wehyj.cloud Open in urlscan Pro
2606:4700:3030::ac43:b48d Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://wehyj.cloud/
Submission Tags: https://phish.report @phish_report Search All
Submission: On August 01 via api (August 1st 2023, 4:13:34 pm UTC) from FI — Scanned from FI

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3030::ac43:b48d, located in United States and belongs to CLOUDFLARENET, US. The main domain is wehyj.cloud.
TLS certificate: Issued by GTS CA 1P5 on July 13th 2023. Valid for: 3 months.

This is the only time wehyj.cloud was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
12	2606:4700:303... 2606:4700:3030::ac43:b48d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3035::6815:c33	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2

12 2606:4700:3030::ac43:b48d (United States)

ASN13335 (CLOUDFLARENET, US)

wehyj.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:c33 (United States)

ASN13335 (CLOUDFLARENET, US)

ip.wkurg.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	wehyj.cloud wehyj.cloud	329 KB
1	wkurg.shop ip.wkurg.shop	573 B
13	2

	Domain	Requested by
12	wehyj.cloud	wehyj.cloud
1	ip.wkurg.shop	wehyj.cloud
13	2

This site contains links to these domains. Also see Links.

Domain
faq.whatsapp.com

Subject Issuer	Validity	Valid
wehyj.cloud GTS CA 1P5	`2023-07-13` - `2023-10-11`	3 months	crt.sh
wkurg.shop GTS CA 1P5	`2023-07-12` - `2023-10-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://wehyj.cloud/
Frame ID: B14080D38ABE24DD8E7F00CB0EEDD1E2
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

329 kB
Transfer

1195 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://faq.whatsapp.com/1317564962315842?lang=zh-CN
Title: 需要登录帮助吗？

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response wehyj.cloud/	17 KB 8 KB	740ms 651ms	Document text/html	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `705fa0a226fea04b923a4337a8fd1486c46719ef7c9515b8b99b9b994b88982b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7eff5e4a1f66d92e-HEL content-encoding br content-type text/html date Tue, 01 Aug 2023 16:13:26 GMT last-modified Thu, 13 Jul 2023 12:09:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yHoW%2BQnuKklzHLfJ0zRGvlw%2BpidYVl83OqWOorszvGtBhLSoQrmXn3ilixn4o%2BuOYmRUHaCBmj17%2BBfALkaVe47UmD39A0irIcGCHpC5M9uZQlD%2BnpAwPvtxJzuw%2FcxXmKSKrkwr9kzgCQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	stylex-eba885a6142b1cfdc599b6c746010a53.css wehyj.cloud/static/	177 KB 44 KB	732ms 730ms	Stylesheet text/css	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/static/stylex-eba885a6142b1cfdc599b6c746010a53.css Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2881b3d821d66ea96e5548ce3293ad430f789a536c6c8a24b2bdb799009758d9` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:26 GMT content-encoding br cf-cache-status REVALIDATED last-modified Wed, 05 Jul 2023 06:00:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64a506f4-2c27b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4DmdqzD06ax%2FEJAN%2FgOP7P6nY5vMCmfVhDw10Kib1CdLxoMkvcbXN3UYJ%2B4peVkGwe0YYi%2FJH3WZieW%2F3DC1uDZZUN434riZoLNDEeuUVgtRZDay0cVnGbfhD9pkpgyjOgWApxpgKGUiRg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7eff5e4e2858d92e-HEL alt-svc h3=":443"; ma=86400
GET H2	200	app-03d0eb389cdb3c70a2fe.css wehyj.cloud/static/	196 KB 57 KB	1974ms 1972ms	Stylesheet text/css	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/static/app-03d0eb389cdb3c70a2fe.css Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f5723801ce31e4b40c7162effcace8604aca1bb9ea27329dc1cf30db13e9afc6` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:28 GMT content-encoding br cf-cache-status MISS last-modified Wed, 05 Jul 2023 06:00:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64a506f4-30e0e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1HUKo34G67aU8Te0sjwfSYLVExBWcdLqZKk%2BDXsjvHfCiW11DO2LJdwiVGlh6VGjdkLnKiSCZYurOE%2FVOWVwQRc6CB14357wWYAzOeLFJB0RfVnvsK6Y9Ue0lvtFk9sqOMDhaNRkfiJivQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7eff5e4e385ed92e-HEL alt-svc h3=":443"; ma=86400
GET H2	200	main~.b66100b3486cd1857cd3.css wehyj.cloud/static/	21 KB 5 KB	1037ms 1035ms	Stylesheet text/css	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/static/main~.b66100b3486cd1857cd3.css Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:27 GMT content-encoding br cf-cache-status MISS last-modified Wed, 05 Jul 2023 06:00:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64a506f4-55b9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iiv4KhBP9PydqB5JNPJ85GWhs14XZNIRLm%2FO45Gv%2F%2BrGUwZz3ouYojCugM9z5M9NjMk7%2BTn04a87DPtW9f%2F%2B%2Bgv6VHQCw0BrkHyvfYRHzUqTQdlHLnRewxZbcnm%2FyGlx6T%2B4g36zook5xQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7eff5e4e385fd92e-HEL alt-svc h3=":443"; ma=86400
GET H2	200	main.0c512d036b805ecf3c46.css wehyj.cloud/static/	143 KB 30 KB	1615ms 1614ms	Stylesheet text/css	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/static/main.0c512d036b805ecf3c46.css Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a0ab537b1564243a2004e06c0509d9f7e0bd464a738f8f4358b3dda5a677ee1c` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:27 GMT content-encoding br cf-cache-status MISS last-modified Wed, 05 Jul 2023 06:00:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64a506f4-23b62" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QL6j8dz3OuvGTAXcC8QQEAkeJH%2F0hj6HxqmE14h5gfbtVLaayPyBCxIwM%2FJkoviimAdovUDVgfbWPeNmV%2BUbZ7Uh547IjtkkB6jD%2BVV9JJBC2ocv%2BFj8v%2FIL5880%2B9gxFzFtriDg2ptqaQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7eff5e4e3862d92e-HEL alt-svc h3=":443"; ma=86400
GET H2	200	bootstrap_main.9d6050e3d2fff5b782d3.css wehyj.cloud/static/	226 KB 44 KB	1938ms 1937ms	Stylesheet text/css	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/static/bootstrap_main.9d6050e3d2fff5b782d3.css Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9cbfd4f00c4210688faaecdace3d2877e5c789a7c8d06f1d0c49507b55de6a2b` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:28 GMT content-encoding br cf-cache-status MISS last-modified Sun, 08 Jan 2023 08:14:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"63ba7b76-38629" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ws1oNtp8zCuMlkqVDKva%2FsLGsJs3qI6xAS66gKpS6GuDY%2Fce9e%2F4WaARXXIoD0D3y3EINUkSVDt1FeCt3b8D30BuADiuaKYTh976w5v2rAnaTA218TiqdXNhkv%2FdmlAodJ3u87caHG1V2A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7eff5e4e3864d92e-HEL alt-svc h3=":443"; ma=86400
GET H2	200	bootstrap_qr-e2b403f65ed52d327e90.css wehyj.cloud/static/	173 KB 54 KB	1668ms 1667ms	Stylesheet text/css	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/static/bootstrap_qr-e2b403f65ed52d327e90.css Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `74a07254f66a7a7ed79f58123aabb9bf3c9ce71fceced4ce7d748560c73e9c70` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:27 GMT content-encoding br cf-cache-status MISS last-modified Wed, 05 Jul 2023 07:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64a52120-2b2c5" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gMWSK83Q164xuXPq3rNdg1lXfKA5ter4MedfC%2B5JLhIGE0%2FSBIPYeTdeqYQFM72fzuiMEdcbn8LRGhmaHyPEIiR%2BxhhRMnvG7TMAJMkA%2FqWQkp%2Bw6cQu1TJoAdaznkMfme%2BhDo5qA1kRRQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7eff5e4e3868d92e-HEL alt-svc h3=":443"; ma=86400
GET H2	200	stylex-2d46744708947781f1f33a0069cbc308.css wehyj.cloud/static/	114 KB 29 KB	760ms 759ms	Stylesheet text/css	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/static/stylex-2d46744708947781f1f33a0069cbc308.css Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:26 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sun, 08 Jan 2023 08:14:48 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"63ba7b78-1c673" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXP6LeFravqw2osWi%2F9MqyGrVaUFd8hRWozpzMYVhHxTcNG5oAtkVtF1QeMNDe%2B%2FIWfdIuuwgf3JJnYlQ4L1w%2BP93iXDHuyj7wbdF4CUOAqj5Yz%2FnSS%2Bs8FiQJnzmXoNw0MYm%2FVtY0cJvA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7eff5e4e386bd92e-HEL alt-svc h3=":443"; ma=86400
GET H2	200	jquery.min.js Show response wehyj.cloud/static/	91 KB 33 KB	1341ms 1341ms	Script application/javascript	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/static/jquery.min.js Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:27 GMT content-encoding br cf-cache-status MISS last-modified Sun, 08 Jan 2023 08:14:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"63ba7b66-16bab" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VJ75gIWS%2FNixpLC6Z06JE2mvHWqZNgSGwdOpffH%2BAdzcDdO6BZIlMxnRyOBzsmEnV1RxWluyvO2Ly3MjdxZmXqULjfqAN2DdMaZKlT0w022Wbk7vyrKoZA%2BKtq%2BpMMeeN7LPyyBhPdslFA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 7eff5e4e386cd92e-HEL alt-svc h3=":443"; ma=86400
GET H3	200	qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png wehyj.cloud/static/	16 KB 16 KB	955ms 955ms	Image image/png	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://wehyj.cloud/static/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:28 GMT cf-cache-status MISS last-modified Wed, 05 Jul 2023 06:00:20 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "64a506f4-3f83" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nD6FPJWzVYg51n2YNLw%2BPmtFxNaTaprrp2h60FhQMn6qLZO7se8GqhwW76OfKFXwSNTLY3l27AtXeXDHXbUldsb6SXqPBjf12J%2F0vlF5TvLVbhoMO8aqRUZzsAZxejB8%2FPa0P7sjBzJq4Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 7eff5e5a6f96d906-HEL alt-svc h3=":443"; ma=86400 content-length 16259
GET H3	200	jquery.cookie.js Show response wehyj.cloud/static/	3 KB 2 KB	637ms 637ms	Script application/javascript	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/static/jquery.cookie.js Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `55c173330e36aaceaf268be4fe4421376a4e9eab4ce0de8e32aeb1c75f1181af` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:28 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sun, 08 Jan 2023 08:14:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"63ba7b66-c30" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2Fkn%2FMnDuXRqZC4DXI3kU0Jrv4jzyG4HnltXufaZR0eFmkIvzOnqidGcCt88N1V9NdsHTxw5ypM37D%2BJi0u6XH4xJBxujsqVrf%2BgK888rs%2FLzp55dwlQ3z7OX7%2FOb67UEKkH7JFSCRsmjg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 7eff5e5ae89fd906-HEL alt-svc h3=":443"; ma=86400
GET H3	200	qrcode.min.js Show response wehyj.cloud/static/	19 KB 7 KB	962ms 961ms	Script application/javascript	2606:4700:3030::ac43:b48d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wehyj.cloud/static/qrcode.min.js Requested by Host: wehyj.cloud URL: https://wehyj.cloud/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:b48d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36` Request headers accept-language fi-FI,fi;q=0.9 Referer https://wehyj.cloud/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:29 GMT content-encoding br cf-cache-status MISS last-modified Sun, 08 Jan 2023 08:14:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"63ba7b66-4dd7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k5VyVh2RuuewoolekHJo8upIC032G7DTETqPe1aS%2Bnv6clkV%2Bh0AHY6aTkoLjIeBMkWNP9gRyO6OZ0H%2F0XCtUxV%2FR44YYRjRgZ1gFoAjzWEvn5iffPkwBgNenMS6rd%2F%2FpeJC85cpeZLaTg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 7eff5e5ee8cad906-HEL alt-svc h3=":443"; ma=86400
GET H2	200	get_client_host Show response ip.wkurg.shop/	38 B 573 B	982ms 901ms	XHR application/json	2606:4700:3035::6815:c33 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ip.wkurg.shop/get_client_host Requested by Host: wehyj.cloud URL: https://wehyj.cloud/static/jquery.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:c33 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `826c9e61d86ae4be8604d972cceb1718c73ecb793c53f89900f5823ffb4580ea` Request headers Accept application/json, text/javascript, /; q=0.01 Referer https://wehyj.cloud/ accept-language fi-FI,fi;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36 Response headers date Tue, 01 Aug 2023 16:13:31 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GCxvGcVMVocwIrEjAigLG2SvMdn1S8%2F%2BKOHoyW3rf3het1kCeH0yLUm%2B149lzIPLFCZH34wKdDLNqrO0lffCRti5ZvAt6zQthimEmkWN%2B56TGCExrDHA9EobtMv1%2B7u1g7PFj00fIBa1TcAg"}],"group":"cf-nel","max_age":604800} content-type application/json access-control-allow-origin * access-control-allow-credentials true cf-ray 7eff5e6abc81d987-HEL access-control-allow-headers Content-Type,XFILENAME,XFILECATEGORY,XFILESIZE, authorization content-length 38 alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://wehyj.cloud/(Line 45) Message: WebSocket connection to 'wss://jscode.wkurg.shop/ws/chat' failed: Invalid frame header

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ip.wkurg.shop
wehyj.cloud
2606:4700:3030::ac43:b48d
2606:4700:3035::6815:c33
2881b3d821d66ea96e5548ce3293ad430f789a536c6c8a24b2bdb799009758d9
55c173330e36aaceaf268be4fe4421376a4e9eab4ce0de8e32aeb1c75f1181af
705fa0a226fea04b923a4337a8fd1486c46719ef7c9515b8b99b9b994b88982b
74a07254f66a7a7ed79f58123aabb9bf3c9ce71fceced4ce7d748560c73e9c70
826c9e61d86ae4be8604d972cceb1718c73ecb793c53f89900f5823ffb4580ea
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
9cbfd4f00c4210688faaecdace3d2877e5c789a7c8d06f1d0c49507b55de6a2b
a0ab537b1564243a2004e06c0509d9f7e0bd464a738f8f4358b3dda5a677ee1c
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240
f5723801ce31e4b40c7162effcace8604aca1bb9ea27329dc1cf30db13e9afc6

wehyj.cloud Open in urlscan Pro 2606:4700:3030::ac43:b48d Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

329 kBTransfer

1195 kBSize

0 Cookies

1 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

wehyj.cloud Open in urlscan Pro
2606:4700:3030::ac43:b48d Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

329 kB
Transfer

1195 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!