wengaobo.com Open in urlscan Pro
103.101.191.141 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://huiyuanmei.com/
Effective URL:
https://wengaobo.com/top/client/select_PC.php
Submission: On November 27 via manual (November 27th 2024, 6:37:14 am UTC) from JP — Scanned from JP

Summary HTTP 21 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 21 HTTP transactions. The main IP is 103.101.191.141, located in Seoul, Korea, Republic Of and belongs to ANTBOX1-AS-AP Antbox Networks Limited, HK. The main domain is wengaobo.com.
TLS certificate: Issued by R11 on November 26th 2024. Valid for: 3 months.

This is the only time wengaobo.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: JA Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 14	103.101.191.141 103.101.191.141	138995 (ANTBOX1-A...) (ANTBOX1-AS-AP Antbox Networks Limited)
1	18.65.185.4 18.65.185.4	16509 (AMAZON-02) (AMAZON-02)
1	2404:6800:400... 2404:6800:4004:820::200e	15169 (GOOGLE) (GOOGLE)
21	4

14 103.101.191.141 (Seoul, Korea, Republic Of) 2 redirects

ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK)

huiyuanmei.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wengaobo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.65.185.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-185-4.nrt57.r.cloudfront.net

www.jabank.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:820::200e (Australia)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	wengaobo.com 1 redirects wengaobo.com	678 KB
1	youtube.com www.youtube.com — Cisco Umbrella Rank: 79
1	jabank.jp www.jabank.jp	2 KB
1	huiyuanmei.com 1 redirects huiyuanmei.com	268 B
21	4

	Domain	Requested by
13	wengaobo.com	1 redirects wengaobo.com
1	www.youtube.com	wengaobo.com
1	www.jabank.jp	wengaobo.com
1	huiyuanmei.com	1 redirects
21	4

This site contains links to these domains. Also see Links.

Domain
www.jabank.jp
www.jabank.org
www.direct.jabank.jp
ja-netloan.jp
map.jabank.org
www.houjinnet.jabank.jp

Subject Issuer	Validity	Valid
wengaobo.com R11	`2024-11-26` - `2025-02-24`	3 months	crt.sh
www.jabank.jp GlobalSign RSA OV SSL CA 2018	`2024-01-10` - `2025-02-10`	a year	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://wengaobo.com/top/client/select_PC.php
Frame ID: FDE18B0571DF4EAFD28BBDA312E3FD86
Requests: 20 HTTP requests in this frame

Frame: https://www.youtube.com/embed/F3FgAALpKFY?rel=0
Frame ID: 825846BC22FEE76AE797448626840A11
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

JAネットバンク

Page URL History Show full URLs

http://huiyuanmei.com/ HTTP 307
https://huiyuanmei.com/ HTTP 301
https://wengaobo.com/ HTTP 302
https://wengaobo.com/top/client/select_PC.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

67 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

679 kB
Transfer

2195 kB
Size

6
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://www.jabank.jp/ja/merit/index/6924000
Title: メリット

Search URL Search Domain Scan URL

URL: https://www.jabank.jp/ja/services/index/6924000
Title: 機能・サービス

Search URL Search Domain Scan URL

URL: http://www.jabank.org/kantantsucho/index.html
Title: JAバンクかんたん通帳

Search URL Search Domain Scan URL

URL: http://www.jabank.org/moneyforward/index.html
Title: マネーフォワード for JAバンク

Search URL Search Domain Scan URL

URL: https://www.jabank.jp/ja/securities/index/6924000
Title: セキュリティ

Search URL Search Domain Scan URL

URL: https://www.jabank.jp/ja/howto/index/6924000
Title: 使い方

Search URL Search Domain Scan URL

URL: http://www.jabank.org/tenpo/index.html
Title: JA店舗検索

Search URL Search Domain Scan URL

URL: https://www.direct.jabank.jp/top/index.do?PT=BS&CCT0080=3647
Title: 今回は導入せずにログインする

Search URL Search Domain Scan URL

URL: http://www.jabank.org/app/

Search URL Search Domain Scan URL

URL: https://ja-netloan.jp/tamokuteki/summary/0400/3647/
Title: お使い道さえ決まっていれば様々な用途に使える！詳しくはこちら

Search URL Search Domain Scan URL

URL: https://ja-netloan.jp/free/summary/0400/3647/
Title: 様々な用途に自由に使える！詳しくはこちら

Search URL Search Domain Scan URL

URL: https://map.jabank.org/shop/info/364700101
Title: お近くの店舗・ATMはこちらから詳しくはこちら

Search URL Search Domain Scan URL

URL: https://www.jabank.org/app/
Title: JAバンクのアプリで口座を簡単管理！詳しくはこちら

Search URL Search Domain Scan URL

URL: https://www.jabank.org/moneyforward/
Title: JAバンクのお客さまの家計・資産管理をサポート詳しくはこちら

Search URL Search Domain Scan URL

URL: https://ja-netloan.jp/mycar/summary/0400/3647/
Title: 新車や中古車の購入に！修理費や車検にも使える！詳しくはこちら

Search URL Search Domain Scan URL

URL: https://ja-netloan.jp/kyoiku1/summary/0400/3647/
Title: 入学金や授業料など幅広い教育資金に使える！詳しくはこちら

Search URL Search Domain Scan URL

URL: https://ja-netloan.jp/kyoiku2/summary/0400/3647/
Title: 教材費やひとり暮らしの家賃など繰り返し使える！詳しくはこちら

Search URL Search Domain Scan URL

URL: https://ja-netloan.jp/reform/summary/0400/3647/
Title: 住宅の増改築・改装などリフォームに使える！詳しくはこちら

Search URL Search Domain Scan URL

URL: http://www.jabank.org/attention/atoz/
Title: 不正送金防止AtoZ

Search URL Search Domain Scan URL

URL: http://www.jabank.org/attention/
Title: 金融犯罪にご注意ください

Search URL Search Domain Scan URL

URL: https://www.houjinnet.jabank.jp/
Title: 法人JAネットバンク

Search URL Search Domain Scan URL

URL: https://www.jabank.org/
Title: JAバンク

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://huiyuanmei.com/ HTTP 307
https://huiyuanmei.com/ HTTP 301
https://wengaobo.com/ HTTP 302
https://wengaobo.com/top/client/select_PC.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request select_PC.php Show response
wengaobo.com/top/client/
Redirect Chain

http://huiyuanmei.com/
https://huiyuanmei.com/
https://wengaobo.com/
https://wengaobo.com/top/client/select_PC.php

1 MB
57 KB

883ms
882ms

Document
text/html

103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to

Full URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: 67f6780e1dc14fba86a193affddba8aaa88a4fdf0a4604bbdbe42af21b428d8f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Wed, 27 Nov 2024 06:36:44 GMT
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Request-Id: a47f36d6e6759cea84078440442298ee

Redirect headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Type: text/html;charset=utf-8
Date: Wed, 27 Nov 2024 06:36:43 GMT
Transfer-Encoding: chunked
X-Request-Id: 6b96014cf7dbfbe0601d2095df3c66d1
location: /top/client/select_PC.php

GET
H/1.1 200
OK styles.min.css
wengaobo.com/top/css/ 173 KB
32 KB 1128ms
1026ms Stylesheet
text/css 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to

Full URL: https://wengaobo.com/top/css/styles.min.css?v=lTQRaH5qV71gZ-ZJ1BNiHZmNpQDzugvVsPBTwvDot1A
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: 6ebb24ac3e681b55f8d8231fd4356bf8df0e2a48acef0a979160712b1138d2fb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/client/select_PC.php

Response headers

Transfer-Encoding: chunked
X-Request-Id: 52f75e35da244f0085491b1bb1b79ff7
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"65d67fbc-2b44b"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:06:45 GMT
Date: Wed, 27 Nov 2024 06:36:45 GMT
cache-status: HIT
Content-Type: text/css
Last-Modified: Wed, 21 Feb 2024 22:57:00 GMT
Vary: Accept-Encoding

GET
H2 200 headlogo.svg
www.jabank.jp/common/re/img/common/ 4 KB
2 KB 20ms
11ms Image
image/svg+xml 18.65.185.4
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.jabank.jp/common/re/img/common/headlogo.svg

Requested by

Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.65.185.4 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-65-185-4.nrt57.r.cloudfront.net

Software

/ ASP.NET

Resource Hash

c8a651b6108904b89e3eeff900477c68e27258a4cbba0710ae7082e7e88ce785

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/

Response headers

content-encoding: gzip
etag: W/"1d82ebcd6ce4e0d"
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-amz-cf-id: OWsl2B0XG1oV2PwLKLCGUW0JmzhHl6ZmPrNAvIbhDFB04iV19k3mtA==
date: Wed, 27 Nov 2024 06:36:44 GMT
content-type: image/svg+xml
last-modified: Thu, 03 Mar 2022 05:09:20 GMT
vary: accept-encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000;
x-download-options: noopen
via: 1.1 d55c8c4c436c0f8ae6ad19ea6aabeb56.cloudfront.net (CloudFront)
x-xss-protection: 1; mode=block
x-amz-cf-pop: NRT57-P2
x-powered-by: ASP.NET
server

GET
H/1.1 200
OK mod_img_sprite.png
wengaobo.com/top/img/ 39 KB
39 KB 636ms
635ms Image
image/png 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wengaobo.com/top/img/mod_img_sprite.png
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/css/styles.min.css?v=lTQRaH5qV71gZ-ZJ1BNiHZmNpQDzugvVsPBTwvDot1A
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: f059196fb704137f0ae5ec86c89293048c2889d0ad0a9d8634b1e02e17d7fa1f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/css/styles.min.css?v=lTQRaH5qV71gZ-ZJ1BNiHZmNpQDzugvVsPBTwvDot1A

Response headers

Transfer-Encoding: chunked
X-Request-Id: c79999f63aace10af654fc22bedd4bb5
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"65d68000-9b0d"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:06:46 GMT
Date: Wed, 27 Nov 2024 06:36:46 GMT
cache-status: HIT
Content-Type: image/png
Last-Modified: Wed, 21 Feb 2024 22:58:08 GMT
Vary: Accept-Encoding

GET
H2 200 F3FgAALpKFY
www.youtube.com/embed/ Frame 8258 0
0 113ms
76ms Document
text/html 2404:6800:4004:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/F3FgAALpKFY?rel=0

Requested by

Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:820::200e , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wengaobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-security-policy: require-trusted-types-for 'script'
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Wed, 27 Nov 2024 06:37:03 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=ja for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK mv2.jpg
wengaobo.com/top/img/ 108 KB
102 KB 2156ms
103ms Image
image/jpeg 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wengaobo.com/top/img/mv2.jpg
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: 79927082a41446588536539326b88ddd4184bd520c4d4ee8f4036f368c3d914d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/client/select_PC.php

Response headers

Transfer-Encoding: chunked
X-Request-Id: 18c07bc80afeb3bf1641d23f4aebd8a7
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"65d67fbc-1aebc"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:07:05 GMT
Date: Wed, 27 Nov 2024 06:37:05 GMT
cache-status: HIT
Content-Type: image/jpeg
Last-Modified: Wed, 21 Feb 2024 22:57:00 GMT
Vary: Accept-Encoding

GET
H/1.1 200
OK mv3.jpg
wengaobo.com/top/img/ 310 KB
291 KB 4248ms
1079ms Image
image/jpeg 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wengaobo.com/top/img/mv3.jpg
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: 856cbbc2b05373001887e49ccaca69d94528820ffadea82f53651e8fb825eed6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/client/select_PC.php

Response headers

Transfer-Encoding: chunked
X-Request-Id: 4e990b4962daca424702bf3f6fb9d045
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"65d68000-4d9be"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:07:07 GMT
Date: Wed, 27 Nov 2024 06:37:07 GMT
cache-status: HIT
Content-Type: image/jpeg
Last-Modified: Wed, 21 Feb 2024 22:58:08 GMT
Vary: Accept-Encoding

GET
H/1.1 200
OK tamokuteki.gif
wengaobo.com/top/img/ 9 KB
9 KB 7671ms
1093ms Image
image/gif 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wengaobo.com/top/img/tamokuteki.gif
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: d0dc8fbbb93428aabd54cc72131ac06d45eda6a6b3269c51ba838dd7dc022ac7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/client/select_PC.php

Response headers

Transfer-Encoding: chunked
X-Request-Id: 39509427341b8b3fa294eeb0149019d7
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"65d67fbc-245c"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:07:11 GMT
Date: Wed, 27 Nov 2024 06:37:11 GMT
cache-status: HIT
Content-Type: image/gif
Last-Modified: Wed, 21 Feb 2024 22:57:00 GMT
Vary: Accept-Encoding

GET
H/1.1 200
OK free.gif
wengaobo.com/top/img/ 10 KB
10 KB 8880ms
53ms Image
image/gif 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wengaobo.com/top/img/free.gif
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: 089e777d189bd17b93acef0f9e67bcacb6129e9fc173a7bd3b503489dff19950

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/client/select_PC.php

Response headers

Transfer-Encoding: chunked
X-Request-Id: 7971cb618c3d3ef11dfa1cb1a11893ad
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"65d67fbe-2604"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:07:12 GMT
Date: Wed, 27 Nov 2024 06:37:12 GMT
cache-status: HIT
Content-Type: image/gif
Last-Modified: Wed, 21 Feb 2024 22:57:02 GMT
Vary: Accept-Encoding

GET
H/1.1 200
OK app_maff.png
wengaobo.com/top/img/ 19 KB
19 KB 8936ms
52ms Image
image/png 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wengaobo.com/top/img/app_maff.png
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: ad62511147e4b11fccbad5fde047c899334a03712ac0c34efca51f7fa824b057

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/client/select_PC.php

Response headers

Transfer-Encoding: chunked
X-Request-Id: 096a780b151f912f7abcdc5817524d64
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"65d67fbe-4af7"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:07:12 GMT
Date: Wed, 27 Nov 2024 06:37:12 GMT
cache-status: HIT
Content-Type: image/png
Last-Modified: Wed, 21 Feb 2024 22:57:02 GMT
Vary: Accept-Encoding

GET
H/1.1 200
OK atm.gif
wengaobo.com/top/img/ 7 KB
7 KB 10033ms
1094ms Image
image/gif 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wengaobo.com/top/img/atm.gif
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: b5e476cf9722167992efe764d6a6cc792dac5e281b57552e31dcd6e2e82271ad

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/client/select_PC.php

Response headers

Transfer-Encoding: chunked
X-Request-Id: ff0f38e36f3342c48928994c839afc20
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"65d67fbe-1a8c"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:07:13 GMT
Date: Wed, 27 Nov 2024 06:37:13 GMT
cache-status: HIT
Content-Type: image/gif
Last-Modified: Wed, 21 Feb 2024 22:57:02 GMT
Vary: Accept-Encoding

GET
H/1.1 200
OK jabnkapp.gif
wengaobo.com/top/img/ 14 KB
14 KB 2357ms
52ms Image
image/gif 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wengaobo.com/top/img/jabnkapp.gif
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: a61b774e6e3ec8e23991d72d777667fd8559e22552b8fc1318a99dfc072f5cdd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/client/select_PC.php

Response headers

Transfer-Encoding: chunked
X-Request-Id: c068eb348df2af00670263b22a8fde01
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"65d67fbc-3732"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:07:13 GMT
Date: Wed, 27 Nov 2024 06:37:13 GMT
cache-status: HIT
Content-Type: image/gif
Last-Modified: Wed, 21 Feb 2024 22:57:00 GMT
Vary: Accept-Encoding

GET moneyforward.gif
wengaobo.com/top/img/ 0
0

GET mycar.gif
wengaobo.com/top/img/ 0
0

GET kyoiku1.gif
wengaobo.com/top/img/ 0
0

GET kyoiku2.gif
wengaobo.com/top/img/ 0
0

GET reform.gif
wengaobo.com/top/img/ 0
0

GET vue.js
wengaobo.com/top/js/ 0
0

GET
H/1.1 200
OK jquery-3.5.1.js Show response
wengaobo.com/top/js/ 281 KB
97 KB 1147ms
52ms Script
application/javascript 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to

Full URL: https://wengaobo.com/top/js/jquery-3.5.1.js
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: 416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/client/select_PC.php

Response headers

Transfer-Encoding: chunked
X-Request-Id: 9aa079073a8c39b88564639ba824355a
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"65d68252-4638e"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:07:11 GMT
Date: Wed, 27 Nov 2024 06:37:11 GMT
cache-status: HIT
Content-Type: application/javascript
Last-Modified: Wed, 21 Feb 2024 23:08:02 GMT
Vary: Accept-Encoding

GET
H/1.1 200
OK select_pc.js Show response
wengaobo.com/top/js/ 5 KB
2 KB 1152ms
1088ms Script
application/javascript 103.101.191.141
ANTBOX1-AS-AP Ant...

General

Check archive.org

Show headers Download Go to

Full URL: https://wengaobo.com/top/js/select_pc.js
Requested by: Host: wengaobo.com
URL: https://wengaobo.com/top/client/select_PC.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.101.191.141 Seoul, Korea, Republic Of, ASN138995 (ANTBOX1-AS-AP Antbox Networks Limited, HK),
Reverse DNS
Software: /
Resource Hash: 7b6f949e1c0f359692f129098311a102693db43b980c5b21b46750c36f54886e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://wengaobo.com/top/client/select_PC.php

Response headers

Transfer-Encoding: chunked
X-Request-Id: 0d595ebbeab1b715590e3fc702283a1f
Cache-Control: max-age=1800
Content-Encoding: gzip
ETag: W/"670ca3d9-14b1"
Connection: keep-alive
Expires: Wed, 27 Nov 2024 07:07:12 GMT
Date: Wed, 27 Nov 2024 06:37:12 GMT
cache-status: HIT
Content-Type: application/javascript
Last-Modified: Mon, 14 Oct 2024 04:53:45 GMT
Vary: Accept-Encoding

GET tabBg.gif
wengaobo.com/top/img/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: wengaobo.com
URL: https://wengaobo.com/top/img/moneyforward.gif

Domain: wengaobo.com
URL: https://wengaobo.com/top/img/mycar.gif

Domain: wengaobo.com
URL: https://wengaobo.com/top/img/kyoiku1.gif

Domain: wengaobo.com
URL: https://wengaobo.com/top/img/kyoiku2.gif

Domain: wengaobo.com
URL: https://wengaobo.com/top/img/reform.gif

Domain: wengaobo.com
URL: https://wengaobo.com/top/js/vue.js

Domain: wengaobo.com
URL: https://wengaobo.com/top/img/tabBg.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: JA Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
huiyuanmei.com/	1969-12-31 23:59:59	Name: X-CDN-WAF-R-C Value: 0001692079
wengaobo.com/	1969-12-31 23:59:59	Name: X-CDN-WAF-R-C Value: 0001692079
www.jabank.jp/	1970-01-21 01:28:14	Name: AWSALBCORS Value: 4JnfZcDHCRZRyog//9FM+F5n3sTJdt1npsajHgTSbYQ1FxavJivnbwG0qpVDrcuFK0AuRj/BZqjwp0Gpt0qWfoqoHYBa8FjljEruu18ynxJKl5IhkEqAeaWiClpM
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: Ie7btzMdEWs
.youtube.com/	1970-01-21 05:37:21	Name: VISITOR_INFO1_LIVE Value: ZFRgMTtKu6Y
.youtube.com/	1970-01-21 05:37:21	Name: VISITOR_PRIVACY_METADATA Value: CgJKUBIEGgAgCw%3D%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

huiyuanmei.com
wengaobo.com
www.jabank.jp
www.youtube.com
wengaobo.com
103.101.191.141
18.65.185.4
2404:6800:4004:820::200e
089e777d189bd17b93acef0f9e67bcacb6129e9fc173a7bd3b503489dff19950
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
67f6780e1dc14fba86a193affddba8aaa88a4fdf0a4604bbdbe42af21b428d8f
6ebb24ac3e681b55f8d8231fd4356bf8df0e2a48acef0a979160712b1138d2fb
79927082a41446588536539326b88ddd4184bd520c4d4ee8f4036f368c3d914d
7b6f949e1c0f359692f129098311a102693db43b980c5b21b46750c36f54886e
856cbbc2b05373001887e49ccaca69d94528820ffadea82f53651e8fb825eed6
a61b774e6e3ec8e23991d72d777667fd8559e22552b8fc1318a99dfc072f5cdd
ad62511147e4b11fccbad5fde047c899334a03712ac0c34efca51f7fa824b057
b5e476cf9722167992efe764d6a6cc792dac5e281b57552e31dcd6e2e82271ad
c8a651b6108904b89e3eeff900477c68e27258a4cbba0710ae7082e7e88ce785
d0dc8fbbb93428aabd54cc72131ac06d45eda6a6b3269c51ba838dd7dc022ac7
f059196fb704137f0ae5ec86c89293048c2889d0ad0a9d8634b1e02e17d7fa1f

wengaobo.com Open in urlscan Pro 103.101.191.141 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

67 %HTTPS

33 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

679 kBTransfer

2195 kBSize

6 Cookies

22 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

6 Cookies

Indicators

wengaobo.com Open in urlscan Pro
103.101.191.141 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

67 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

679 kB
Transfer

2195 kB
Size

6
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!