wlhskc.cn Open in urlscan Pro
23.94.211.52 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://wlhskc.cn/
Effective URL:
https://wlhskc.cn/wctx1D1DFxFDg.do.php
Submission: On December 12 via manual (December 12th 2021, 3:01:27 pm UTC) from JP — Scanned from JP

Summary HTTP 16 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 23.94.211.52, located in Seattle, United States and belongs to AS-COLOCROSSING, US. The main domain is wlhskc.cn.
TLS certificate: Issued by R3 on December 12th 2021. Valid for: 3 months.

This is the only time wlhskc.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPay (Financial)

Domain & IP information

	IP Address		AS Autonomous System
1 17	23.94.211.52 23.94.211.52		36352 (AS-COLOCR...) (AS-COLOCROSSING)
16	1

17 23.94.211.52 (Seattle, United States) 1 redirects

ASN36352 (AS-COLOCROSSING, US)
PTR: 23-94-211-52-host.colocrossing.com

wlhskc.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	wlhskc.cn 1 redirects wlhskc.cn	134 KB
16	1

	Domain	Requested by
17	wlhskc.cn	1 redirects wlhskc.cn
16	1

This site contains links to these domains. Also see Links.

Domain
www.paypay-bank.co.jp
help.japannetbank.co.jp
www.japannetbank.co.jp
login.japannetbank.co.jp

Subject Issuer	Validity	Valid
019lj4u.cn R3	`2021-12-12` - `2022-03-12`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://wlhskc.cn/wctx1D1DFxFDg.do.php
Frame ID: 1564873A1953647D49303BDA04789507
Requests: 13 HTTP requests in this frame

Frame: https://wlhskc.cn/index_1.html
Frame ID: F1BFBCBA3CE900D0538CE99CD4CE33A2
Requests: 1 HTTP requests in this frame

Frame: https://wlhskc.cn/index_2.html
Frame ID: 0B8B3F79386C4E033202C1E4D72DFDF5
Requests: 1 HTTP requests in this frame

Frame: https://wlhskc.cn/index_3.html
Frame ID: 26DF0EE432CF44D276A7F60E4D8336A8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ログイン - PayPay銀行

Page URL History Show full URLs

https://wlhskc.cn/ HTTP 302
https://wlhskc.cn/wctx1D1DFxFDg.do.php Page URL

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

134 kB
Transfer

164 kB
Size

1
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paypay-bank.co.jp/namechange/index.html
Title: 詳しくはこちら【更新】

Search URL Search Domain Scan URL

URL: https://help.japannetbank.co.jp/hc/ja
Title: よくあるご質問

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/
Title: PayPay銀行ホーム

Search URL Search Domain Scan URL

URL: https://login.japannetbank.co.jp/wctx/LoginAction.do?loginIdFlg=1
Title: ログインページ（ログインIDあり）へ

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/news/general2015/151028.html
Title: SSL証明書の「SHA-2」方式への変更について

Search URL Search Domain Scan URL

URL: https://login.japannetbank.co.jp/wctx/NBG12390G11.do
Title: はじめてのログイン（初期設定）

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/cn_login.html
Title: チェック項目

Search URL Search Domain Scan URL

URL: https://login.japannetbank.co.jp/balogin_L.html
Title: BA-PLUS専用ログイン

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/security/safety/index.html
Title: ログインパスワードや暗証番号は定期的な変更をおすすめいたします。

Search URL Search Domain Scan URL

URL: https://www.japannetbank.co.jp/security/crime/prv_phsh.html
Title: フィッシングに注意

Search URL Search Domain Scan URL

URL: https://www.paypay-bank.co.jp/regulation/index.html
Title: 取引規定集

Search URL Search Domain Scan URL

URL: https://www.paypay-bank.co.jp/policy/privacy/index.html
Title: プライバシーポリシー

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://wlhskc.cn/ HTTP 302
https://wlhskc.cn/wctx1D1DFxFDg.do.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request wctx1D1DFxFDg.do.php Show response wlhskc.cn/ Redirect Chain https://wlhskc.cn/ https://wlhskc.cn/wctx1D1DFxFDg.do.php	9 KB 4 KB	328ms 327ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `cfcf12ebf1f853c9f28147586cb4428d771b30cd14aee4550d1edfbf13af0d6e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers date Sun, 12 Dec 2021 15:01:22 GMT server Apache expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache vary Accept-Encoding content-encoding gzip content-length 3643 content-type text/html; charset=UTF-8 Redirect headers date Sun, 12 Dec 2021 15:01:21 GMT server Apache expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache location ./wctx1D1DFxFDg.do.php content-length 0 content-type text/html; charset=UTF-8
GET H2	200	reset.css wlhskc.cn/static/	611 B 450 B	132ms 131ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://wlhskc.cn/static/reset.css Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT content-encoding gzip last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache etag "263-5c73529f6a512-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 361
GET H2	200	common_smt.css wlhskc.cn/static/	17 KB 4 KB	132ms 131ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://wlhskc.cn/static/common_smt.css Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `3beb5f5516445bf2c2040611814d07a4ab76099d234df5428bf60ed281dc4c18` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT content-encoding gzip last-modified Fri, 16 Jul 2021 06:40:53 GMT server Apache etag "4458-5c737de8416d6-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 4343
GET H2	200	login_smt.css wlhskc.cn/static/	5 KB 2 KB	132ms 131ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://wlhskc.cn/static/login_smt.css Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `b320c763f50c93041a4693f2c1f7b5cb10c0d76dca7312995cc457d05e6fcc43` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT content-encoding gzip last-modified Thu, 08 Jul 2021 16:12:50 GMT server Apache etag "1460-5c69eed2f8480-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1785
GET H2	200	common_pc.css wlhskc.cn/static/	10 KB 3 KB	132ms 132ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://wlhskc.cn/static/common_pc.css Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `00bee62b8f3a382e2d7ccf4da11c70397136da2c72f2c9c3b2302f7c65dd9d8a` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT content-encoding gzip last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache etag "2964-5c73529f76418-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 2973
GET H2	200	login_pc.css wlhskc.cn/static/	4 KB 1 KB	258ms 257ms	Stylesheet text/css	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://wlhskc.cn/static/login_pc.css Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `933b2c7ddb1a5c467c9e3397d41aabcd2a6e7bb1a0ead71b5125cdff570d5fc8` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT content-encoding gzip last-modified Thu, 08 Jul 2021 16:12:50 GMT server Apache etag "e37-5c69eed2f8480-gzip" vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1407
GET H2	200	main_logo.png wlhskc.cn/static/	5 KB 5 KB	257ms 256ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://wlhskc.cn/static/main_logo.png Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache accept-ranges bytes etag "12ec-5c73529f6b0c1" content-length 4844 content-type image/png
GET H2	200	header_faq.png wlhskc.cn/static/	1 KB 1 KB	257ms 256ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://wlhskc.cn/static/header_faq.png Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `62c7ab03d6d92ae39a651edcf68d9f7d9cc77719a64748be3eafd4db079857f1` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache accept-ranges bytes etag "47f-5c73529f69d47" content-length 1151 content-type image/png
GET H2	200	login_cash_card.png wlhskc.cn/static/	101 KB 102 KB	257ms 256ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://wlhskc.cn/static/login_cash_card.png Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `a3b931d280eb1fd8e65222317d9818c57b2f6e4a03e5f239775b5ecf43769057` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT last-modified Thu, 08 Jul 2021 16:12:50 GMT server Apache accept-ranges bytes etag "19480-5c69eed2f8480" content-length 103552 content-type image/png
GET H2	200	footer_logo.png wlhskc.cn/static/	10 KB 10 KB	387ms 387ms	Image image/png	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://wlhskc.cn/static/footer_logo.png Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache accept-ranges bytes etag "271b-5c73529f75869" content-length 10011 content-type image/png
GET H2	404	login_img001.gif wlhskc.cn/	256 B 256 B	387ms 387ms	Image text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://wlhskc.cn/login_img001.gif Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `af05abd77f426d405e3cc4f9f33705e1897830129dfe4520418e7988211e8bed` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT server Apache content-length 256 content-type text/html; charset=iso-8859-1
GET H2	404	86975.gif wlhskc.cn/	256 B 256 B	387ms 387ms	Image text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://wlhskc.cn/86975.gif Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `af05abd77f426d405e3cc4f9f33705e1897830129dfe4520418e7988211e8bed` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:22 GMT server Apache content-length 256 content-type text/html; charset=iso-8859-1
GET H2	404	index_1.html Show response wlhskc.cn/ Frame F1BF	256 B 306 B	385ms 384ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://wlhskc.cn/index_1.html Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `af05abd77f426d405e3cc4f9f33705e1897830129dfe4520418e7988211e8bed` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php Response headers date Sun, 12 Dec 2021 15:01:22 GMT server Apache content-length 256 content-type text/html; charset=iso-8859-1
GET H2	404	index_2.html Show response wlhskc.cn/ Frame 0B8B	256 B 284 B	384ms 384ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://wlhskc.cn/index_2.html Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `af05abd77f426d405e3cc4f9f33705e1897830129dfe4520418e7988211e8bed` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php Response headers date Sun, 12 Dec 2021 15:01:22 GMT server Apache content-length 256 content-type text/html; charset=iso-8859-1
GET H2	404	index_3.html Show response wlhskc.cn/ Frame 26DF	256 B 284 B	384ms 384ms	Document text/html	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://wlhskc.cn/index_3.html Requested by Host: wlhskc.cn URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `af05abd77f426d405e3cc4f9f33705e1897830129dfe4520418e7988211e8bed` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/wctx1D1DFxFDg.do.php Response headers date Sun, 12 Dec 2021 15:01:22 GMT server Apache content-length 256 content-type text/html; charset=iso-8859-1
GET H2	200	link_win_open1.gif wlhskc.cn/static/	67 B 145 B	250ms 250ms	Image image/gif	23.94.211.52 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://wlhskc.cn/static/link_win_open1.gif Requested by Host: wlhskc.cn URL: https://wlhskc.cn/static/common_smt.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.211.52 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS 23-94-211-52-host.colocrossing.com Software Apache / Resource Hash `0eb4c067d7d725b04fc3939e0f7fb1079f0d3bf99751476ef6dd096b05a1c0ec` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://wlhskc.cn/static/common_smt.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Response headers date Sun, 12 Dec 2021 15:01:23 GMT last-modified Fri, 16 Jul 2021 03:27:14 GMT server Apache accept-ranges bytes etag "43-5c73529f748d7" content-length 67 content-type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPay (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			wlhskc.cn/	1969-12-31 23:59:59	Name: PHPSESSID Value: tchqbjai41ul1dopr9klpeusl0

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://wlhskc.cn/login_img001.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wlhskc.cn/86975.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wlhskc.cn/index_1.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wlhskc.cn/index_2.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wlhskc.cn/index_3.html Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

wlhskc.cn
23.94.211.52
00bee62b8f3a382e2d7ccf4da11c70397136da2c72f2c9c3b2302f7c65dd9d8a
0eb4c067d7d725b04fc3939e0f7fb1079f0d3bf99751476ef6dd096b05a1c0ec
2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717
3beb5f5516445bf2c2040611814d07a4ab76099d234df5428bf60ed281dc4c18
49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560
62c7ab03d6d92ae39a651edcf68d9f7d9cc77719a64748be3eafd4db079857f1
933b2c7ddb1a5c467c9e3397d41aabcd2a6e7bb1a0ead71b5125cdff570d5fc8
a3b931d280eb1fd8e65222317d9818c57b2f6e4a03e5f239775b5ecf43769057
af05abd77f426d405e3cc4f9f33705e1897830129dfe4520418e7988211e8bed
b320c763f50c93041a4693f2c1f7b5cb10c0d76dca7312995cc457d05e6fcc43
cfcf12ebf1f853c9f28147586cb4428d771b30cd14aee4550d1edfbf13af0d6e
fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b

wlhskc.cn Open in urlscan Pro 23.94.211.52 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

16 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

134 kBTransfer

164 kBSize

1 Cookies

12 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

5 Console Messages

Indicators

wlhskc.cn Open in urlscan Pro
23.94.211.52 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

134 kB
Transfer

164 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!