demo.kosaku-t-work.com Open in urlscan Pro
118.27.95.90  Malicious Activity! Public Scan

Submitted URL: http://himi.kosaku-t-work.com/service/redirect/
Effective URL: http://demo.kosaku-t-work.com/service/line/pc.html
Submission: On February 18 via automatic, source phishtank — Scanned from JP

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 10 HTTP transactions. The main IP is 118.27.95.90, located in Japan and belongs to INTERQ GMO Internet,Inc, JP. The main domain is demo.kosaku-t-work.com.
This is the only time demo.kosaku-t-work.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
3 9 118.27.95.90 7506 (INTERQ GM...)
2 2 142.251.42.198 15169 (GOOGLE)
1 1 2404:6800:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
3 104.71.161.134 20940 (AKAMAI-ASN1)
10 3
Apex Domain
Subdomains
Transfer
9 kosaku-t-work.com
himi.kosaku-t-work.com
demo.kosaku-t-work.com
634 KB
3 wellsfargomedia.com
www15.wellsfargomedia.com — Cisco Umbrella Rank: 18372
71 KB
2 doubleclick.net
ad.doubleclick.net — Cisco Umbrella Rank: 167
2 KB
1 google.co.jp
adservice.google.co.jp — Cisco Umbrella Rank: 51752
737 B
1 google.com
adservice.google.com — Cisco Umbrella Rank: 59
689 B
10 5
Domain Requested by
7 demo.kosaku-t-work.com 1 redirects demo.kosaku-t-work.com
3 www15.wellsfargomedia.com demo.kosaku-t-work.com
2 ad.doubleclick.net 2 redirects
2 himi.kosaku-t-work.com 2 redirects
1 adservice.google.co.jp demo.kosaku-t-work.com
1 adservice.google.com 1 redirects
10 6

This site contains links to these domains. Also see Links.

Domain
oam.wellsfargo.com
Subject Issuer Validity Valid
*.google.co.jp
GTS CA 1C3
2022-02-07 -
2022-05-02
3 months crt.sh
www15.wellsfargomedia.com
DigiCert SHA2 Secure Server CA
2021-12-31 -
2023-01-03
a year crt.sh

This page contains 3 frames:

Primary Page: http://demo.kosaku-t-work.com/service/line/pc.html
Frame ID: 9FD39C0394A527272569C440FE2ECDDC
Requests: 8 HTTP requests in this frame

Frame: https://adservice.google.co.jp/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321;~oref=http://demo.kosaku-t-work.com/
Frame ID: DAF5E45EA7CE5E3FF95CF6A84B853004
Requests: 1 HTTP requests in this frame

Frame: http://demo.kosaku-t-work.com/service/line/MADMAN/a.htm
Frame ID: F184D451CE8938F7F46A88BCFE0F49F7
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

login unconfirmed

Page URL History Show full URLs

  1. http://himi.kosaku-t-work.com/service/redirect/ HTTP 301
    https://himi.kosaku-t-work.com/service/redirect/ HTTP 302
    http://demo.kosaku-t-work.com/service/ HTTP 302
    http://demo.kosaku-t-work.com/service/line/index.php Page URL
  2. http://demo.kosaku-t-work.com/service/line/pc.html Page URL

Page Statistics

10
Requests

40 %
HTTPS

40 %
IPv6

5
Domains

6
Subdomains

3
IPs

3
Countries

704 kB
Transfer

802 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://himi.kosaku-t-work.com/service/redirect/ HTTP 301
    https://himi.kosaku-t-work.com/service/redirect/ HTTP 302
    http://demo.kosaku-t-work.com/service/ HTTP 302
    http://demo.kosaku-t-work.com/service/line/index.php Page URL
  2. http://demo.kosaku-t-work.com/service/line/pc.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://himi.kosaku-t-work.com/service/redirect/ HTTP 301
  • https://himi.kosaku-t-work.com/service/redirect/ HTTP 302
  • http://demo.kosaku-t-work.com/service/ HTTP 302
  • http://demo.kosaku-t-work.com/service/line/index.php
Request Chain 4
  • http://ad.doubleclick.net/ddm/activity/src=2549153;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321 HTTP 302
  • http://ad.doubleclick.net/ddm/activity/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321 HTTP 302
  • https://adservice.google.com/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321;~oref=http://demo.kosaku-t-work.com/ HTTP 302
  • https://adservice.google.co.jp/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321;~oref=http://demo.kosaku-t-work.com/

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
index.php
demo.kosaku-t-work.com/service/line/
Redirect Chain
  • http://himi.kosaku-t-work.com/service/redirect/
  • https://himi.kosaku-t-work.com/service/redirect/
  • http://demo.kosaku-t-work.com/service/
  • http://demo.kosaku-t-work.com/service/line/index.php
113 B
418 B
Document
General
Full URL
http://demo.kosaku-t-work.com/service/line/index.php
Protocol
HTTP/1.1
Server
118.27.95.90 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
www86.conoha.ne.jp
Software
nginx / PHP/7.3.32
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

Server
nginx
Date
Fri, 18 Feb 2022 20:09:35 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.3.32
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Nginx-Cache
EXPIRED
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Fri, 18 Feb 2022 20:09:35 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
X-Powered-By
PHP/7.3.32
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
location
line/index.php
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Nginx-Cache
MISS
Primary Request pc.html
demo.kosaku-t-work.com/service/line/
23 KB
9 KB
Document
General
Full URL
http://demo.kosaku-t-work.com/service/line/pc.html
Requested by
Host: demo.kosaku-t-work.com
URL: http://demo.kosaku-t-work.com/service/line/index.php
Protocol
HTTP/1.1
Server
118.27.95.90 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
www86.conoha.ne.jp
Software
nginx /
Resource Hash
377a9201484ce13cf29e0ce164cd8b7ebbeb7dd445b4b28c80e4c27db86aebe2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
http://demo.kosaku-t-work.com/service/line/index.php

Response headers

Server
nginx
Date
Fri, 18 Feb 2022 20:09:35 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Wed, 16 Feb 2022 01:09:19 GMT
ETag
W/"5af8-5d8184c9cf919"
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Nginx-Cache
EXPIRED
Content-Encoding
gzip
wfui.css
demo.kosaku-t-work.com/service/line/MADMAN/
98 KB
21 KB
Stylesheet
General
Full URL
http://demo.kosaku-t-work.com/service/line/MADMAN/wfui.css
Requested by
Host: demo.kosaku-t-work.com
URL: http://demo.kosaku-t-work.com/service/line/pc.html
Protocol
HTTP/1.1
Server
118.27.95.90 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
www86.conoha.ne.jp
Software
nginx /
Resource Hash
7fea627acd4a58ddab75dc10e4f2b430883141ede83b259aa871d62b9f6e55ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
http://demo.kosaku-t-work.com/service/line/pc.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 20:09:35 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Nginx-Cache
EXPIRED
Last-Modified
Wed, 16 Feb 2022 01:09:19 GMT
Server
nginx
ETag
W/"187ea-5d8184c9cf531"
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
X-XSS-Protection
1; mode=block
main.css
demo.kosaku-t-work.com/service/line/MADMAN/
11 KB
3 KB
Stylesheet
General
Full URL
http://demo.kosaku-t-work.com/service/line/MADMAN/main.css
Requested by
Host: demo.kosaku-t-work.com
URL: http://demo.kosaku-t-work.com/service/line/pc.html
Protocol
HTTP/1.1
Server
118.27.95.90 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
www86.conoha.ne.jp
Software
nginx /
Resource Hash
388f2ffe9aecbcf983f8d803ba670962125f24d73ee9326a8825c735e7be244a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
http://demo.kosaku-t-work.com/service/line/pc.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 20:09:35 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Nginx-Cache
EXPIRED
Last-Modified
Wed, 16 Feb 2022 01:09:19 GMT
Server
nginx
ETag
W/"2dd2-5d8184c9cf531"
Transfer-Encoding
chunked
Content-Type
text/css
Connection
keep-alive
X-XSS-Protection
1; mode=block
COB-BOB-IRT-enroll_tractor.jpg
demo.kosaku-t-work.com/service/line/MADMAN/
599 KB
599 KB
Image
General
Full URL
http://demo.kosaku-t-work.com/service/line/MADMAN/COB-BOB-IRT-enroll_tractor.jpg
Requested by
Host: demo.kosaku-t-work.com
URL: http://demo.kosaku-t-work.com/service/line/pc.html
Protocol
HTTP/1.1
Server
118.27.95.90 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
www86.conoha.ne.jp
Software
nginx /
Resource Hash
d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
http://demo.kosaku-t-work.com/service/line/pc.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 18 Feb 2022 20:09:35 GMT
X-Content-Type-Options
nosniff
X-Nginx-Cache
EXPIRED
Last-Modified
Wed, 16 Feb 2022 01:09:19 GMT
Server
nginx
ETag
"95bb8-5d8184c9cf531"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
613304
X-XSS-Protection
1; mode=block
/
adservice.google.co.jp/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=6721623347419696928066964... Frame DAF5
Redirect Chain
  • http://ad.doubleclick.net/ddm/activity/src=2549153;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219...
  • http://ad.doubleclick.net/ddm/activity/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=6721623347419696928...
  • https://adservice.google.com/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=6721623347419696928...
  • https://adservice.google.co.jp/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969...
42 B
737 B
Document
General
Full URL
https://adservice.google.co.jp/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321;~oref=http://demo.kosaku-t-work.com/
Requested by
Host: demo.kosaku-t-work.com
URL: http://demo.kosaku-t-work.com/service/line/pc.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:80c::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
http://demo.kosaku-t-work.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 18 Feb 2022 20:09:36 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
image/gif
x-content-type-options
nosniff
server
cafe
content-length
42
x-xss-protection
0
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 18 Feb 2022 20:09:36 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
location
https://adservice.google.co.jp/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321;~oref=http://demo.kosaku-t-work.com/
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
a.htm
demo.kosaku-t-work.com/service/line/MADMAN/ Frame F184
211 B
657 B
Document
General
Full URL
http://demo.kosaku-t-work.com/service/line/MADMAN/a.htm
Requested by
Host: demo.kosaku-t-work.com
URL: http://demo.kosaku-t-work.com/service/line/pc.html
Protocol
HTTP/1.1
Server
118.27.95.90 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),
Reverse DNS
www86.conoha.ne.jp
Software
nginx / PHP/7.3.32
Resource Hash
d4cd836c5f1f09dd0f955c6b51e1c7d99d3dd7efbfafa08518e89d896b888024
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
http://demo.kosaku-t-work.com/service/line/pc.html

Response headers

Server
nginx
Date
Fri, 18 Feb 2022 20:09:36 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.3.32
Expires
Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control
private, no-store, no-cache, must-revalidate
Link
<http://demo.kosaku-t-work.com/wp-json/>; rel="https://api.w.org/"
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Encoding
gzip
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/
22 KB
22 KB
Font
General
Full URL
https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2
Requested by
Host: demo.kosaku-t-work.com
URL: http://demo.kosaku-t-work.com/service/line/MADMAN/wfui.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.71.161.134 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-71-161-134.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://demo.kosaku-t-work.com/
Origin
http://demo.kosaku-t-work.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
last-modified
Tue, 26 Feb 2019 19:38:34 GMT
server
KONICHIWA/2.0
etag
"5798-582d133e56280"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
date
Fri, 18 Feb 2022 20:09:36 GMT
accept-ranges
bytes
content-length
22424
x-xss-protection
1; mode=block
expires
Sat, 18 Feb 2023 20:09:36 GMT
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/
22 KB
22 KB
Font
General
Full URL
https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2
Requested by
Host: demo.kosaku-t-work.com
URL: http://demo.kosaku-t-work.com/service/line/MADMAN/wfui.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.71.161.134 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-71-161-134.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://demo.kosaku-t-work.com/
Origin
http://demo.kosaku-t-work.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
last-modified
Tue, 26 Feb 2019 19:38:34 GMT
server
KONICHIWA/2.0
etag
"5848-582d133e56280"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
date
Fri, 18 Feb 2022 20:09:36 GMT
accept-ranges
bytes
content-length
22600
x-xss-protection
1; mode=block
expires
Sat, 18 Feb 2023 20:09:36 GMT
wellsfargoserif-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/
26 KB
26 KB
Font
General
Full URL
https://www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff2
Requested by
Host: demo.kosaku-t-work.com
URL: http://demo.kosaku-t-work.com/service/line/MADMAN/wfui.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.71.161.134 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-71-161-134.deploy.static.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://demo.kosaku-t-work.com/
Origin
http://demo.kosaku-t-work.com
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
last-modified
Mon, 11 Mar 2019 20:52:01 GMT
server
KONICHIWA/2.0
etag
"6854-583d7be82be40"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
date
Fri, 18 Feb 2022 20:09:36 GMT
accept-ranges
bytes
content-length
26708
x-xss-protection
1; mode=block
expires
Sat, 18 Feb 2023 20:09:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 function| structuredClone

1 Cookies

Domain/Path Name / Value
demo.kosaku-t-work.com/ Name: PHPSESSID
Value: b8bb1d5ce6ff87f4a7b01aa375dc74b2

1 Console Messages

Source Level URL
Text
network error URL: http://demo.kosaku-t-work.com/service/line/MADMAN/a.htm
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block