www.hwbwuhcnebw.cyou Open in urlscan Pro
156.251.51.125  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response www.hwbwuhcnebw.cyou/	11 KB 5 KB	3117ms 1444ms	Document text/html	156.251.51.125 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.hwbwuhcnebw.cyou/ Protocol HTTP/1.1 Server 156.251.51.125 , Hong Kong, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash 63a6324730878d231b18a2d8328ba1f277ffa2627bc699d5cd20842d5c2dd18d Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html Date Thu, 14 Dec 2023 04:14:30 GMT ETag W/"655ccc7d-2b93" Last-Modified Tue, 21 Nov 2023 15:27:57 GMT Server NgxFence Transfer-Encoding chunked Vary Accept-Encoding X-Cache DYNAMIC
GET H/1.1	200 OK	qrcanvas.js Show response www.hwbwuhcnebw.cyou/WhatsApp_files/	27 KB 11 KB	1475ms 1474ms	Script application/javascript	156.251.51.125 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.hwbwuhcnebw.cyou/WhatsApp_files/qrcanvas.js Requested by Host: www.hwbwuhcnebw.cyou URL: http://www.hwbwuhcnebw.cyou/ Protocol HTTP/1.1 Server 156.251.51.125 , Hong Kong, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash 54cac6d3891780bda453d22e23feb7ec365659a9edd860f347aaec7bb8559fb8 Request headers accept-language de-DE,de;q=0.9 Referer http://www.hwbwuhcnebw.cyou/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Thu, 14 Dec 2023 04:14:32 GMT Content-Encoding gzip Last-Modified Wed, 18 Oct 2023 02:42:10 GMT Server NgxFence ETag W/"652f4602-6d8e" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript X-Cache HIT Connection keep-alive
GET H2	200	jquery.min.js Show response apps.bdimg.com/libs/jquery/2.1.4/	82 KB 30 KB	1417ms 232ms	Script application/x-javascript	182.106.158.49 CHINANET-JIANGXI-...
General Check archive.org Show headers Download Go to Full URL https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js Requested by Host: www.hwbwuhcnebw.cyou URL: http://www.hwbwuhcnebw.cyou/ Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 182.106.158.49 , China, ASN139201 (CHINANET-JIANGXI-JIUJIANG-IDC Jiangxi Jiujiang IDC, CN), Reverse DNS Software JSP3/2.0.14 / Resource Hash de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f Request headers accept-language de-DE,de;q=0.9 Referer http://www.hwbwuhcnebw.cyou/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Thu, 14 Dec 2023 04:14:31 GMT content-encoding br ohc-cache-hit jjct70 [2], nb2ctcache82 [2] ohc-response-time 1 0 0 0 0 0 last-modified Wed, 03 Jun 2015 05:58:22 GMT server JSP3/2.0.14 age 1534835 etag "556e977e-1497d" vary Accept-Encoding content-type application/x-javascript cache-control max-age=2592000 accept-ranges bytes ohc-global-saved-time Tue, 21 Nov 2023 13:03:04 GMT expires Thu, 21 Dec 2023 13:03:04 GMT
GET H/1.1	200 OK	stylex-78362865fe737af91c1b6708c1154e55.css www.hwbwuhcnebw.cyou/WhatsApp_files/	217 KB 60 KB	239ms 238ms	Stylesheet text/css	156.251.51.125 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.hwbwuhcnebw.cyou/WhatsApp_files/stylex-78362865fe737af91c1b6708c1154e55.css Requested by Host: www.hwbwuhcnebw.cyou URL: http://www.hwbwuhcnebw.cyou/ Protocol HTTP/1.1 Server 156.251.51.125 , Hong Kong, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash 2856f58ef2506258d4639756eb996549e579718b7627c586fef69e95dc5f0bbb Request headers accept-language de-DE,de;q=0.9 Referer http://www.hwbwuhcnebw.cyou/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Thu, 14 Dec 2023 04:14:30 GMT Content-Encoding gzip Last-Modified Tue, 21 Nov 2023 14:50:10 GMT Server NgxFence ETag W/"655cc3a2-365f0" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css X-Cache HIT Connection keep-alive
GET H/1.1	200 OK	app-aebebea9805bd83631c5.css www.hwbwuhcnebw.cyou/WhatsApp_files/	187 KB 65 KB	1352ms 1161ms	Stylesheet text/css	156.251.51.125 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.hwbwuhcnebw.cyou/WhatsApp_files/app-aebebea9805bd83631c5.css Requested by Host: www.hwbwuhcnebw.cyou URL: http://www.hwbwuhcnebw.cyou/ Protocol HTTP/1.1 Server 156.251.51.125 , Hong Kong, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash af322d9a07fbb51143e188c00c8d0dfe297d28dc483cc8bb1f1fd2be006cf6ca Request headers accept-language de-DE,de;q=0.9 Referer http://www.hwbwuhcnebw.cyou/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Thu, 14 Dec 2023 04:14:31 GMT Content-Encoding gzip Last-Modified Tue, 21 Nov 2023 14:50:11 GMT Server NgxFence ETag W/"655cc3a3-2eab6" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css X-Cache HIT Connection keep-alive
GET H/1.1	200 OK	3471642371131331638876727757 Show response www.hwbwuhcnebw.cyou/getQrcode/	237 B 448 B	202ms 202ms	XHR application/json	156.251.51.125 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.hwbwuhcnebw.cyou/getQrcode/3471642371131331638876727757 Requested by Host: apps.bdimg.com URL: https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js Protocol HTTP/1.1 Server 156.251.51.125 , Hong Kong, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash 2fb9a9327dc0626c5df3b7900cf6ff8f55018bd1a100279fc25b127df8827093 Request headers Accept */* Referer http://www.hwbwuhcnebw.cyou/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Thu, 14 Dec 2023 04:14:33 GMT Content-Encoding gzip Server NgxFence Connection keep-alive Transfer-Encoding chunked X-Cache DYNAMIC Content-Type application/json
GET H/1.1	200 OK	3471642371131331638876727757 Show response www.hwbwuhcnebw.cyou/getQrcode/	237 B 448 B	198ms 197ms	XHR application/json	156.251.51.125 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.hwbwuhcnebw.cyou/getQrcode/3471642371131331638876727757 Requested by Host: apps.bdimg.com URL: https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js Protocol HTTP/1.1 Server 156.251.51.125 , Hong Kong, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash 2fb9a9327dc0626c5df3b7900cf6ff8f55018bd1a100279fc25b127df8827093 Request headers Accept */* Referer http://www.hwbwuhcnebw.cyou/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Thu, 14 Dec 2023 04:14:34 GMT Content-Encoding gzip Server NgxFence Connection keep-alive Transfer-Encoding chunked X-Cache DYNAMIC Content-Type application/json
GET H/1.1	200 OK	3471642371131331638876727757 Show response www.hwbwuhcnebw.cyou/getQrcode/	237 B 448 B	197ms 197ms	XHR application/json	156.251.51.125 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.hwbwuhcnebw.cyou/getQrcode/3471642371131331638876727757 Requested by Host: apps.bdimg.com URL: https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js Protocol HTTP/1.1 Server 156.251.51.125 , Hong Kong, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash 2fb9a9327dc0626c5df3b7900cf6ff8f55018bd1a100279fc25b127df8827093 Request headers Accept */* Referer http://www.hwbwuhcnebw.cyou/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Thu, 14 Dec 2023 04:14:35 GMT Content-Encoding gzip Server NgxFence Connection keep-alive Transfer-Encoding chunked X-Cache DYNAMIC Content-Type application/json
GET H/1.1	200 OK	3471642371131331638876727757 Show response www.hwbwuhcnebw.cyou/getQrcode/	237 B 448 B	198ms 198ms	XHR application/json	156.251.51.125 TERAEXCH
General Check archive.org Show headers Download Go to Full URL http://www.hwbwuhcnebw.cyou/getQrcode/3471642371131331638876727757 Requested by Host: apps.bdimg.com URL: https://apps.bdimg.com/libs/jquery/2.1.4/jquery.min.js Protocol HTTP/1.1 Server 156.251.51.125 , Hong Kong, ASN399077 (TERAEXCH, US), Reverse DNS Software NgxFence / Resource Hash 2fb9a9327dc0626c5df3b7900cf6ff8f55018bd1a100279fc25b127df8827093 Request headers Accept */* Referer http://www.hwbwuhcnebw.cyou/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Thu, 14 Dec 2023 04:14:37 GMT Content-Encoding gzip Server NgxFence Connection keep-alive Transfer-Encoding chunked X-Cache DYNAMIC Content-Type application/json

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| qrcanvas function| $ function| jQuery function| getUserKey string| UserKey number| askTask function| req

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apps.bdimg.com
www.hwbwuhcnebw.cyou
156.251.51.125
182.106.158.49
2856f58ef2506258d4639756eb996549e579718b7627c586fef69e95dc5f0bbb
2fb9a9327dc0626c5df3b7900cf6ff8f55018bd1a100279fc25b127df8827093
54cac6d3891780bda453d22e23feb7ec365659a9edd860f347aaec7bb8559fb8
63a6324730878d231b18a2d8328ba1f277ffa2627bc699d5cd20842d5c2dd18d
af322d9a07fbb51143e188c00c8d0dfe297d28dc483cc8bb1f1fd2be006cf6ca
de4b3c3d1dc2506b6693f0f98884e1dc074cda9d66cab39b7b48a115fdfc4c0f