![](/screenshots/786d1acf-9595-491e-8b24-155ac2db1614.png)
wss.ryuhc28xvskd.top
Open in
urlscan Pro
2606:4700:3033::ac43:a459
Malicious Activity!
Public Scan
Submission: On March 04 via api from US — Scanned from DE
Summary
This is the only time wss.ryuhc28xvskd.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 2606:4700:303... 2606:4700:3033::ac43:a459 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 42.101.56.49 42.101.56.49 | 137698 (CHINATELE...) (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province) | |
13 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
ryuhc28xvskd.top
wss.ryuhc28xvskd.top |
146 KB |
1 |
bdimg.com
apps.bdimg.com — Cisco Umbrella Rank: 148374 |
29 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
12 | wss.ryuhc28xvskd.top |
wss.ryuhc28xvskd.top
apps.bdimg.com |
1 | apps.bdimg.com |
wss.ryuhc28xvskd.top
|
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
baidu.com GlobalSign RSA OV SSL CA 2018 |
2023-07-06 - 2024-08-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://wss.ryuhc28xvskd.top/
Frame ID: 9523233A716CB4682296C4C5C2067DFE
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
wss.ryuhc28xvskd.top/ |
652 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FiOMeHzEbx.js
wss.ryuhc28xvskd.top/static/ |
27 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
apps.bdimg.com/libs/jquery/2.1.4/ |
82 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MIDXduRgKy.css
wss.ryuhc28xvskd.top/static/ |
210 KB 58 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LaFSpipIXXqdM.css
wss.ryuhc28xvskd.top/static/ |
189 KB 66 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ksXZTlukO.js
wss.ryuhc28xvskd.top/static/ |
6 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getcode
wss.ryuhc28xvskd.top/ |
26 B 723 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getcode
wss.ryuhc28xvskd.top/ |
245 B 923 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getcode
wss.ryuhc28xvskd.top/ |
245 B 933 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getcode
wss.ryuhc28xvskd.top/ |
245 B 927 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getcode
wss.ryuhc28xvskd.top/ |
245 B 931 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getcode
wss.ryuhc28xvskd.top/ |
245 B 923 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getcode
wss.ryuhc28xvskd.top/ |
245 B 921 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| qrcanvas function| $ function| jQuery function| getUserKey string| UserKey number| askTask function| req0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apps.bdimg.com
wss.ryuhc28xvskd.top
2606:4700:3033::ac43:a459
42.101.56.49
1ff2478c246426d32966dae98bba49bbd6d644762380f751c0d534c267668e70
4d2350585327423ca32a7b6d69622759dca739e341632332291b34a6a1e4b6d9
54cac6d3891780bda453d22e23feb7ec365659a9edd860f347aaec7bb8559fb8
661a0f533ab2f6d43f77dcd2c7cd06a2c83bc8e9238dd1b131a95b2bfd1a8470
81fa8bbdf7838fda937deb74cfccc74926f8439038713503972c1d35271f1d0e
c1e6ba0b1d38ab9b7fe2f8e96e222afde80b494219bc952f31c269dee5f2854e
cd9959f68bd94d00aa95521e87f6c7b94f5d21fafa5715eccc74869eac224bb2
de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f