was.f57a898a.cyou Open in urlscan Pro
172.67.198.46 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://was.f57a898a.cyou/
Submission: On May 16 via api (May 16th 2024, 12:18:08 pm UTC) from US — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 172.67.198.46, located in United States and belongs to CLOUDFLARENET, US. The main domain is was.f57a898a.cyou.
TLS certificate: Issued by GTS CA 1P5 on May 16th 2024. Valid for: 3 months.

This is the only time was.f57a898a.cyou was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
10	172.67.198.46 172.67.198.46	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	14.215.183.79 14.215.183.79	4134 (CHINANET-...) (CHINANET-BACKBONE No.31)
12	3

10 172.67.198.46 (United States)

ASN13335 (CLOUDFLARENET, US)

was.f57a898a.cyou	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 14.215.183.79 (Guangzhou, China)

ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN)

hm.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	f57a898a.cyou was.f57a898a.cyou	88 KB
2	baidu.com hm.baidu.com — Cisco Umbrella Rank: 10507	12 KB
12	2

	Domain	Requested by
10	was.f57a898a.cyou	was.f57a898a.cyou
2	hm.baidu.com	was.f57a898a.cyou
12	2

This site contains no links.

Subject Issuer	Validity	Valid
f57a898a.cyou GTS CA 1P5	`2024-05-16` - `2024-08-14`	3 months	crt.sh
baidu.com GlobalSign RSA OV SSL CA 2018	`2023-07-06` - `2024-08-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://was.f57a898a.cyou/
Frame ID: FEA259BFEEDE45AC9F7F922DB3237D17
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

QR code Login

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Baidu Analytics (百度统计) (Analytics) Expand

Overall confidence: 100%
Detected patterns

hm\.baidu\.com/hm\.js

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

100 kB
Transfer

260 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
was.f57a898a.cyou/ 1 KB
987 B 577ms
544ms Document
text/html 172.67.198.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://was.f57a898a.cyou/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09c32babe79dc9e415b8e16c76b54bfe33e69117b5ffeff918e3925ee24f941f

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 884b4edd2ce16940-FRA
content-encoding: br
content-type: text/html
date: Thu, 16 May 2024 12:18:02 GMT
last-modified: Thu, 16 May 2024 09:29:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qROvsJW0RiP%2BRcT6c70ijF9DYn%2BDJCDPmbLh2CI%2FnJgiQWzvmAmU3n3EGI5xvpxi1XBfp%2FO3tDgKufTUOMwZUyXaZW%2FmGONecZ4l%2FUj5KK4MbSy4ehrPolsPyYqmoJpQgH6JQw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 b81f3f69.css
was.f57a898a.cyou/static/css/ 1 KB
898 B 557ms
556ms Stylesheet
text/css 172.67.198.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://was.f57a898a.cyou/static/css/b81f3f69.css
Requested by: Host: was.f57a898a.cyou
URL: https://was.f57a898a.cyou/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 759dc14a647618bcae5099437c89998c28a2828fd56784bf1ce88edea1c037fa

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 12:18:03 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 15 May 2024 16:27:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6644e283-47e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=soeD8%2BJZooQkb8%2F1NP%2FiOz9bRne6ZgVg3hpA4JDL40TQCfvNzOV8VU9b5vbAzvdkBRGgzdzuqQgAI9pU%2B5Z%2FIrGpOjuTxYa%2BvIAVr%2B49UR69G%2By2m5QloqwzhFRIT1%2FS0rkLbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 884b4ee098fe6940-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 ed74c755.css
was.f57a898a.cyou/static/css/ 10 KB
3 KB 557ms
557ms Stylesheet
text/css 172.67.198.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://was.f57a898a.cyou/static/css/ed74c755.css
Requested by: Host: was.f57a898a.cyou
URL: https://was.f57a898a.cyou/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ad47184b37f307576748d5c619b3c760fc87ecb0f7916b5b427e1a30a0fd25c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 12:18:03 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 15 May 2024 16:27:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6644e284-29a4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OyMydjuK%2BmGj%2BK1epp4Z39HIyszU5Jv1JQs26VPLTDNlRMm8%2B%2Bwi%2BAQTeo9PEVoGJBTB%2F64gqtd4UBSUZyj5tRn2zGt2j%2BGwRvj%2Bgav%2BsCRkw5yXDfYbiySuTaU4U8Ol59loBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 884b4ee099006940-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 a899471b.js Show response
was.f57a898a.cyou/static/js/ 167 KB
66 KB 834ms
833ms Script
application/javascript 172.67.198.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://was.f57a898a.cyou/static/js/a899471b.js
Requested by: Host: was.f57a898a.cyou
URL: https://was.f57a898a.cyou/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03515ff6274c03aee3c157d9a9c08c23f07516b8b10c7c46966acc82689ce4f8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 12:18:03 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 15 May 2024 16:27:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6644e284-29cf7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oOI5o1nQAqCwh%2FuUVbWrn5wFwh7c1tAKfK3PmXTzh469OpSu7k9%2B8nz2DRzLLs0JSt7lltimXlzIPJKjq%2F7w9XXa574yTPodHcQ4RHYfS65gXxw3B2u%2B%2FEn43xppVrIID1skcg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 884b4ee099016940-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 e8471e85.js Show response
was.f57a898a.cyou/static/js/ 5 KB
3 KB 558ms
558ms Script
application/javascript 172.67.198.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://was.f57a898a.cyou/static/js/e8471e85.js
Requested by: Host: was.f57a898a.cyou
URL: https://was.f57a898a.cyou/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76cd766147743924f460ba618e23f4175c469d71c4dd15639d21ea1a47a025a3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 12:18:03 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 15 May 2024 16:27:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6644e285-15af"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iG4gqFpadsoOEovedlEfzUomdnB6WJlsDd7ubZFCSL9l7MwisjJiKPQ%2FQDoKTYBm%2FwJmB5Tc8gGFkzJT68vmEdJctN1eLBFg6zCIT1KlAeatuOgDqd6JVCkS4yJnxv97OWBPEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 884b4ee099036940-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 8cb0399b.css
was.f57a898a.cyou/static/css/ 0
623 B 544ms
544ms Other
text/css 172.67.198.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://was.f57a898a.cyou/static/css/8cb0399b.css
Requested by: Host: was.f57a898a.cyou
URL: https://was.f57a898a.cyou/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 12:18:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 15 May 2024 16:27:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6644e283-16f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D6RaaNlmlwjvEYYQHaiOCpub0vOVI2m%2BBNi5xADf%2BFrtwEwrm7D1E%2FiwYb%2Fn4xjPMeB6Si5OoNcOr2tT5PpSyE494%2B%2F4ty2N5Bv0mnM20mPiLTFYeRfT7C1P58jkr81rAMQ%2FwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 884b4ee0b9186940-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 8c0954ab.js
was.f57a898a.cyou/static/js/ 0
963 B 554ms
553ms Other
application/javascript 172.67.198.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://was.f57a898a.cyou/static/js/8c0954ab.js
Requested by: Host: was.f57a898a.cyou
URL: https://was.f57a898a.cyou/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 12:18:03 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 15 May 2024 16:27:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6644e284-2f5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qRAqm%2F6fibc6XPn%2BnxKfh0qYqqn9juj01EQSuf922lyy5bGGRwkbRYiNe874Ug%2BAmFQO1mMcJsoSOQb6SiXEMRe7N373TmZidqnsYu%2FBwep%2BxRhBgVDb9Z1f52fAQcob%2FtueZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 884b4ee0b91c6940-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 903eaea6.js
was.f57a898a.cyou/static/js/ 0
11 KB 558ms
558ms Other
application/javascript 172.67.198.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://was.f57a898a.cyou/static/js/903eaea6.js
Requested by: Host: was.f57a898a.cyou
URL: https://was.f57a898a.cyou/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 12:18:03 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 15 May 2024 16:27:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6644e284-6772"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qDfuvvQz31T22g47%2FAUmoKa8BKvjIivcq8qoX%2BZaR960KWPKoItUCgUDckhxqFDriFm7lASh8SRLV7rKuiLu%2Fm51aqCcWE0kc125Dz6vjKE6zeWrxV6CiXMmer49vYOGe46Qsg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 884b4ee0b9206940-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 903eaea6.js Show response
was.f57a898a.cyou/static/js/ 26 KB
0 0ms
0ms Script
application/javascript 172.67.198.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://was.f57a898a.cyou/static/js/903eaea6.js
Requested by: Host: was.f57a898a.cyou
URL: https://was.f57a898a.cyou/static/js/e8471e85.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59ab3d479dee77578bdb9372496b27f252b8001f3373061a8d609d39e9bc5392

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 12:18:03 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 15 May 2024 16:27:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6644e284-6772"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qDfuvvQz31T22g47%2FAUmoKa8BKvjIivcq8qoX%2BZaR960KWPKoItUCgUDckhxqFDriFm7lASh8SRLV7rKuiLu%2Fm51aqCcWE0kc125Dz6vjKE6zeWrxV6CiXMmer49vYOGe46Qsg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 884b4ee0b9206940-FRA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 29 KB
12 KB 689ms
274ms Script
application/javascript 14.215.183.79
CHINANET-BACKBONE...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?b0fabc7d388be3dfc4a66fbccea4cf8e

Requested by

Host: was.f57a898a.cyou
URL: https://was.f57a898a.cyou/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

14.215.183.79 Guangzhou, China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),

Reverse DNS

Software

apache /

Resource Hash

830527e1e6921340beea062282f6901b653946ce7305b81d6172656550f09716

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 16 May 2024 12:18:04 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=172800
Server: apache
Etag: 382e9f5538959ab54d3ec94d4f346099
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: application/javascript
Cache-Control: max-age=0, must-revalidate
Content-Length: 11265

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 288ms
288ms Image
image/gif 14.215.183.79
CHINANET-BACKBONE...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=de-de&lo=0&rnd=2116742007&si=b0fabc7d388be3dfc4a66fbccea4cf8e&v=1.3.0&lv=1&sn=24515&r=0&ww=1600&u=https%3A%2F%2Fwas.f57a898a.cyou%2F&tt=QR%20code%20Login

Requested by

Host: was.f57a898a.cyou
URL: https://was.f57a898a.cyou/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

14.215.183.79 Guangzhou, China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Pragma: no-cache
Date: Thu, 16 May 2024 12:18:05 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
Server: apache
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a385ce0ec5db4cb31eeaa6b8adbf3e00fd9c481d2b5803ebb12f8108a85ea4bc

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 favicon.ico
was.f57a898a.cyou/ 787 B
1 KB 546ms
545ms Other
image/x-icon 172.67.198.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://was.f57a898a.cyou/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.46 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0cadf240e89340b93df35240e7809039c1c574be05fbe2cf3243e2f487bc9ec

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://was.f57a898a.cyou/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 16 May 2024 12:18:05 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 15 May 2024 16:27:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6644e283-313"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2Fymy39dNGqxJWRREq7UEXEwvtfoYWLU8MM3cXJRnQ3PWzPMfvoU2EKpXqHxQeBP3XoFj7k1R6COc9TlJ6WQuFLKB8M3j8ZzvHXqmS2lPL8479Sacnzer7H8tzjdxwVVb%2Bu4IA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: max-age=14400
cf-ray: 884b4eeeb9946940-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3692080df16c06eecae7d465de99396ca44291d8ec8d48da2fbd0fd2ad43831

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hm.baidu.com/	1970-01-21 06:13:41	Name: HMACCOUNT_BFESS Value: 8B0755D277EA43F1
.was.f57a898a.cyou/	1970-01-21 05:23:17	Name: Hm_lvt_b0fabc7d388be3dfc4a66fbccea4cf8e Value: 1715861885
.was.f57a898a.cyou/	1969-12-31 23:59:59	Name: Hm_lpvt_b0fabc7d388be3dfc4a66fbccea4cf8e Value: 1715861885

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://was.f57a898a.cyou/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://was.f57a898a.cyou/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hm.baidu.com
was.f57a898a.cyou
14.215.183.79
172.67.198.46
03515ff6274c03aee3c157d9a9c08c23f07516b8b10c7c46966acc82689ce4f8
09c32babe79dc9e415b8e16c76b54bfe33e69117b5ffeff918e3925ee24f941f
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
59ab3d479dee77578bdb9372496b27f252b8001f3373061a8d609d39e9bc5392
6ad47184b37f307576748d5c619b3c760fc87ecb0f7916b5b427e1a30a0fd25c
759dc14a647618bcae5099437c89998c28a2828fd56784bf1ce88edea1c037fa
76cd766147743924f460ba618e23f4175c469d71c4dd15639d21ea1a47a025a3
830527e1e6921340beea062282f6901b653946ce7305b81d6172656550f09716
a385ce0ec5db4cb31eeaa6b8adbf3e00fd9c481d2b5803ebb12f8108a85ea4bc
b3692080df16c06eecae7d465de99396ca44291d8ec8d48da2fbd0fd2ad43831
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0cadf240e89340b93df35240e7809039c1c574be05fbe2cf3243e2f487bc9ec
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

was.f57a898a.cyou Open in urlscan Pro 172.67.198.46 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

100 kBTransfer

260 kBSize

3 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

was.f57a898a.cyou Open in urlscan Pro
172.67.198.46 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

100 kB
Transfer

260 kB
Size

3
Cookies

12 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!