wws.fcddlloonline.cyou Open in urlscan Pro
104.21.32.78  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response wws.fcddlloonline.cyou/	384 B 652 B	573ms 385ms	Document text/html	104.21.32.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wws.fcddlloonline.cyou/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.32.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a293eaca6cd90b2f7817469a1e65379e9f91af5687aeb6b20723e5304c8326af Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8a7b5723cb05aae2-YYZ content-encoding br content-type text/html; charset=UTF-8 date Tue, 23 Jul 2024 11:30:47 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xlQi6LW%2BqXwFp3ycEJVDcL6o%2B%2BIeycU1BQr7HrlzsseviV42BG%2FQcG%2BXWEKODSjnv9Zb7IyFFp0TXQSfjX8DRY4ezSaPb0spkf5liY5sKR%2BDMnCHVTCaWpja8%2FWhphbupD%2BbHi2taNHn"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	xiejapa9l821c8785gfrxhvejr4tm.css wws.fcddlloonline.cyou/css/	429 KB 109 KB	64ms 57ms	Stylesheet text/css	104.21.32.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wws.fcddlloonline.cyou/css/xiejapa9l821c8785gfrxhvejr4tm.css Requested by Host: wws.fcddlloonline.cyou URL: https://wws.fcddlloonline.cyou/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.32.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3d70239c215961ece3344d0360f15ff9621567f50a84e2d58fbdbecbb9f0b934 Request headers Referer https://wws.fcddlloonline.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 23 Jul 2024 11:30:47 GMT content-encoding gzip cf-cache-status HIT last-modified Fri, 29 Dec 2023 02:16:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 6150 etag W/"658e2c0e-6b550" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hnJNhy0J6QjjZjLbx0KAg1QFRnoHVLWB%2BzojXko1cgPz8OnImY28IIVpX3JHuHa6YFbV%2BUKYo8Cdxv6o0ecpCQICHEvT6padxqPx9D%2Fay%2BxZZ0bcjxLOj9xtobjSz3HaYkFMZM%2FYl7xP"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 8a7b57267cfeaae2-YYZ alt-svc h3=":443"; ma=86400 expires Tue, 23 Jul 2024 21:48:17 GMT
GET H3	200	xiejapa9l821c8785gfrxhvejr4tm.js Show response wws.fcddlloonline.cyou/js/	876 KB 232 KB	46ms 39ms	Script application/javascript	104.21.32.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wws.fcddlloonline.cyou/js/xiejapa9l821c8785gfrxhvejr4tm.js Requested by Host: wws.fcddlloonline.cyou URL: https://wws.fcddlloonline.cyou/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.32.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f04a31792d9b96a99f125ef9a48f285d84309daa1d1993e3ecaea25e2a641d5c Request headers Referer https://wws.fcddlloonline.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 23 Jul 2024 11:30:47 GMT content-encoding gzip cf-cache-status HIT last-modified Mon, 22 Jul 2024 00:12:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 6150 etag W/"669da3d2-daeb2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKhkEI%2F9J%2BceCXnIsYO%2FNGhWu5OGBrccW1kmMIbHSKG50EfJqyCzokXlVTU1chWrLNnu%2F29Hn681pv9xiRherCEggKAWWs9Mui5Hkv3Nt6IxOSIKUMXaB%2BsNH850vioRRcYjft822j4O"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=43200 cf-ray 8a7b57267cffaae2-YYZ alt-svc h3=":443"; ma=86400 expires Tue, 23 Jul 2024 21:48:17 GMT
GET H2	200	/ Show response api.ipify.org/	30 B 165 B	585ms 45ms	Script application/javascript	104.26.12.205 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=jsonp&callback=getIP Requested by Host: wws.fcddlloonline.cyou URL: https://wws.fcddlloonline.cyou/js/xiejapa9l821c8785gfrxhvejr4tm.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 226a79ddb85a72a4ff26c3d4587255cd5f2799180e60fe83cd78e16300d06300 Request headers Referer https://wws.fcddlloonline.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Tue, 23 Jul 2024 11:30:48 GMT cf-cache-status DYNAMIC server cloudflare cf-ray 8a7b572e494aac82-YYZ content-length 30 vary Origin content-type application/javascript
GET H3	200	ws.php Show response wws.fcddlloonline.cyou/	54 B 477 B	245ms 243ms	XHR text/html	104.21.32.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wws.fcddlloonline.cyou/ws.php Requested by Host: wws.fcddlloonline.cyou URL: https://wws.fcddlloonline.cyou/js/xiejapa9l821c8785gfrxhvejr4tm.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.32.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 98706831bc8c669bb6736cac54a0ce3fe01618a7e1aaddbf7d4eb13f423b18f4 Request headers Referer https://wws.fcddlloonline.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 23 Jul 2024 11:30:49 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3K2AJuBK0EFGcxz3SJ2AL6OTtkayQueg69vUAfUm8HHEuWRnW3oz96OFWM%2B5qa1CaUIwNfswrkdNiSY4%2FowTAUda75ssSCd97mO2ePvk2BgkbbakETXqKfYUB43lI8%2BhEpUzJ%2FGGAlu7"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 8a7b572fdb5faae2-YYZ alt-svc h3=":443"; ma=86400
GET H3	404	favicon.ico wws.fcddlloonline.cyou/	548 B 564 B	373ms 369ms	Other text/html	104.21.32.78 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wws.fcddlloonline.cyou/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.32.78 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090 Request headers Referer https://wws.fcddlloonline.cyou/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 23 Jul 2024 11:30:49 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TAm9fLSqbXq%2FHsf31OZiHTD50BOqi%2BT4%2BcRGwcuxBeL6qX1%2BNC1Wx3Q%2FnYEYVpnL4BeVYvdsXMKRdX3t7KWuX3kfsNA9WXWk0QFYmUADqbBYE6c5B77X1JGJRqhDU9C1srQHWZbCbhc2"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 8a7b57301b85aae2-YYZ alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	85 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	9 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash cfe98dded3a1890e270fbe6db7e700787ef3a099bfff5b29378a098875e926a2 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _0x159491 function| QRCode function| rovbhdbvbmytwyzjhvgh function| guid function| getLocation string| clientip function| getIP function| _0x4e61 function| sock function| qrcode function| qrcode2 function| _0xca20 function| refreshqrcode function| _0x43edb9 function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://wws.fcddlloonline.cyou/js/xiejapa9l821c8785gfrxhvejr4tm.js(Line 11465) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.ipify.org/?format=jsonp&callback=getIP, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://wws.fcddlloonline.cyou/js/xiejapa9l821c8785gfrxhvejr4tm.js(Line 11465) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.ipify.org/?format=jsonp&callback=getIP, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://wws.fcddlloonline.cyou/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
wws.fcddlloonline.cyou
104.21.32.78
104.26.12.205
226a79ddb85a72a4ff26c3d4587255cd5f2799180e60fe83cd78e16300d06300
3d70239c215961ece3344d0360f15ff9621567f50a84e2d58fbdbecbb9f0b934
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
98706831bc8c669bb6736cac54a0ce3fe01618a7e1aaddbf7d4eb13f423b18f4
a293eaca6cd90b2f7817469a1e65379e9f91af5687aeb6b20723e5304c8326af
cfe98dded3a1890e270fbe6db7e700787ef3a099bfff5b29378a098875e926a2
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
f04a31792d9b96a99f125ef9a48f285d84309daa1d1993e3ecaea25e2a641d5c