wlhskc.cn
Open in
urlscan Pro
23.94.211.52
Malicious Activity!
Public Scan
Effective URL: https://wlhskc.cn/wctx1D1DFxFDg.do.php
Submission: On December 12 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on December 12th 2021. Valid for: 3 months.
This is the only time wlhskc.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPay (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 17 | 23.94.211.52 23.94.211.52 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
16 | 1 |
ASN36352 (AS-COLOCROSSING, US)
PTR: 23-94-211-52-host.colocrossing.com
wlhskc.cn |
Domain | Requested by | |
---|---|---|
17 | wlhskc.cn |
1 redirects
wlhskc.cn
|
16 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypay-bank.co.jp |
help.japannetbank.co.jp |
www.japannetbank.co.jp |
login.japannetbank.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
019lj4u.cn R3 |
2021-12-12 - 2022-03-12 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
https://wlhskc.cn/wctx1D1DFxFDg.do.php
Frame ID: 1564873A1953647D49303BDA04789507
Requests: 13 HTTP requests in this frame
Frame:
https://wlhskc.cn/index_1.html
Frame ID: F1BFBCBA3CE900D0538CE99CD4CE33A2
Requests: 1 HTTP requests in this frame
Frame:
https://wlhskc.cn/index_2.html
Frame ID: 0B8B3F79386C4E033202C1E4D72DFDF5
Requests: 1 HTTP requests in this frame
Frame:
https://wlhskc.cn/index_3.html
Frame ID: 26DF0EE432CF44D276A7F60E4D8336A8
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
ログイン - PayPay銀行Page URL History Show full URLs
-
https://wlhskc.cn/
HTTP 302
https://wlhskc.cn/wctx1D1DFxFDg.do.php Page URL
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: 詳しくはこちら【更新】
Search URL Search Domain Scan URL
Title: よくあるご質問
Search URL Search Domain Scan URL
Title: PayPay銀行 ホーム
Search URL Search Domain Scan URL
Title: ログインページ(ログインIDあり)へ
Search URL Search Domain Scan URL
Title: SSL証明書の「SHA-2」方式への変更について
Search URL Search Domain Scan URL
Title: はじめてのログイン(初期設定)
Search URL Search Domain Scan URL
Title: チェック項目
Search URL Search Domain Scan URL
Title: BA-PLUS専用ログイン
Search URL Search Domain Scan URL
Title: ログインパスワードや暗証番号は定期的な変更をおすすめいたします。
Search URL Search Domain Scan URL
Title: フィッシングに注意
Search URL Search Domain Scan URL
Title: 取引規定集
Search URL Search Domain Scan URL
Title: プライバシーポリシー
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://wlhskc.cn/
HTTP 302
https://wlhskc.cn/wctx1D1DFxFDg.do.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
wctx1D1DFxFDg.do.php
wlhskc.cn/ Redirect Chain
|
9 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reset.css
wlhskc.cn/static/ |
611 B 450 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common_smt.css
wlhskc.cn/static/ |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_smt.css
wlhskc.cn/static/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common_pc.css
wlhskc.cn/static/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_pc.css
wlhskc.cn/static/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main_logo.png
wlhskc.cn/static/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header_faq.png
wlhskc.cn/static/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_cash_card.png
wlhskc.cn/static/ |
101 KB 102 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer_logo.png
wlhskc.cn/static/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login_img001.gif
wlhskc.cn/ |
256 B 256 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
86975.gif
wlhskc.cn/ |
256 B 256 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_1.html
wlhskc.cn/ Frame F1BF |
256 B 306 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_2.html
wlhskc.cn/ Frame 0B8B |
256 B 284 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index_3.html
wlhskc.cn/ Frame 26DF |
256 B 284 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
link_win_open1.gif
wlhskc.cn/static/ |
67 B 145 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPay (Financial)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wlhskc.cn/ | Name: PHPSESSID Value: tchqbjai41ul1dopr9klpeusl0 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
wlhskc.cn
23.94.211.52
00bee62b8f3a382e2d7ccf4da11c70397136da2c72f2c9c3b2302f7c65dd9d8a
0eb4c067d7d725b04fc3939e0f7fb1079f0d3bf99751476ef6dd096b05a1c0ec
2af026c006bf89cac540b75b5a34a84cb98b7401c5c03dadd40af95547848717
3beb5f5516445bf2c2040611814d07a4ab76099d234df5428bf60ed281dc4c18
49cc5f6a48d5342d35aaa1439f849074f9da36d24ac4c36f5096059bd9d12560
62c7ab03d6d92ae39a651edcf68d9f7d9cc77719a64748be3eafd4db079857f1
933b2c7ddb1a5c467c9e3397d41aabcd2a6e7bb1a0ead71b5125cdff570d5fc8
a3b931d280eb1fd8e65222317d9818c57b2f6e4a03e5f239775b5ecf43769057
af05abd77f426d405e3cc4f9f33705e1897830129dfe4520418e7988211e8bed
b320c763f50c93041a4693f2c1f7b5cb10c0d76dca7312995cc457d05e6fcc43
cfcf12ebf1f853c9f28147586cb4428d771b30cd14aee4550d1edfbf13af0d6e
fe56bf45aaa0c3b74cd90b27319ff6351ce73b45100d9e7bea1c946eb1271f9b