www.sdsdeeertewwedd.cyou Open in urlscan Pro
154.91.91.16 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.sdsdeeertewwedd.cyou/
Submission: On December 15 via api (December 15th 2023, 6:08:02 am UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 154.91.91.16, located in Seychelles and belongs to TERAEXCH, US. The main domain is www.sdsdeeertewwedd.cyou.

This is the only time www.sdsdeeertewwedd.cyou was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
8	154.91.91.16 154.91.91.16	399077 (TERAEXCH) (TERAEXCH)
1	171.107.86.49 171.107.86.49	137693 (CHINATELE...) (CHINATELECOM-GUANGXI-NANNING-IDC CHINATELECOM Guangxi Nanning IDC networkdescr: NanningGuangxi Province)
9	2

8 154.91.91.16 (Seychelles)

ASN399077 (TERAEXCH, US)

www.sdsdeeertewwedd.cyou	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 171.107.86.49 (Nanning, China)

ASN137693 (CHINATELECOM-GUANGXI-NANNING-IDC CHINATELECOM Guangxi Nanning IDC networkdescr: NanningGuangxi Province, P.R.China., CN)

apps.bdimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	sdsdeeertewwedd.cyou www.sdsdeeertewwedd.cyou	139 KB
1	bdimg.com apps.bdimg.com — Cisco Umbrella Rank: 143457	29 KB
9	2

	Domain	Requested by
8	www.sdsdeeertewwedd.cyou	www.sdsdeeertewwedd.cyou apps.bdimg.com
1	apps.bdimg.com	www.sdsdeeertewwedd.cyou
9	2

This site contains no links.

Subject Issuer	Validity	Valid
baidu.com GlobalSign RSA OV SSL CA 2018	`2023-07-06` - `2024-08-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://www.sdsdeeertewwedd.cyou/
Frame ID: CAFF8B34C07D991C23C83D38DF4D464C
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

11 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

168 kB
Transfer

511 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.sdsdeeertewwedd.cyou/	1 KB 908 B	5931ms 4532ms	Document text/html	154.91.91.16 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.sdsdeeertewwedd.cyou/ Protocol HTTP/1.1 Server 154.91.91.16 , Seychelles, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash `782b1469692d0e835fb8d51a0905b566ac9854b2f3ed6ca7410293e2a8be534f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html Date Fri, 15 Dec 2023 06:07:54 GMT ETag W/"657b18f4-489" Last-Modified Thu, 14 Dec 2023 15:02:12 GMT Server NgxFence Transfer-Encoding chunked Vary Accept-Encoding X-Cache DYNAMIC
GET H/1.1	200 OK	qrcanvas.js Show response www.sdsdeeertewwedd.cyou/cache/	27 KB 11 KB	325ms 324ms	Script application/javascript	154.91.91.16 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.sdsdeeertewwedd.cyou/cache/qrcanvas.js Requested by Host: www.sdsdeeertewwedd.cyou URL: http://www.sdsdeeertewwedd.cyou/ Protocol HTTP/1.1 Server 154.91.91.16 , Seychelles, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash `54cac6d3891780bda453d22e23feb7ec365659a9edd860f347aaec7bb8559fb8` Request headers accept-language de-DE,de;q=0.9 Referer http://www.sdsdeeertewwedd.cyou/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 15 Dec 2023 06:07:55 GMT Content-Encoding gzip Last-Modified Wed, 18 Oct 2023 02:42:10 GMT Server NgxFence ETag W/"652f4602-6d8e" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript X-Cache SCARCE Connection keep-alive
GET H2	200	jquery.min.js Show response apps.bdimg.com/libs/jquery/2.1.4/	82 KB 29 KB	2267ms 273ms	Script application/x-javascript	171.107.86.49 CHINATELECOM-GUAN...
General Check archive.org Show headers Download Go to Full URL https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js Requested by Host: www.sdsdeeertewwedd.cyou URL: http://www.sdsdeeertewwedd.cyou/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 171.107.86.49 Nanning, China, ASN137693 (CHINATELECOM-GUANGXI-NANNING-IDC CHINATELECOM Guangxi Nanning IDC networkdescr: NanningGuangxi Province, P.R.China., CN), Reverse DNS Software JSP3/2.0.14 / Resource Hash `de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f` Request headers accept-language de-DE,de;q=0.9 Referer http://www.sdsdeeertewwedd.cyou/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Fri, 15 Dec 2023 06:07:57 GMT content-encoding gzip ohc-cache-hit nn4ct50 [2], hsctcache66 [2] ohc-response-time 1 0 0 0 0 0 last-modified Wed, 03 Jun 2015 05:58:22 GMT server JSP3/2.0.14 age 1554879 vary Accept-Encoding content-type application/x-javascript cache-control max-age=2592000 accept-ranges bytes ohc-global-saved-time Mon, 27 Nov 2023 03:23:58 GMT expires Wed, 27 Dec 2023 03:23:58 GMT
GET H/1.1	200 OK	stylex-8caac98133ee6a23e652b43a755ba651.css www.sdsdeeertewwedd.cyou/cache/	206 KB 57 KB	1296ms 1295ms	Stylesheet text/css	154.91.91.16 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.sdsdeeertewwedd.cyou/cache/stylex-8caac98133ee6a23e652b43a755ba651.css Requested by Host: www.sdsdeeertewwedd.cyou URL: http://www.sdsdeeertewwedd.cyou/ Protocol HTTP/1.1 Server 154.91.91.16 , Seychelles, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash `f25582f98aa21ace8f2c46da6c0623629493de7a460d93b33ad311c0994a2d5f` Request headers accept-language de-DE,de;q=0.9 Referer http://www.sdsdeeertewwedd.cyou/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 15 Dec 2023 06:07:56 GMT Content-Encoding gzip Last-Modified Sun, 08 Oct 2023 13:59:29 GMT Server NgxFence ETag W/"6522b5c1-3392e" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css X-Cache SCARCE Connection keep-alive
GET H/1.1	200 OK	app-fa65d92408e2774c8730.css www.sdsdeeertewwedd.cyou/cache/	188 KB 65 KB	1451ms 1292ms	Stylesheet text/css	154.91.91.16 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.sdsdeeertewwedd.cyou/cache/app-fa65d92408e2774c8730.css Requested by Host: www.sdsdeeertewwedd.cyou URL: http://www.sdsdeeertewwedd.cyou/ Protocol HTTP/1.1 Server 154.91.91.16 , Seychelles, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash `6508d54b56a914b04811707f2736c8813ac4763de9c9e3a387f479d15c59ef7f` Request headers accept-language de-DE,de;q=0.9 Referer http://www.sdsdeeertewwedd.cyou/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 15 Dec 2023 06:07:56 GMT Content-Encoding gzip Last-Modified Sun, 08 Oct 2023 13:59:29 GMT Server NgxFence ETag W/"6522b5c1-2ef7a" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css X-Cache SCARCE Connection keep-alive
GET H/1.1	200 OK	2djdbe.js Show response www.sdsdeeertewwedd.cyou/cache/	5 KB 3 KB	1463ms 1304ms	Script application/javascript	154.91.91.16 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.sdsdeeertewwedd.cyou/cache/2djdbe.js Requested by Host: www.sdsdeeertewwedd.cyou URL: http://www.sdsdeeertewwedd.cyou/ Protocol HTTP/1.1 Server 154.91.91.16 , Seychelles, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash `50e6b16f281ded147177c9d3108ca626f40858a0bfb4eaf65e618c2ac6e89bc6` Request headers accept-language de-DE,de;q=0.9 Referer http://www.sdsdeeertewwedd.cyou/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 15 Dec 2023 06:07:56 GMT Content-Encoding gzip Last-Modified Thu, 14 Dec 2023 15:00:55 GMT Server NgxFence ETag W/"657b18a7-13b6" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript X-Cache SCARCE Connection keep-alive
GET H/1.1	200 OK	q6aeQAJtRUhvqX1OAnUDDeVlyCZIl1x Show response www.sdsdeeertewwedd.cyou/getQrcode/	237 B 448 B	314ms 314ms	XHR application/json	154.91.91.16 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.sdsdeeertewwedd.cyou/getQrcode/q6aeQAJtRUhvqX1OAnUDDeVlyCZIl1x Requested by Host: apps.bdimg.com URL: https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js Protocol HTTP/1.1 Server 154.91.91.16 , Seychelles, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash `6c0302d2e8ae4618ac1e58e8017bf1d5912401f008ecf1e949ca4a497be915da` Request headers Accept / Referer http://www.sdsdeeertewwedd.cyou/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 15 Dec 2023 06:07:58 GMT Content-Encoding gzip Server NgxFence Connection keep-alive Transfer-Encoding chunked X-Cache DYNAMIC Content-Type application/json
GET H/1.1	200 OK	q6aeQAJtRUhvqX1OAnUDDeVlyCZIl1x Show response www.sdsdeeertewwedd.cyou/getQrcode/	237 B 448 B	318ms 318ms	XHR application/json	154.91.91.16 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.sdsdeeertewwedd.cyou/getQrcode/q6aeQAJtRUhvqX1OAnUDDeVlyCZIl1x Requested by Host: apps.bdimg.com URL: https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js Protocol HTTP/1.1 Server 154.91.91.16 , Seychelles, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash `6c0302d2e8ae4618ac1e58e8017bf1d5912401f008ecf1e949ca4a497be915da` Request headers Accept / Referer http://www.sdsdeeertewwedd.cyou/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 15 Dec 2023 06:08:00 GMT Content-Encoding gzip Server NgxFence Connection keep-alive Transfer-Encoding chunked X-Cache DYNAMIC Content-Type application/json
GET H/1.1	200 OK	q6aeQAJtRUhvqX1OAnUDDeVlyCZIl1x Show response www.sdsdeeertewwedd.cyou/getQrcode/	237 B 448 B	316ms 316ms	XHR application/json	154.91.91.16 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.sdsdeeertewwedd.cyou/getQrcode/q6aeQAJtRUhvqX1OAnUDDeVlyCZIl1x Requested by Host: apps.bdimg.com URL: https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js Protocol HTTP/1.1 Server 154.91.91.16 , Seychelles, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash `6c0302d2e8ae4618ac1e58e8017bf1d5912401f008ecf1e949ca4a497be915da` Request headers Accept / Referer http://www.sdsdeeertewwedd.cyou/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Fri, 15 Dec 2023 06:08:01 GMT Content-Encoding gzip Server NgxFence Connection keep-alive Transfer-Encoding chunked X-Cache DYNAMIC Content-Type application/json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apps.bdimg.com
www.sdsdeeertewwedd.cyou
154.91.91.16
171.107.86.49
50e6b16f281ded147177c9d3108ca626f40858a0bfb4eaf65e618c2ac6e89bc6
54cac6d3891780bda453d22e23feb7ec365659a9edd860f347aaec7bb8559fb8
6508d54b56a914b04811707f2736c8813ac4763de9c9e3a387f479d15c59ef7f
6c0302d2e8ae4618ac1e58e8017bf1d5912401f008ecf1e949ca4a497be915da
782b1469692d0e835fb8d51a0905b566ac9854b2f3ed6ca7410293e2a8be534f
de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f
f25582f98aa21ace8f2c46da6c0623629493de7a460d93b33ad311c0994a2d5f

www.sdsdeeertewwedd.cyou Open in urlscan Pro 154.91.91.16 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

11 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

168 kBTransfer

511 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

Indicators

www.sdsdeeertewwedd.cyou Open in urlscan Pro
154.91.91.16 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

11 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

168 kB
Transfer

511 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!