWJCeWgCAduOIzZP%2BC8YYGrfGGj%2F0SRZIzMmu3rs4R94xo4lgsrbCJZkhFwFZqT2elurlpo6IdN8FNv6VYxA6kfQw%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cccd1bc7bafa03d-FRA access-control-allow-origin https://yyd.wshatsapp.xyz content-length 128 date Thu, 03 Oct 2024 12:08:44 GMT content-type application/speculationrules+json vary Origin, Accept-Encoding server cloudflare
GET H2	200	G97XMt.css yyd.wshatsapp.xyz/	216 KB 69 KB	499ms 499ms	Stylesheet text/css	2606:4700:3032::ac43:c456 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yyd.wshatsapp.xyz/G97XMt.css Requested by Host: yyd.wshatsapp.xyz URL: https://yyd.wshatsapp.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:c456 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `35dcbb6a99a6d6213c58624dc4a673d69a4b1742b311f70b091046b4f207ba83` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://yyd.wshatsapp.xyz/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"66fcf8b9-35f1a" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0LZYiRh%2Fspl8%2BqG0HUskBBwirSOZF1XvsruXleKwHxcWIylQ27U5hOmW0GntZJjS7Vx3ndLP4n0RMLAzyaCMJa8cuGPRyASMnIcGqV03ugs3URS6H91tpUJG295atqT%2F3fHkEVWF%2BNoUqr4%2FrnWVQA%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cccd1bc7bb2a03d-FRA date Thu, 03 Oct 2024 12:08:44 GMT content-type text/css last-modified Wed, 02 Oct 2024 07:39:37 GMT vary Accept-Encoding server cloudflare
GET H2	200	index-106dd4bc.js Show response yyd.wshatsapp.xyz/assets/	126 KB 50 KB	871ms 870ms	Script application/javascript	2606:4700:3032::ac43:c456 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yyd.wshatsapp.xyz/assets/index-106dd4bc.js Requested by Host: yyd.wshatsapp.xyz URL: https://yyd.wshatsapp.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:c456 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fa4d93561ce7860be0130359e04dcc9fa937f57625037b86edfe8d8d10225f2a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://yyd.wshatsapp.xyz Referer https://yyd.wshatsapp.xyz/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"66fcf8b9-1f60d" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=salo4jxsi5E2B4YJzacNDWPaMGPYAT7W5VAwMmGQHNjJDSuNyhhi3xrGAmJiCBsBf1tDexnhHAFluHiE65QXst1e2NMiUoKlS53JpKcoG9dk2hMFRcmmc6MR41Ho%2B9rH6ab9x8YTz8sGTTr8qK9Z9w%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cccd1bc7bb6a03d-FRA date Thu, 03 Oct 2024 12:08:45 GMT content-type application/javascript last-modified Wed, 02 Oct 2024 07:39:37 GMT vary Accept-Encoding server cloudflare
GET H2	200	index-266743ee.css yyd.wshatsapp.xyz/assets/	13 KB 4 KB	358ms 358ms	Stylesheet text/css	2606:4700:3032::ac43:c456 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yyd.wshatsapp.xyz/assets/index-266743ee.css Requested by Host: yyd.wshatsapp.xyz URL: https://yyd.wshatsapp.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:c456 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `266743eec05cede98ee1f7e40293703825a6bcef3fa6696fa6b4be0ec05fe5ae` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://yyd.wshatsapp.xyz/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"66fcf8b9-35d6" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uCflkrNJFt0v7wUD2hFBj%2BnKMKxMI3XA3Z4NGdnrKQ4YbqC15dtirMWqbhhE58yxa387Y1TNDWEzZaRpQQb9m0LWiADMI2zkBqCfOHLmvGoRV3LZ2%2FAKw7XDwkZInpnvdTwwnbioGSPgCk7Ygf52YA%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cccd1bc7bb5a03d-FRA date Thu, 03 Oct 2024 12:08:44 GMT content-type text/css last-modified Wed, 02 Oct 2024 07:39:37 GMT vary Accept-Encoding server cloudflare
GET H2	200	zh-49af2133.js Show response yyd.wshatsapp.xyz/assets/	1 KB 1 KB	354ms 353ms	Script application/javascript	2606:4700:3032::ac43:c456 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yyd.wshatsapp.xyz/assets/zh-49af2133.js Requested by Host: yyd.wshatsapp.xyz URL: https://yyd.wshatsapp.xyz/assets/index-106dd4bc.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:c456 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ad5975419adb8dae0b6eca7485079de162ac4df88569a931e0142ec8e3ded8c1` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://yyd.wshatsapp.xyz Referer https://yyd.wshatsapp.xyz/assets/index-106dd4bc.js Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"66fcf8b9-51d" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bZ8nUxO4809Djc3dIVHlcadNgBNw3iDXYuuparn2DS%2FGUcnhmcUFYYMSdibID9qa82Fc%2BAueVXbgsfSrju165D5Js%2BxiYTyy%2FpmD%2BK2UYzdh3fmy1QofXKKWNTuFRZUkA%2BzNmKRCuDMcBzo%2FjjBZfg%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cccd1c3adb4a03d-FRA date Thu, 03 Oct 2024 12:08:45 GMT content-type application/javascript last-modified Wed, 02 Oct 2024 07:39:37 GMT vary Accept-Encoding server cloudflare
GET H2	200	index-3e2e55e1.js Show response yyd.wshatsapp.xyz/assets/	32 KB 14 KB	499ms 499ms	Script application/javascript	2606:4700:3032::ac43:c456 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yyd.wshatsapp.xyz/assets/index-3e2e55e1.js Requested by Host: yyd.wshatsapp.xyz URL: https://yyd.wshatsapp.xyz/assets/index-106dd4bc.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:c456 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2cd31fbb79d2e7d3d1ca5070c1f5fa1fbe3b79714d71cbd7eecc161f70e2512f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://yyd.wshatsapp.xyz Referer https://yyd.wshatsapp.xyz/assets/index-106dd4bc.js Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag W/"66fcf8b9-813b" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lBIF4Et3yJ367OI5BVQLTvKU3QHqb%2FZvumEZhe06tAcXfDCQFo%2BKdnKcCDINisKrOijWnBQnhWRHVW2zjqj96R7Gh%2BHwjcd1rqrAbYscyxzM7nR93Xsk%2FNtkCHIIJnYbDndrTVFSRS0c4e1bvtaFqw%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cccd1c3adbaa03d-FRA date Thu, 03 Oct 2024 12:08:45 GMT content-type application/javascript last-modified Wed, 02 Oct 2024 07:39:37 GMT vary Accept-Encoding server cloudflare
GET H2	404	favicon.ico yyd.wshatsapp.xyz/	520 B 593 B	368ms 368ms	Other text/html	2606:4700:3032::ac43:c456 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yyd.wshatsapp.xyz/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:c456 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7407aa48b72bcf4fbc483d468f668297de0850af456c1a57c8fe569c932c789e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://yyd.wshatsapp.xyz/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status MISS speculation-rules "/cdn-cgi/speculation" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qfAKvi9H4w34%2BzcX4JfoksQu%2B2dDMZjVo3IlC8APDNP%2FpTnVjtOHnblGKnmS%2FnGifseHj2nr0uY%2FlcHKUgOXmMqQDi36qMeLelMTL9l%2FQnviPf2HsBKKPkuuB9e7O4fku3oCmaWRlJmfx7SJlPLxuA%3D%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cccd1c3bdcda03d-FRA date Thu, 03 Oct 2024 12:08:45 GMT content-type text/html vary Accept-Encoding server cloudflare
GET DATA	200 OK	truncated /	9 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d03186407fc7bbda88c4418627218a35010ae6333bab51160a478b6c6d18ad88` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ boolean| __VUE__

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://yyd.wshatsapp.xyz/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

yyd.wshatsapp.xyz
2606:4700:3032::ac43:c456
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
1589de4aad6918ba0e3298db9992dfeeda7255f5662c93f5ab9727d70418baf6
266743eec05cede98ee1f7e40293703825a6bcef3fa6696fa6b4be0ec05fe5ae
2cd31fbb79d2e7d3d1ca5070c1f5fa1fbe3b79714d71cbd7eecc161f70e2512f
35dcbb6a99a6d6213c58624dc4a673d69a4b1742b311f70b091046b4f207ba83
7407aa48b72bcf4fbc483d468f668297de0850af456c1a57c8fe569c932c789e
ad5975419adb8dae0b6eca7485079de162ac4df88569a931e0142ec8e3ded8c1
d03186407fc7bbda88c4418627218a35010ae6333bab51160a478b6c6d18ad88
fa4d93561ce7860be0130359e04dcc9fa937f57625037b86edfe8d8d10225f2a

yyd.wshatsapp.xyz Open in urlscan Pro 2606:4700:3032::ac43:c456 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

140 kBTransfer

398 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

yyd.wshatsapp.xyz Open in urlscan Pro
2606:4700:3032::ac43:c456 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

140 kB
Transfer

398 kB
Size

0
Cookies

8 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!