wentbc.com Open in urlscan Pro
143.92.60.46 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://wentbc.com/
Submission: On April 26 via api (April 26th 2023, 12:22:44 pm UTC) from DE — Scanned from DE

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 143.92.60.46, located in Hong Kong and belongs to BCPL-SG BGPNET Global ASN, SG. The main domain is wentbc.com.

This is the only time wentbc.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
12	143.92.60.46 143.92.60.46	64050 (BCPL-SG B...) (BCPL-SG BGPNET Global ASN)
1	103.143.19.103 103.143.19.103	134760 (CHINANET-...) (CHINANET-HEBEI-SHIJIAZHUANG-IDC Shijiazhuang IDC network)
14	3

12 143.92.60.46 (Hong Kong)

ASN64050 (BCPL-SG BGPNET Global ASN, SG)

wentbc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.143.19.103 (China)

ASN134760 (CHINANET-HEBEI-SHIJIAZHUANG-IDC Shijiazhuang IDC network, CHINANET Hebei province, CN)

js.users.51.la	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	wentbc.com wentbc.com	644 KB
1	51.la js.users.51.la — Cisco Umbrella Rank: 52820
0	whatsapp.com Failed web.whatsapp.com Failed
14	3

	Domain	Requested by
12	wentbc.com	wentbc.com
1	js.users.51.la	wentbc.com
0	web.whatsapp.com Failed	wentbc.com
14	3

This site contains links to these domains. Also see Links.

Domain
faq.whatsapp.com

Subject Issuer	Validity	Valid
*.users.51.la GlobalSign GCC R3 DV TLS CA 2020	`2023-04-14` - `2024-05-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://wentbc.com/
Frame ID: 1B199C82401D80381946FBD3ADC22A07
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

7 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

644 kB
Transfer

643 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://faq.whatsapp.com/web/download-and-installation/how-to-log-in-or-out?lang=zh-CN
Title: 需要登入帮助吗？

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response wentbc.com/	12 KB 12 KB	408ms 195ms	Document text/html	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Full URL http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `f70c749601d122c19444119f3a0a1dd3169d2a91ad3f68e496ff6d2d8988c80e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Type text/html Date Wed, 26 Apr 2023 12:22:34 GMT Keep-Alive timeout=5 Transfer-Encoding chunked
GET H/1.1	200 OK	stylex-2d46744708947781f1f33a0069cbc308.css wentbc.com/WhatsApp_files/	114 KB 114 KB	392ms 197ms	Stylesheet text/plain	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Full URL http://wentbc.com/WhatsApp_files/stylex-2d46744708947781f1f33a0069cbc308.css Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca` Request headers accept-language de-DE,de;q=0.9 Referer http://wentbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:35 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked
GET H/1.1	200 OK	bootstrap_qr-e2b403f65ed52d327e90.css wentbc.com/WhatsApp_files/	173 KB 173 KB	399ms 201ms	Stylesheet text/plain	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Full URL http://wentbc.com/WhatsApp_files/bootstrap_qr-e2b403f65ed52d327e90.css Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `59d4eb8a3be2027e81bba7da480f0e087a5b97003767549737d40d5196d551cf` Request headers accept-language de-DE,de;q=0.9 Referer http://wentbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:35 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked
GET H/1.1	200 OK	bootstrap_main.9d6050e3d2fff5b782d3.css wentbc.com/WhatsApp_files/	226 KB 226 KB	404ms 203ms	Stylesheet text/plain	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Full URL http://wentbc.com/WhatsApp_files/bootstrap_main.9d6050e3d2fff5b782d3.css Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `0493d6015e39574e3fcbcaae7f0b99ffc91878ea89f53c143a0d84e45d2d49fe` Request headers accept-language de-DE,de;q=0.9 Referer http://wentbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:35 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked
GET H/1.1	200 OK	jquery.min.js Show response wentbc.com/WhatsApp_files/	91 KB 91 KB	408ms 205ms	Script text/plain	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Full URL http://wentbc.com/WhatsApp_files/jquery.min.js Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e` Request headers accept-language de-DE,de;q=0.9 Referer http://wentbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:35 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked
GET H/1.1	200 OK	jquery.cookie.js Show response wentbc.com/WhatsApp_files/	3 KB 3 KB	426ms 214ms	Script text/plain	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Full URL http://wentbc.com/WhatsApp_files/jquery.cookie.js Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8` Request headers accept-language de-DE,de;q=0.9 Referer http://wentbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:35 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked
GET H/1.1	200 OK	whatsapp.js Show response wentbc.com/	1 KB 2 KB	640ms 213ms	Script text/plain	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Full URL http://wentbc.com/whatsapp.js Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `522a33e4b6e74764b79b8e503ac44b12a7c502acc50b5178effbcc822b2a3240` Request headers accept-language de-DE,de;q=0.9 Referer http://wentbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:35 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked
GET H/1.1	200 OK	video.png wentbc.com/img/	16 KB 16 KB	203ms 203ms	Image image/png	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Show image Full URL http://wentbc.com/img/video.png Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994` Request headers Referer http://wentbc.com/ Origin http://wentbc.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:39 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked
GET		binary-transparency-manifest-2.2232.8.json web.whatsapp.com/	0 0

GET H/1.1	200 OK	libsignal-protocol-ee5b8ba.min.js.%E4%B8%8B%E8%BD%BD Show response wentbc.com/WhatsApp_files/	110 B 252 B	201ms 201ms	Script text/plain	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Full URL http://wentbc.com/WhatsApp_files/libsignal-protocol-ee5b8ba.min.js.%E4%B8%8B%E8%BD%BD Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `dc5f95f3dbf905083281f7ed43cc985bbf7731ef6cb5fd90392a06c2299d68e5` Request headers accept-language de-DE,de;q=0.9 Referer http://wentbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:38 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked
GET H/1.1	200 OK	runtime.88c356058afe3d58a508.js.%E4%B8%8B%E8%BD%BD Show response wentbc.com/WhatsApp_files/	108 B 250 B	199ms 199ms	Script text/plain	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Full URL http://wentbc.com/WhatsApp_files/runtime.88c356058afe3d58a508.js.%E4%B8%8B%E8%BD%BD Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `99f8e9c5039ae23eec062f4e1f570acf708ac0c9f0398a9b835ac8e12976a244` Request headers accept-language de-DE,de;q=0.9 Referer http://wentbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:39 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked
GET H/1.1	403 Forbidden	21494945.js js.users.51.la/	0 0	1032ms 326ms	Script application/javascript	103.143.19.103 CHINANET-HEBEI-SH...
General Check archive.org Show headers Download Go to Full URL https://js.users.51.la/21494945.js Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 103.143.19.103 , China, ASN134760 (CHINANET-HEBEI-SHIJIAZHUANG-IDC Shijiazhuang IDC network, CHINANET Hebei province, CN), Reverse DNS Software CloudWAF / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://wentbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:39 GMT Content-Encoding gzip Server CloudWAF Connection keep-alive Transfer-Encoding chunked Content-Type application/javascript; charset=utf-8
GET H/1.1	200 OK	walid Show response wentbc.com/whatsapp/	46 B 188 B	212ms 212ms	XHR text/plain	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Full URL http://wentbc.com/whatsapp/walid?sesskey=fc9d2b9c-a5d4-4d36-ac29-9b7dd2cb4397 Requested by Host: wentbc.com URL: http://wentbc.com/WhatsApp_files/jquery.min.js Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `ae9fdf03babdb5d050f36a651732a29128377217d38d08a17d7157d056a1960b` Request headers Accept / Referer http://wentbc.com/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:39 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked
GET H/1.1	200 OK	qrcode wentbc.com/whatsapp/	7 KB 8 KB	2190ms 2190ms	Image image/png	143.92.60.46 BCPL-SG BGPNET Gl...
General Check archive.org Show headers Download Go to Show image Full URL http://wentbc.com/whatsapp/qrcode?sesskey=fc9d2b9c-a5d4-4d36-ac29-9b7dd2cb4397&t=1682511760034 Requested by Host: wentbc.com URL: http://wentbc.com/ Protocol HTTP/1.1 Server 143.92.60.46 , Hong Kong, ASN64050 (BCPL-SG BGPNET Global ASN, SG), Reverse DNS Software / Resource Hash `6827083a0cdd1129782382536512db5155a906ee651dc24e926d2fdd90334f5b` Request headers accept-language de-DE,de;q=0.9 Referer http://wentbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36 Response headers Date Wed, 26 Apr 2023 12:22:42 GMT Connection keep-alive Keep-Alive timeout=5 Transfer-Encoding chunked Content-Type image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.whatsapp.com
URL: https://web.whatsapp.com/binary-transparency-manifest-2.2232.8.json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://wentbc.com/ Message: Access to link element resource at 'https://web.whatsapp.com/binary-transparency-manifest-2.2232.8.json' from origin 'http://wentbc.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://web.whatsapp.com/binary-transparency-manifest-2.2232.8.json Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://js.users.51.la/21494945.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

js.users.51.la
web.whatsapp.com
wentbc.com
web.whatsapp.com
103.143.19.103
143.92.60.46
0493d6015e39574e3fcbcaae7f0b99ffc91878ea89f53c143a0d84e45d2d49fe
522a33e4b6e74764b79b8e503ac44b12a7c502acc50b5178effbcc822b2a3240
59d4eb8a3be2027e81bba7da480f0e087a5b97003767549737d40d5196d551cf
6827083a0cdd1129782382536512db5155a906ee651dc24e926d2fdd90334f5b
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
99f8e9c5039ae23eec062f4e1f570acf708ac0c9f0398a9b835ac8e12976a244
ae9fdf03babdb5d050f36a651732a29128377217d38d08a17d7157d056a1960b
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
dc5f95f3dbf905083281f7ed43cc985bbf7731ef6cb5fd90392a06c2299d68e5
f70c749601d122c19444119f3a0a1dd3169d2a91ad3f68e496ff6d2d8988c80e

wentbc.com Open in urlscan Pro 143.92.60.46 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

14 Requests

7 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

644 kBTransfer

643 kBSize

0 Cookies

1 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

wentbc.com Open in urlscan Pro
143.92.60.46 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

7 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

644 kB
Transfer

643 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!