www.wsdownloade.cn Open in urlscan Pro
2606:4700:3034::ac43:8f4e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.wsdownloade.cn/zh-cn/index.html?20220830
Submission: On February 16 via automatic, source openphish (February 16th 2023, 1:26:01 pm UTC) — Scanned from DE

Summary HTTP 15 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3034::ac43:8f4e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.wsdownloade.cn.
TLS certificate: Issued by GTS CA 1P5 on January 28th 2023. Valid for: 3 months.

This is the only time www.wsdownloade.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
15	2606:4700:303... 2606:4700:3034::ac43:8f4e		13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	1

15 2606:4700:3034::ac43:8f4e (United States)

ASN13335 (CLOUDFLARENET, US)

www.wsdownloade.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	wsdownloade.cn www.wsdownloade.cn	1 MB
15	1

	Domain	Requested by
15	www.wsdownloade.cn	www.wsdownloade.cn
15	1

This site contains links to these domains. Also see Links.

Domain
web.whatsapp.com
itunes.apple.com
business.whatsapp.com
www.facebook.com
apps.apple.com
twitter.com

Subject Issuer	Validity	Valid
*.wsdownloade.cn GTS CA 1P5	`2023-01-28` - `2023-04-28`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.wsdownloade.cn/zh-cn/index.html?20220830
Frame ID: 2272CF1575A93C3BC7024B45FDCA3770
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1445 kB
Transfer

1841 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://web.whatsapp.com/
Title: WHATSAPP 网页版

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/us/app/whatsapp-messenger/id310633997?mt=8
Title: iPhone

Search URL Search Domain Scan URL

URL: https://business.whatsapp.com/products/business-app
Title: WhatsApp Business

Search URL Search Domain Scan URL

URL: https://business.whatsapp.com/products/business-platform
Title: WhatsApp Business API。

Search URL Search Domain Scan URL

URL: https://business.whatsapp.com/
Title: 商业

Search URL Search Domain Scan URL

URL: https://www.facebook.com/brand/resources/whatsapp/whatsapp-brand
Title: 品牌中心

Search URL Search Domain Scan URL

URL: https://apps.apple.com/us/app/whatsapp-messenger/id310633997
Title: iPhone

Search URL Search Domain Scan URL

URL: https://twitter.com/whatsapp
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/WhatsApp
Title: Facebook

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response www.wsdownloade.cn/zh-cn/	53 KB 10 KB	667ms 556ms	Document text/html	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `d6a57b71c2e8a8f255ac184b65d6accaed725b291f2007075ba38ae2fcf1bb9b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 79a69ca3ee8b382e-FRA content-encoding br content-type text/html date Thu, 16 Feb 2023 13:25:54 GMT last-modified Thu, 08 Dec 2022 08:57:25 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DC294R5wMKBz7WYDMRsRRnflwdUsyDzBsnAiuK5CUnnkBsop5ib6UxLaus6JGQmnaJMPUUt7jAv0y98GrWAlz%2FMtv6yHSuo%2FKqPn2s0OI7IVidjA7G5F7Z2VqtC6OVbb3hOm5rKLx6SonUvoDg5cJGQ%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by ASP.NET
GET H2	200	C2fHuK6eV5E.css www.wsdownloade.cn/zh-cn/index_files/	7 KB 2 KB	558ms 557ms	Stylesheet text/css	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.wsdownloade.cn/zh-cn/index_files/C2fHuK6eV5E.css Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `5d25fc039de768564d39bedbd355926f6612dcf06d40ade793709502ea296d8a` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:55 GMT content-encoding br cf-cache-status MISS last-modified Sat, 03 Dec 2022 08:02:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"dda48d97ed6d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JIg%2Fcg29f%2FOysBKY%2BdLMXVS7PqaLsEcrcC4y1%2FlS25Cs6ZS%2B2WAKY3HUn%2Bh9zGcF7v%2FYgbpBn2HLruMaDXn9qQNPxzYISO%2FSW26C8IsdVt5d0YiYQcinKfGy1OTtWGOPgxO5iW5O01kVvor52CQS3k%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 79a69ca76b3c382e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	J7ci6KkN4Io.css www.wsdownloade.cn/zh-cn/index_files/	133 KB 22 KB	1104ms 1103ms	Stylesheet text/css	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.wsdownloade.cn/zh-cn/index_files/J7ci6KkN4Io.css Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `788013631618154cb4b4967878c1a4ff38beac58d1ebda074a516f79bd2cb05f` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:55 GMT content-encoding br cf-cache-status MISS last-modified Sat, 03 Dec 2022 08:02:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"dda48d97ed6d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lVOEjQ3gc%2BkFkzzfEF01%2B9Sn4SS4otbVvzDbDTWsVYuIRhbBw4hy84X0DuzPJcCU9WiYmvJ4NOH2u2lREV4UWX6lOqsFgA9pbunYEk00rAgtQqXqnCK2n7jYJpO2xtRlAc%2FnAdEUUoUeWH7o%2BfXJkIY%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 79a69ca76b3e382e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	bvgAvxUnJO-.css www.wsdownloade.cn/zh-cn/index_files/	6 KB 2 KB	476ms 475ms	Stylesheet text/css	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.wsdownloade.cn/zh-cn/index_files/bvgAvxUnJO-.css Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `fc0821fb923a586e97a0581c6490cd08b1784b98f77b026fbefe93c32960684e` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:54 GMT content-encoding br cf-cache-status MISS last-modified Sat, 03 Dec 2022 08:02:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2d79097ed6d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QqZNQ61Tz3ZsXj4OHUWmm%2FAD9foR9KQp%2F0wvc5RF30AofLCjrWLyPZoYLKvRg0NQkDhfDvPZbH9rSUGfsDMtt2d2cgeUb4LFaAuXuxQVyPaGg8Z49dcmhq%2BjP%2FzbG7AcpQrK0Wc7xSfjkkv7%2FBeLRlY%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 79a69ca76b3f382e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	28bZN702Ikw.css www.wsdownloade.cn/zh-cn/index_files/	761 B 652 B	473ms 473ms	Stylesheet text/css	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.wsdownloade.cn/zh-cn/index_files/28bZN702Ikw.css Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `0c6db3f25cef9d302542b41e0ed51aa8a7df470c38568a44606ee5ddfb0f9079` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:54 GMT content-encoding br cf-cache-status MISS last-modified Sat, 03 Dec 2022 08:02:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"dda48d97ed6d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6dXfzrlBVsv1P9oAFLjDd1AV%2F6%2BVLUZu7gHXjrER5q9IjNfCZLQh27pK4JbakNY%2FVxFn7A1UGjdMvTVYzCa9%2B6SzeCYo868jLaBJUVr2TqwZZOYrBD01iZV%2B1zUJjWEHNykHOG6RPD6FSTuD63lm5gE%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 79a69ca76b41382e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	carousel.css www.wsdownloade.cn/css/	743 B 565 B	560ms 560ms	Stylesheet text/css	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.wsdownloade.cn/css/carousel.css Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `dcbb5e60604ce9ce493def64d27406ba7cbf86336296de50b36b1ee1b3d8e458` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:55 GMT content-encoding br cf-cache-status MISS last-modified Thu, 08 Dec 2022 08:57:25 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"1687017e3ad91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eXt%2Fp5ijeDSGyB1g1O28QsDsq5Wzxpkmv7zDOkLWaJBJCKnTmQQxklBYNn3Ixvh8cRznaqfgf2fBv1dR2m376udJH%2BXi02ZScTE0F7US5QlJuKhRLdu%2BQd5hkKX878elT6leysddl9IXXkJtl6jLBpU%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 79a69ca76b42382e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	36B424nhiL4.svg www.wsdownloade.cn/zh-cn/index_files/	9 KB 4 KB	825ms 824ms	Image image/svg+xml	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.wsdownloade.cn/zh-cn/index_files/36B424nhiL4.svg Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `708f4f787db19dcb4cca817e1c38fba2baf0216b092c90d59648464791d57abb` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:55 GMT content-encoding br cf-cache-status MISS last-modified Sat, 03 Dec 2022 08:02:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"dda48d97ed6d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U%2F0PmfA%2BqhyxHB%2BrVTA3dgg6UardBm6BXPStgOCQ8XDfYYRaC4s%2FURX4lK6UpRQOXSULBrQjszq9%2B1BH%2FsqHIQH9ucUIgVtkLhwB0AtyQiUC4DySZ1ZVNLMQ0xPrgt%2Bg0U2MWnliRVjUIiQdGGk2bPQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 79a69ca78b5d382e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	lOol7j-zq4u.svg www.wsdownloade.cn/zh-cn/index_files/	3 KB 1 KB	555ms 554ms	Image image/svg+xml	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.wsdownloade.cn/zh-cn/index_files/lOol7j-zq4u.svg Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:55 GMT content-encoding br cf-cache-status MISS last-modified Sat, 03 Dec 2022 08:02:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2d79097ed6d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZSautBCLe10N53YBEA8TIdYD%2BtUuLbIODF%2FipuceKe2ZV3wzwzo6bG%2Bt2eKUS9%2BDHadb638LcRb5%2FAFE3VHdYglupi9evgpzHCjuc41iAGpwyhMJylP0Dw%2B2mEUtZM461wnVWjRgIT4ApIOdiB7h6Q%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 79a69ca78b5f382e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	download.png www.wsdownloade.cn/zh-cn/index_files/	5 KB 5 KB	696ms 696ms	Image image/png	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.wsdownloade.cn/zh-cn/index_files/download.png Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `824c47ca4dd32eeeb601528769a0094ea16ba6395572a16f3735634174588485` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:55 GMT cf-cache-status MISS last-modified Thu, 08 Dec 2022 07:27:25 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "e688da84d6ad91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISYjL%2Bn8UT0QsZ8zrM427V0hNKn6FXlZ0WrWCcAMs6sSFq%2BzX4NF1cjZVFczEwCfJ0zmi2vk9UJriZfi1%2FPri3820Da8R7QO7%2FEG3T1kzC4kGc9uaxnJVnhAJiYLp6jFaRrWKyO4qql6OuEEoidwbd8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 79a69ca78b62382e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 5184
GET H3	200	img.png www.wsdownloade.cn/img/	509 KB 510 KB	1154ms 1152ms	Image image/png	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.wsdownloade.cn/img/img.png Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `e5ce70fbe7afd976be075ea099be1780b912e7b53f0fbea43f13d1b83edc4f97` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:55 GMT cf-cache-status MISS last-modified Mon, 05 Dec 2022 05:17:24 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "3f9bcbdb688d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2F2ONYEsoYM9JVDdfXmdaW4UFYOP7HQicpP5CMt6tnwDgIghJ7FbxW2T00EyxgfeNcCKmifEkrz8p7d3YypFUwrSSvlaNMCuwMlKcia7RyAnXuL7e0GjPDbmLZkynUgr5IlPK49C5uymbjoyLllyQu8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 79a69ca97cd69262-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 521656
GET H3	200	gif.gif www.wsdownloade.cn/img/	440 KB 441 KB	1364ms 1361ms	Image image/gif	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.wsdownloade.cn/img/gif.gif Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `d7ed9000efd853583ae2fabda84b83142126ccd13bbb535b49fe4f81de84cdcb` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:56 GMT cf-cache-status MISS last-modified Sat, 03 Dec 2022 08:02:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "6c129896ed6d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ntX%2FX9xs8eXwLIwnmhJ72w%2FZflMFXESZiIgQ7i92ldn7CaqIzIpiHSk88MA31uFzcEmMAW0YydQr0R2S8S1o8Zjvh0yJomRiXv1%2BUN%2Bl0y4GKgbFtBZzSoVWFV0MIjsfl6jioW1y%2BTpRAPA1CaaZkC0%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=14400 accept-ranges bytes cf-ray 79a69ca97cdd9262-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 450645
GET H3	200	img2.png www.wsdownloade.cn/img/	349 KB 350 KB	1370ms 1366ms	Image image/png	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.wsdownloade.cn/img/img2.png Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `379cfe51888015c64460c1e18316e7ba4a3e49f0d78ebeaf39c6ec943f5dc0e8` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:56 GMT cf-cache-status MISS last-modified Mon, 05 Dec 2022 05:17:24 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "3f9bcbdb688d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7RPrNwROcX6dLvn7fDrO%2BnQu8CYeWCOd54Ui2daYbjOgHSONpDMfhJfguzZUEwu%2Bt%2BMlk%2FWJ5RSVVTgvs8ZTgdbAiSmRE%2BipG%2B2%2BvAUfCR8Di8dP2i4IM950RlEkArMLzo37pxii4U1CXRXrvPK6kM%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 79a69ca98cdf9262-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 357483
GET H3	200	language.js Show response www.wsdownloade.cn/js/	394 B 743 B	560ms 557ms	Script application/javascript	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.wsdownloade.cn/js/language.js Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `9ccf705a32e9019074a5f77a3ec1084c287a2a21d85077ac00593196fcd65b58` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:55 GMT content-encoding br cf-cache-status MISS last-modified Sat, 03 Dec 2022 08:02:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"63eaaf96ed6d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QYy8omXJASJ5twq3f9r28hXZuDs9HDZHz618fGZbATEtqsStBrCe%2BgfY2kIXxBwCfY%2BQL8eVNXegjgYkGxTb9zWKAH6Ew4v0dgkd92uJJS16l7RIGxythAWGYhM3lbcoTiAEsJgzMFT7B7KhzPlre8E%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 79a69ca98ce19262-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	anim.js Show response www.wsdownloade.cn/zh-cn/index_files/	323 KB 95 KB	1395ms 1392ms	Script application/javascript	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.wsdownloade.cn/zh-cn/index_files/anim.js Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `72b416da8bb4c0a631280e7f0dd6f17634f03cbfb3975915d8159a18e2a2db41` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:56 GMT content-encoding br cf-cache-status MISS last-modified Sat, 03 Dec 2022 08:02:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2d79097ed6d91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iNU7V%2FU8xPvL1Kl7XJ2Tts%2Fb5qqdi1q6%2Bs3gtawUBq8rVtGQOf9%2FVFTi3t4YZfK%2FssxMfatn306dnS%2F1uEp9oqueCWMIauS9RTBxiF8Mj%2FD3XvINg8engNiYAIXEfzo%2F7gdU3Zxeq%2Fj%2FlJCNEgGOKFo%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 79a69ca98ce29262-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	carousel.js Show response www.wsdownloade.cn/js/	3 KB 1 KB	473ms 471ms	Script application/javascript	2606:4700:3034::ac43:8f4e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.wsdownloade.cn/js/carousel.js Requested by Host: www.wsdownloade.cn URL: https://www.wsdownloade.cn/zh-cn/index.html?20220830 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:8f4e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `4a8573ad67fb5058852db2b7fbca37250d67af2d2ae63adacb99406596be3c2e` Request headers accept-language de-DE,de;q=0.9 Referer https://www.wsdownloade.cn/zh-cn/index.html?20220830 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36 Response headers date Thu, 16 Feb 2023 13:25:55 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 08 Dec 2022 08:57:25 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"61637317e3ad91:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u4tExGMOkDWOQc201OGuQx0Ffnr1AoWCEeXPvtOf3yHvsL63cyl7nSPSV8iLdLcigt46BbcEEdA%2BuBiTRIMtoZes%2FRTVvXb5Z96RmhMawsOQXNmU09kdZnztkioiffARqYpOZqj7m6DiP%2FTPPitC%2BUI%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 79a69ca98ce49262-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.wsdownloade.cn
2606:4700:3034::ac43:8f4e
0c6db3f25cef9d302542b41e0ed51aa8a7df470c38568a44606ee5ddfb0f9079
379cfe51888015c64460c1e18316e7ba4a3e49f0d78ebeaf39c6ec943f5dc0e8
4a8573ad67fb5058852db2b7fbca37250d67af2d2ae63adacb99406596be3c2e
533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2
5d25fc039de768564d39bedbd355926f6612dcf06d40ade793709502ea296d8a
708f4f787db19dcb4cca817e1c38fba2baf0216b092c90d59648464791d57abb
72b416da8bb4c0a631280e7f0dd6f17634f03cbfb3975915d8159a18e2a2db41
788013631618154cb4b4967878c1a4ff38beac58d1ebda074a516f79bd2cb05f
824c47ca4dd32eeeb601528769a0094ea16ba6395572a16f3735634174588485
9ccf705a32e9019074a5f77a3ec1084c287a2a21d85077ac00593196fcd65b58
d6a57b71c2e8a8f255ac184b65d6accaed725b291f2007075ba38ae2fcf1bb9b
d7ed9000efd853583ae2fabda84b83142126ccd13bbb535b49fe4f81de84cdcb
dcbb5e60604ce9ce493def64d27406ba7cbf86336296de50b36b1ee1b3d8e458
e5ce70fbe7afd976be075ea099be1780b912e7b53f0fbea43f13d1b83edc4f97
fc0821fb923a586e97a0581c6490cd08b1784b98f77b026fbefe93c32960684e

www.wsdownloade.cn Open in urlscan Pro 2606:4700:3034::ac43:8f4e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

15 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

1445 kBTransfer

1841 kBSize

0 Cookies

9 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

42 JavaScript Global Variables

0 Cookies

Indicators

www.wsdownloade.cn Open in urlscan Pro
2606:4700:3034::ac43:8f4e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

1445 kB
Transfer

1841 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!