demo.kosaku-t-work.com
Open in
urlscan Pro
118.27.95.90
Malicious Activity!
Public Scan
Effective URL: http://demo.kosaku-t-work.com/service/line/pc.html
Submission: On February 18 via automatic, source phishtank — Scanned from JP
Summary
This is the only time demo.kosaku-t-work.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 9 | 118.27.95.90 118.27.95.90 | 7506 (INTERQ GM...) (INTERQ GMO Internet) | |
2 2 | 142.251.42.198 142.251.42.198 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2404:6800:400... 2404:6800:4004:826::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2404:6800:400... 2404:6800:4004:80c::2002 | 15169 (GOOGLE) (GOOGLE) | |
3 | 104.71.161.134 104.71.161.134 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
10 | 3 |
ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: www86.conoha.ne.jp
himi.kosaku-t-work.com | |
demo.kosaku-t-work.com |
ASN15169 (GOOGLE, US)
PTR: nrt12s47-in-f6.1e100.net
ad.doubleclick.net |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-71-161-134.deploy.static.akamaitechnologies.com
www15.wellsfargomedia.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
kosaku-t-work.com
3 redirects
himi.kosaku-t-work.com demo.kosaku-t-work.com |
634 KB |
3 |
wellsfargomedia.com
www15.wellsfargomedia.com — Cisco Umbrella Rank: 18372 |
71 KB |
2 |
doubleclick.net
2 redirects
ad.doubleclick.net — Cisco Umbrella Rank: 167 |
2 KB |
1 |
google.co.jp
adservice.google.co.jp — Cisco Umbrella Rank: 51752 |
737 B |
1 |
google.com
1 redirects
adservice.google.com — Cisco Umbrella Rank: 59 |
689 B |
10 | 5 |
Domain | Requested by | |
---|---|---|
7 | demo.kosaku-t-work.com |
1 redirects
demo.kosaku-t-work.com
|
3 | www15.wellsfargomedia.com |
demo.kosaku-t-work.com
|
2 | ad.doubleclick.net | 2 redirects |
2 | himi.kosaku-t-work.com | 2 redirects |
1 | adservice.google.co.jp |
demo.kosaku-t-work.com
|
1 | adservice.google.com | 1 redirects |
10 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
oam.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google.co.jp GTS CA 1C3 |
2022-02-07 - 2022-05-02 |
3 months | crt.sh |
www15.wellsfargomedia.com DigiCert SHA2 Secure Server CA |
2021-12-31 - 2023-01-03 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
http://demo.kosaku-t-work.com/service/line/pc.html
Frame ID: 9FD39C0394A527272569C440FE2ECDDC
Requests: 8 HTTP requests in this frame
Frame:
https://adservice.google.co.jp/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321;~oref=http://demo.kosaku-t-work.com/
Frame ID: DAF5E45EA7CE5E3FF95CF6A84B853004
Requests: 1 HTTP requests in this frame
Frame:
http://demo.kosaku-t-work.com/service/line/MADMAN/a.htm
Frame ID: F184D451CE8938F7F46A88BCFE0F49F7
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
login unconfirmedPage URL History Show full URLs
-
http://himi.kosaku-t-work.com/service/redirect/
HTTP 301
https://himi.kosaku-t-work.com/service/redirect/ HTTP 302
http://demo.kosaku-t-work.com/service/ HTTP 302
http://demo.kosaku-t-work.com/service/line/index.php Page URL
- http://demo.kosaku-t-work.com/service/line/pc.html Page URL
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Create a new password
Search URL Search Domain Scan URL
Title: find your username
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://himi.kosaku-t-work.com/service/redirect/
HTTP 301
https://himi.kosaku-t-work.com/service/redirect/ HTTP 302
http://demo.kosaku-t-work.com/service/ HTTP 302
http://demo.kosaku-t-work.com/service/line/index.php Page URL
- http://demo.kosaku-t-work.com/service/line/pc.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://himi.kosaku-t-work.com/service/redirect/ HTTP 301
- https://himi.kosaku-t-work.com/service/redirect/ HTTP 302
- http://demo.kosaku-t-work.com/service/ HTTP 302
- http://demo.kosaku-t-work.com/service/line/index.php
- http://ad.doubleclick.net/ddm/activity/src=2549153;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321 HTTP 302
- http://ad.doubleclick.net/ddm/activity/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321 HTTP 302
- https://adservice.google.com/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321;~oref=http://demo.kosaku-t-work.com/ HTTP 302
- https://adservice.google.co.jp/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=67216233474196969280669647284098407137;u19=GA1.2.1219693419.1638317358;u23=DESKTOP;ord=5289720067493.321;~oref=http://demo.kosaku-t-work.com/
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.php
demo.kosaku-t-work.com/service/line/ Redirect Chain
|
113 B 418 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
pc.html
demo.kosaku-t-work.com/service/line/ |
23 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfui.css
demo.kosaku-t-work.com/service/line/MADMAN/ |
98 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
demo.kosaku-t-work.com/service/line/MADMAN/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
COB-BOB-IRT-enroll_tractor.jpg
demo.kosaku-t-work.com/service/line/MADMAN/ |
599 KB 599 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
adservice.google.co.jp/ddm/fls/p/src=2549153;dc_pre=CIDP4rGHivYCFYQ7lgodwxYDWg;type=allv40;cat=all_a012;u1=1120211130160910750566171;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u18=6721623347419696928066964... Frame DAF5 Redirect Chain
|
42 B 737 B |
Document
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a.htm
demo.kosaku-t-work.com/service/line/MADMAN/ Frame F184 |
211 B 657 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargoserif-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 function| structuredClone1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
demo.kosaku-t-work.com/ | Name: PHPSESSID Value: b8bb1d5ce6ff87f4a7b01aa375dc74b2 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad.doubleclick.net
adservice.google.co.jp
adservice.google.com
demo.kosaku-t-work.com
himi.kosaku-t-work.com
www15.wellsfargomedia.com
104.71.161.134
118.27.95.90
142.251.42.198
2404:6800:4004:80c::2002
2404:6800:4004:826::2002
377a9201484ce13cf29e0ce164cd8b7ebbeb7dd445b4b28c80e4c27db86aebe2
388f2ffe9aecbcf983f8d803ba670962125f24d73ee9326a8825c735e7be244a
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
7fea627acd4a58ddab75dc10e4f2b430883141ede83b259aa871d62b9f6e55ec
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310
d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe
d4cd836c5f1f09dd0f955c6b51e1c7d99d3dd7efbfafa08518e89d896b888024
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629