web-whats.cyou
Open in
urlscan Pro
8.218.57.245
Malicious Activity!
Public Scan
Submission: On June 07 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on June 6th 2023. Valid for: 3 months.
This is the only time web-whats.cyou was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 11 | 8.218.57.245 8.218.57.245 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
| 2 | 103.235.46.191 103.235.46.191 | 55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.) | |
| 1 | 2600:9000:220... 2600:9000:2209:f800:1d:80d9:9400:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
| 14 | 3 |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
| web-whats.cyou |
ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
| hm.baidu.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
web-whats.cyou
web-whats.cyou |
251 KB |
| 2 |
baidu.com
hm.baidu.com — Cisco Umbrella Rank: 7998 |
12 KB |
| 1 |
baomitu.com
lib.baomitu.com — Cisco Umbrella Rank: 164927 |
95 KB |
| 14 | 3 |
| Domain | Requested by | |
|---|---|---|
| 11 | web-whats.cyou |
web-whats.cyou
|
| 2 | hm.baidu.com |
web-whats.cyou
|
| 1 | lib.baomitu.com |
web-whats.cyou
|
| 14 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| whatss-app.oss-cn-hongkong.aliyuncs.com |
| www.telegram.org |
| www.facebook.com |
| blog.telegram.org |
| twitter.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| web-whats.cyou R3 |
2023-06-06 - 2023-09-04 |
3 months | crt.sh |
| baidu.com GlobalSign RSA OV SSL CA 2018 |
2022-07-05 - 2023-08-06 |
a year | crt.sh |
| *.baomitu.com WoTrus DV Server CA [Run by the Issuer] |
2023-04-20 - 2024-04-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://web-whats.cyou/
Frame ID: 28CEA618BEF9F298F1B05308EFFC1B0D
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
appDetected technologies
Baidu Analytics (百度统计)
(Analytics)
Expand
Detected patterns
- hm\.baidu\.com/hm\.js
jQuery
(JavaScript Libraries)
Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
75 Outgoing links
These are links going to different origins than the main page.
Title: 下载 WhatsApp1
Search URL Search Domain Scan URL
Title: azərbaycan
Search URL Search Domain Scan URL
Title: Afrikaans
Search URL Search Domain Scan URL
Title: Bahasa Indonesia
Search URL Search Domain Scan URL
Title: Melayu
Search URL Search Domain Scan URL
Title: català
Search URL Search Domain Scan URL
Title: čeština
Search URL Search Domain Scan URL
Title: dansk
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: eesti
Search URL Search Domain Scan URL
Title: English
Search URL Search Domain Scan URL
Title: español
Search URL Search Domain Scan URL
Title: français
Search URL Search Domain Scan URL
Title: Gaeilge
Search URL Search Domain Scan URL
Title: hrvatski
Search URL Search Domain Scan URL
Title: italiano
Search URL Search Domain Scan URL
Title: Kiswahili
Search URL Search Domain Scan URL
Title: latviešu
Search URL Search Domain Scan URL
Title: lietuvių
Search URL Search Domain Scan URL
Title: magyar
Search URL Search Domain Scan URL
Title: Nederlands
Search URL Search Domain Scan URL
Title: norsk bokmål
Search URL Search Domain Scan URL
Title: o‘zbek
Search URL Search Domain Scan URL
Title: Filipino
Search URL Search Domain Scan URL
Title: polski
Search URL Search Domain Scan URL
Title: Português (Brasil)
Search URL Search Domain Scan URL
Title: Português (Portugal)
Search URL Search Domain Scan URL
Title: română
Search URL Search Domain Scan URL
Title: shqip
Search URL Search Domain Scan URL
Title: slovenčina
Search URL Search Domain Scan URL
Title: slovenščina
Search URL Search Domain Scan URL
Title: suomi
Search URL Search Domain Scan URL
Title: svenska
Search URL Search Domain Scan URL
Title: Tiếng Việt
Search URL Search Domain Scan URL
Title: Türkçe
Search URL Search Domain Scan URL
Title: Ελληνικά
Search URL Search Domain Scan URL
Title: български
Search URL Search Domain Scan URL
Title: қазақ тілі
Search URL Search Domain Scan URL
Title: македонски
Search URL Search Domain Scan URL
Title: русский
Search URL Search Domain Scan URL
Title: српски
Search URL Search Domain Scan URL
Title: українська
Search URL Search Domain Scan URL
Title: עברית
Search URL Search Domain Scan URL
Title: العربية
Search URL Search Domain Scan URL
Title: فارسی
Search URL Search Domain Scan URL
Title: اردو
Search URL Search Domain Scan URL
Title: বাংলা
Search URL Search Domain Scan URL
Title: हिन्दी
Search URL Search Domain Scan URL
Title: ગુજરાતી
Search URL Search Domain Scan URL
Title: ಕನ್ನಡ
Search URL Search Domain Scan URL
Title: मराठी
Search URL Search Domain Scan URL
Title: ਪੰਜਾਬੀ
Search URL Search Domain Scan URL
Title: தமிழ்
Search URL Search Domain Scan URL
Title: తెలుగు
Search URL Search Domain Scan URL
Title: മലയാളം
Search URL Search Domain Scan URL
Title: ไทย
Search URL Search Domain Scan URL
Title: 简体中文
Search URL Search Domain Scan URL
Title: 繁體中文(台灣)
Search URL Search Domain Scan URL
Title: 繁體中文(香港)
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: 한국어
Search URL Search Domain Scan URL
Title: 联系
Search URL Search Domain Scan URL
Title: 条款和隐私政策
Search URL Search Domain Scan URL
Title: 商业
Search URL Search Domain Scan URL
Title: 隐私指引
Search URL Search Domain Scan URL
Title: 关于
Search URL Search Domain Scan URL
Title: 工作机会
Search URL Search Domain Scan URL
Title: 品牌中心
Search URL Search Domain Scan URL
Title: 联系
Search URL Search Domain Scan URL
Title: 博客
Search URL Search Domain Scan URL
Title: WhatsApp 快拍
Search URL Search Domain Scan URL
Title: Android
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: 新冠疫情
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
web-whats.cyou/ |
119 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
92yU3_1E6qP.css
web-whats.cyou/img/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xnxHL8zVBjo.css
web-whats.cyou/img/ |
120 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
EsyfAiyWshR.css
web-whats.cyou/img/ |
13 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
28bZN702Ikw.css
web-whats.cyou/img/ |
755 B 403 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
2VSZD9_JH43.js
web-whats.cyou/img/ |
309 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
36B424nhiL4.svg
web-whats.cyou/ |
9 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
lOol7j-zq4u.svg
web-whats.cyou/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
199496234.png
web-whats.cyou/img/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
199550118.png
web-whats.cyou/img/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
200489840.png
web-whats.cyou/img/ |
55 KB 55 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hm.js
hm.baidu.com/ |
29 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
lib.baomitu.com/jquery/1.12.4/ |
95 KB 95 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hm.gif
hm.baidu.com/ |
43 B 299 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)42 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend object| _hmt number| _cstart function| envFlush object| Env number| __DEV__ function| CavalryLogger function| __annotator function| __bodyWrapper function| __t function| __w function| emptyFunction function| FB_enumerate function| __m object| babelHelpers function| define function| require function| importDefault function| importNamespace function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ function| getErrorSafe object| ErrorGuard object| ErrorSerializer object| ErrorUtils function| Arbiter object| JSCC function| $ function| ge object| Parent object| TimeSlice function| now_inl number| __bigPipeFR number| __bigPipeCtor function| jQuery boolean| _bdhm_loaded_e0bd802f38ba384de65be4cb019c1454 object| mini_tangram_log_8bjzfk4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .hm.baidu.com/ | Name: HMACCOUNT_BFESS Value: 1F90BD04AFFE99E7 |
|
| hm.baidu.com/ | Name: HMTK Value: 1 |
|
| .web-whats.cyou/ | Name: Hm_lvt_e0bd802f38ba384de65be4cb019c1454 Value: 1686144327 |
|
| .web-whats.cyou/ | Name: Hm_lpvt_e0bd802f38ba384de65be4cb019c1454 Value: 1686144327 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hm.baidu.com
lib.baomitu.com
web-whats.cyou
103.235.46.191
2600:9000:2209:f800:1d:80d9:9400:93a1
8.218.57.245
0febb00bb6ca203b5f7ce0d2f5e8862a04df180a9281925cd5140407ba57cd25
17a99746b0a4baf21319ba7fd1b1e2906ff320db5ae12e39c3b8cccb00223809
4d4a39c3f28fd36f30e096437c6698aad119539dfbd2fb95dd19470307fe212c
533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2
601a3dc320fad0ec8167a25ef03e8aabd6a686061cd416ad1fa84482fac364c7
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
708f4f787db19dcb4cca817e1c38fba2baf0216b092c90d59648464791d57abb
736ec0b63c70e29a0dad38ffb5a2f40c1b66062ac2e31ee4c21e43f2890b00e2
7827fae6605a47aeebee56bb537aa9b88e0fdeaf123056008114579f5d95ac05
b1dec9c543ba7d88bd189d02e6b4b783e20061171c49094a928fc819ec788bcc
c230016694c1b4234b5b3330a1bb720efcc3152727ccde28ae63d9a89418cd24
cd899e99d525898009bc4673d29cf38ebdc2ddc6d14bd7263f2c53e322ef2ef4
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
fee58b2c5d1dfec9419b07d030239a7621d674ee2215ab7cf6de5bf0e480bb68