spzwqaq.cn Open in urlscan Pro
2606:4700:3033::6815:1c6c  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://yudvxue.cn/?bank Page URL
2. https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Page URL
3. https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response yudvxue.cn/	224 B 345 B	1519ms 127ms	Document text/html	23.94.73.208 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://yudvxue.cn/?bank Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.73.208 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS mail1.fkvytbaq.cn Software nginx / Resource Hash 9207caaf79f20da386783d5ba03e0e308f8eec0d31ebf6e81b6c26cf662c0c8e Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers accept-ranges bytes content-length 224 content-type text/html date Wed, 11 May 2022 12:03:13 GMT etag "626f980f-e0" last-modified Mon, 02 May 2022 08:36:31 GMT server nginx
GET H2	200	1.js yudvxue.cn/	321 B 503 B	127ms 127ms	Script application/javascript	23.94.73.208 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://yudvxue.cn/1.js Requested by Host: yudvxue.cn URL: https://yudvxue.cn/?bank Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.94.73.208 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS mail1.fkvytbaq.cn Software nginx / Resource Hash Request headers accept-language jp-JP,jp;q=0.9 Referer https://yudvxue.cn/?bank User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 11 May 2022 12:03:13 GMT last-modified Sat, 07 May 2022 10:08:51 GMT server nginx etag "62764533-141" content-type application/javascript cache-control max-age=43200 accept-ranges bytes content-length 321 expires Thu, 12 May 2022 00:03:13 GMT
GET H2	503	wctx1D1DFxFDg.do.php Show response spzwqaq.cn/	11 KB 12 KB	22ms 12ms	Document text/html	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Requested by Host: yudvxue.cn URL: https://yudvxue.cn/1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 043c9d6fed1a50ef3fb714b8ec404db3dc2166ffdec9a3d947075672f4481f72 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://yudvxue.cn/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 709ac52b3acf34ab-NRT content-type text/html; charset=UTF-8 date Wed, 11 May 2022 12:03:13 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 01 Jan 1970 00:00:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} permissions-policy accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tjS2J1t7aoWKybpspNknL61ug662tcjUA3xevfYk4dy6fXUy05s780JmGt1ThHodixjXstk3v4MijKnrfh8ml4xxiPK8JknFYKF8a8dvv5Gva4SsNxQ26PRj%2FmeZBDmvgdwujAKWgAED"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-frame-options SAMEORIGIN
GET H2	200	v1 Show response spzwqaq.cn/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/	41 KB 15 KB	19ms 18ms	Script application/javascript	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://spzwqaq.cn/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1?ray=709ac52b3acf34ab Requested by Host: spzwqaq.cn URL: https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6458a5a173ceff566d20cef7434b9762dd3ada84ac1a9c81626df37414ef7bfa Request headers accept-language jp-JP,jp;q=0.9 Referer https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F&__cf_chl_rt_tk=O7XkxIFiLR0mCrNrwltqV8YtPr7r1qCu3c6olRdN8.k-1652270593-0-gaNycGzNCFE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 11 May 2022 12:03:13 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0KOpH8x0CnT%2Bw2Xgu8E8WhEqB7ms9q1emWfrdtnH3N6YRlkYEDbG6EMq1yZt4at7A9EN7IgkuZNKuT0bf8AGmswsfz8RFSRNw%2FVnZIly3LMoYmGYYl6vrOKcaAwq69XtaOLuL094%2FWQO"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=0, must-revalidate cf-ray 709ac52b7b3134ab-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	transparent.gif spzwqaq.cn/cdn-cgi/images/trace/jschal/js/	42 B 220 B	4ms 3ms	Image image/gif	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://spzwqaq.cn/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=709ac52b3acf34ab Requested by Host: spzwqaq.cn URL: https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F&__cf_chl_rt_tk=O7XkxIFiLR0mCrNrwltqV8YtPr7r1qCu3c6olRdN8.k-1652270593-0-gaNycGzNCFE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language jp-JP,jp;q=0.9 Referer https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F&__cf_chl_rt_tk=O7XkxIFiLR0mCrNrwltqV8YtPr7r1qCu3c6olRdN8.k-1652270593-0-gaNycGzNCFE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 11 May 2022 12:03:13 GMT x-content-type-options nosniff last-modified Fri, 06 May 2022 15:54:08 GMT server cloudflare etag "627544a0-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 709ac52b7b3234ab-NRT vary Accept-Encoding content-length 42 expires Wed, 11 May 2022 14:03:13 GMT
GET H2	200	transparent.gif spzwqaq.cn/cdn-cgi/images/trace/jschal/nojs/	42 B 101 B	3ms 3ms	Image image/gif	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://spzwqaq.cn/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=709ac52b3acf34ab Requested by Host: spzwqaq.cn URL: https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F&__cf_chl_rt_tk=O7XkxIFiLR0mCrNrwltqV8YtPr7r1qCu3c6olRdN8.k-1652270593-0-gaNycGzNCFE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language jp-JP,jp;q=0.9 Referer https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F&__cf_chl_rt_tk=O7XkxIFiLR0mCrNrwltqV8YtPr7r1qCu3c6olRdN8.k-1652270593-0-gaNycGzNCFE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 11 May 2022 12:03:13 GMT x-content-type-options nosniff last-modified Fri, 06 May 2022 15:54:08 GMT server cloudflare etag "627544a0-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 709ac52b7b3434ab-NRT vary Accept-Encoding content-length 42 expires Wed, 11 May 2022 14:03:13 GMT
POST H3	200	9e424c79f737e5d Show response spzwqaq.cn/cdn-cgi/challenge-platform/h/b/flow/ov1/0.5477676572092114:1652267547:a13df54187118a0318554699d4fca7c02304b7881fc69a8263c4af27c1356062/709ac52b3acf34ab/	99 KB 59 KB	59ms 58ms	XHR text/plain	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://spzwqaq.cn/cdn-cgi/challenge-platform/h/b/flow/ov1/0.5477676572092114:1652267547:a13df54187118a0318554699d4fca7c02304b7881fc69a8263c4af27c1356062/709ac52b3acf34ab/9e424c79f737e5d Requested by Host: spzwqaq.cn URL: https://spzwqaq.cn/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1?ray=709ac52b3acf34ab Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d067d7affe028973df8ad4467cfd8b9cae255cafb0255bf47b076089f3c1ab3f Request headers Referer https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 CF-Challenge 9e424c79f737e5d Content-type application/x-www-form-urlencoded Response headers date Wed, 11 May 2022 12:03:14 GMT content-encoding br cf_chl_gen b9hVfrh1UAcr5mOTOgJgD81qZY4Vy33x82/yH0LYYROZKi2k6wbWibpBdec0ivoQ7na/+3U4cUF+vbOERIzPfIZhmtbT6LzLhXInOwXQhDhQjlKjp9Lz2iyrcbVrEUqoxGs5eHLchEicP21N5+v+bXB8XZo1vAndInXGhfR4IVPBCe+SF4Xs+IOZ2SVceQyBcVabnQT1rrqAui/OpuU22k+dI6mG58yi2/AGVX3O2t5AK4FoXGOrGE3ArlBETQRLAa4oH6s0MTp3oRRbs2sU6rNtnXnYUPI0Z9XjgUicYm49qvsfudsVRqd+hINUu4fwZ0xMsifKi2HuDzvAGGXbAWPe1SbY7Ed+e/x+IgQV1wVEq7lwL2DpL9XLuIMnpWg5$6xWvU5k4gptR/M+g/6F5vg== nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GaEKSgDt0%2BXesVOn8dCZNL58%2BJkQRU9l66K1g4EWE%2BV%2BcoDVVKaVCKbSDj0J%2FN0mZdFTZETAjXv68E6k0hTBt49O6IKzbX9jTTQTrcWH2I9LDT%2BvqDpUEd307M1tF7dUsEMLoloQSiZO"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 709ac52c5fd08a96-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET DATA	200 OK	truncated /	68 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058 Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type image/png
GET H3	200	KmZSTL9YVtcrRAD spzwqaq.cn/cdn-cgi/challenge-platform/h/b/img/709ac52b3acf34ab/1652270593990/	61 B 515 B	29ms 29ms	Image image/png	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://spzwqaq.cn/cdn-cgi/challenge-platform/h/b/img/709ac52b3acf34ab/1652270593990/KmZSTL9YVtcrRAD Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c2e5c90ffe43a8e524017bac31987f06b89c742ab6e1020ea416de285779a2e1 Request headers accept-language jp-JP,jp;q=0.9 Referer https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 11 May 2022 12:03:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UdKyEP2dEy2%2FubOD47A70Fu6CGOFgXvKZ4tBufWmjOCgOHwQopEQc8BtCqeVbXrdlLhDR0OA%2F3%2Bs0tvdGCpnPq8if%2BbtNR7zyMwVxU%2BVVZIwIhaNK3NyhVn4C%2FO2aExcrgK%2Fg8F2ueL0"}],"group":"cf-nel","max_age":604800} content-type image/png cf-ray 709ac53168af8a96-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	9e424c79f737e5d Show response spzwqaq.cn/cdn-cgi/challenge-platform/h/b/flow/ov1/0.5477676572092114:1652267547:a13df54187118a0318554699d4fca7c02304b7881fc69a8263c4af27c1356062/709ac52b3acf34ab/	1 KB 2 KB	76ms 75ms	XHR text/html	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://spzwqaq.cn/cdn-cgi/challenge-platform/h/b/flow/ov1/0.5477676572092114:1652267547:a13df54187118a0318554699d4fca7c02304b7881fc69a8263c4af27c1356062/709ac52b3acf34ab/9e424c79f737e5d Requested by Host: spzwqaq.cn URL: https://spzwqaq.cn/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1?ray=709ac52b3acf34ab Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8d6926922faa83e4172e5058a4de23517da96eba4d41bb8ca962d149deb58bdb Request headers Referer https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 CF-Challenge 9e424c79f737e5d Content-type application/x-www-form-urlencoded Response headers date Wed, 11 May 2022 12:03:15 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf_chl_out DkWo2alsq+ux2j/wuomVhU9TJoqmPJYEiqU6dj2GWPvUnbjX4vjUPTwcVHr5ldbi7hrpnt/YsefmyYfaAbzIwQ==$QRyjXOSO2atnP+XtvdOsfg== expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SErRH7bnOalQEtdRLU0Ha11xqxxuJXRTtuunEJwJkrI5MKg%2BQ5aezU32H08akIqOHylSrydvldYpuB65gFeEYr8wt8CyLpjl%2FUwa40NWCx8cZeDLXWEkKlhH8xm0dm8WS9T%2BzH48e7TV"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf_chl_out_s uvesq3d2v/X+8/aNVrxV3NGGipkyGkkiXd1kLC0Ucxdx/eR3oM+geLhGLSsX5D8mNSSnvkVjuLIPalmVN7IGenflU3a9ME40p4wSsuNsJICGRauEgBPZIiIb9NKYcQgVSJTHssj8aasNXLN8Kp9xUjjmY9OYQhHE+GZzeXyXUCL8UcL5uT6UV1oH0P0TBOptnxkVgr3tgBpxVeVL+i/sdKQzhyHbDETr0rqYkuvIToSVmz9HcvUpXBIu6ENjn62zyaeG8RNxWoj12LR+gsIqAGWVZnYkVj5D1zARaLkJ1fFQQq7xadFjmVDTAkigyUSIkZEwM4u7L5jDfL3b4alT6GciF+/F6MiwJqVr132kYKfy5oxhJa99dKwdOSJ7MpMsUlxP2x39oZQoZDuLK2Ljh+GASa6avSPxjCqfdpx+scxanM82r+1ZQpfShqR4okavVgKIgjgxv2DAhRtRRipuFtgo5NFSoLtRMVpCPcT3t0Y8Y4P93jxr7mgBKltTCfUU3OrUhQ6FaOArCojQmDRCgRfu7lqRGu0SKq3QbSH4Ig8=$NSUDenh0bc/JU+ERK/pyBA== cf-ray 709ac5382d6c8a96-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	503	Primary Request wctx1D1DFxFDg.do.php Show response spzwqaq.cn/	11 KB 11 KB	19ms 19ms	Document text/html	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Requested by Host: yudvxue.cn URL: https://yudvxue.cn/?bank Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 419edbf3d699cb960da110af48d8b1a755fb13e771834b1d620dd473b2d8b335 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 709ac5453ee68a96-NRT content-type text/html; charset=UTF-8 date Wed, 11 May 2022 12:03:17 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 01 Jan 1970 00:00:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} permissions-policy accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3QWhan%2BRKqPOWFc%2F%2BokKhfcS3Vl0J6tZLobnvkxr%2Fq7lWEI6SOYTLdOWPqDrEg1z%2BntHxYQOVbUOVtBcraYHc8VlA2ab%2F8YWTeANPRt4%2FhgTdy7JhIB83UyKVn03xkpmDNgctyYhG0Fj"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-frame-options SAMEORIGIN
GET H3	200	v1 Show response spzwqaq.cn/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/	41 KB 15 KB	19ms 19ms	Script application/javascript	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://spzwqaq.cn/cdn-cgi/challenge-platform/h/b/orchestrate/jsch/v1?ray=709ac5453ee68a96 Requested by Host: spzwqaq.cn URL: https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6458a5a173ceff566d20cef7434b9762dd3ada84ac1a9c81626df37414ef7bfa Request headers accept-language jp-JP,jp;q=0.9 Referer https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F&__cf_chl_rt_tk=ZrRi3ukj95GWDZpm4fR7uPSECoRZYcd6_q3Tc641E.s-1652270597-0-gaNycGzNBtE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 11 May 2022 12:03:17 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2rGoB9QFXY4JqT9w6pC7Svdp%2BvL0VCwR8X3YepRFe6j1Ra%2FuZXe1ctS4JCibZM3npdDZUMTi5xWqN1aIQmURAAnnVIC%2F6r9IL8pwjpiGtWG9joFc%2BnEGnMbSNuyCQxVB%2BwgEt3HgrQk"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=0, must-revalidate cf-ray 709ac5456f2a8a96-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	transparent.gif spzwqaq.cn/cdn-cgi/images/trace/jschal/js/	42 B 222 B	10ms 10ms	Image image/gif	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://spzwqaq.cn/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=709ac5453ee68a96 Requested by Host: spzwqaq.cn URL: https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F&__cf_chl_rt_tk=ZrRi3ukj95GWDZpm4fR7uPSECoRZYcd6_q3Tc641E.s-1652270597-0-gaNycGzNBtE Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language jp-JP,jp;q=0.9 Referer https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F&__cf_chl_rt_tk=ZrRi3ukj95GWDZpm4fR7uPSECoRZYcd6_q3Tc641E.s-1652270597-0-gaNycGzNBtE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 11 May 2022 12:03:17 GMT x-content-type-options nosniff last-modified Fri, 06 May 2022 15:54:08 GMT server cloudflare etag "627544a0-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 709ac5456f2c8a96-NRT vary Accept-Encoding content-length 42 expires Wed, 11 May 2022 14:03:17 GMT
GET H3	200	transparent.gif spzwqaq.cn/cdn-cgi/images/trace/jschal/nojs/	42 B 222 B	10ms 10ms	Image image/gif	2606:4700:3033::6815:1c6c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://spzwqaq.cn/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=709ac5453ee68a96 Requested by Host: spzwqaq.cn URL: https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F&__cf_chl_rt_tk=ZrRi3ukj95GWDZpm4fR7uPSECoRZYcd6_q3Tc641E.s-1652270597-0-gaNycGzNBtE Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:1c6c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language jp-JP,jp;q=0.9 Referer https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F&__cf_chl_rt_tk=ZrRi3ukj95GWDZpm4fR7uPSECoRZYcd6_q3Tc641E.s-1652270597-0-gaNycGzNBtE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 11 May 2022 12:03:17 GMT x-content-type-options nosniff last-modified Fri, 06 May 2022 15:54:08 GMT server cloudflare etag "627544a0-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 709ac5456f308a96-NRT vary Accept-Encoding content-length 42 expires Wed, 11 May 2022 14:03:17 GMT

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| _cf_chl_opt function| _cf_chl_enter function| sendRequest function| _cf_atob boolean| _cf_chl_done_ran function| _cf_chl_done function| SHA256 object| _cf_chl_ctx object| _

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			spzwqaq.cn/	1970-01-20 02:57:54	Name: cf_chl_prog Value: F13
			spzwqaq.cn/	1970-01-20 02:57:54	Name: cf_chl_rc_ni Value: 1

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Message: Failed to load resource: the server responded with a status of 503 ()
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://spzwqaq.cn/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Message: Failed to load resource: the server responded with a status of 503 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

spzwqaq.cn
yudvxue.cn
23.94.73.208
2606:4700:3033::6815:1c6c
043c9d6fed1a50ef3fb714b8ec404db3dc2166ffdec9a3d947075672f4481f72
419edbf3d699cb960da110af48d8b1a755fb13e771834b1d620dd473b2d8b335
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6458a5a173ceff566d20cef7434b9762dd3ada84ac1a9c81626df37414ef7bfa
8d6926922faa83e4172e5058a4de23517da96eba4d41bb8ca962d149deb58bdb
9207caaf79f20da386783d5ba03e0e308f8eec0d31ebf6e81b6c26cf662c0c8e
c2e5c90ffe43a8e524017bac31987f06b89c742ab6e1020ea416de285779a2e1
d067d7affe028973df8ad4467cfd8b9cae255cafb0255bf47b076089f3c1ab3f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629