wuxx.com
Open in
urlscan Pro
40.85.249.239
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On May 06 via api from GB
Summary
This is the only time wuxx.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 163.cn (Online) Generic China (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 40.85.249.239 40.85.249.239 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
6 | 123.58.177.239 123.58.177.239 | 45062 (NETEASE-A...) (NETEASE-AS Guangzhou NetEase Computer System Co.) | |
2 | 220.194.24.216 220.194.24.216 | 4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network) | |
18 | 3 |
ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)
PTR: m239-177.yeah.net
mimghz.qiye.163.com |
ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)
PTR: mail-m24216.qiye.163.com
mail.qiye.163.com | |
mimg.qiye.163.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
wuxx.com
1 redirects
wuxx.com |
175 KB |
8 |
163.com
mimghz.qiye.163.com mail.qiye.163.com mimg.qiye.163.com |
95 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
11 | wuxx.com |
1 redirects
wuxx.com
|
6 | mimghz.qiye.163.com |
wuxx.com
|
1 | mimg.qiye.163.com |
wuxx.com
|
1 | mail.qiye.163.com |
wuxx.com
|
18 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
qiye.163.com |
mail.qiye.163.com |
hw.qiye.163.com |
u.163.com |
mail.163.com |
www.163.com |
ss.cnnic.cn |
gb.corp.163.com |
weibo.com |
qiyemail.blog.163.com |
help.163.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.qiye.163.com GeoTrust CN RSA CA G1 |
2020-01-20 - 2022-02-19 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/qiye.163.com/login/
Frame ID: F6289E5187F9D3B2EDA39B9FC18D5941
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/qiye.163.com/login
HTTP 301
http://wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/qiye.163.com/login/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
17 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: 繁體版
Search URL Search Domain Scan URL
Title: English
Search URL Search Domain Scan URL
Title: 国外用户登录
Search URL Search Domain Scan URL
Title: 购买
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 忘记密码了?
Search URL Search Domain Scan URL
Title: Android版
Search URL Search Domain Scan URL
Title: iPhone版
Search URL Search Domain Scan URL
Title: 下载邮箱大师
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: 关于网易
Search URL Search Domain Scan URL
Title: 官方微博
Search URL Search Domain Scan URL
Title: 官方博客
Search URL Search Domain Scan URL
Title: 客户服务
Search URL Search Domain Scan URL
Title: 相关法律
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/qiye.163.com/login
HTTP 301
http://wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/qiye.163.com/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/qiye.163.com/login/ Redirect Chain
|
18 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.7d2985bb.css
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/css/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.8.1.min.js
wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/mimg.127.net/p/tools/jquery/ |
91 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base_v3.js
wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/mimg.127.net/index/lib/scripts/ |
23 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qiye_algorithm.js
wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/mimg.qiye.163.com/o/index/lib/scripts/ |
27 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.gif
wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/mimg.qiye.163.com/o/public/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
getqrcode.do
mail.qiye.163.com/mailapp/commonweb/qrcode/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
netease_logo.gif
wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/mimg.127.net/logo/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knet.png
wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/mimg.127.net/logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
year.js
wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/mimg.127.net/copyright/ |
23 B 276 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
httpsEnable.gif
wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/ssl.mail.163.com/ |
43 B 283 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
wuxx.com/assets/01010101/69i57j0l5.1880j0j4/qiye.163.conn/qiye.163.com/login/ |
5 KB 5 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
399.jpg
mimg.qiye.163.com/p/official_site/2018/img/05/ |
58 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
speedbg.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
codebg.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
applogin_example.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 163.cn (Online) Generic China (Online)132 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| fCheckLoginNow function| fCheckAutoLogin function| fAutoLogin undefined| gbForcepc object| oAndroidRedirect function| fCheckBrowser function| fHtml5Tag function| fCheckCookie function| fGetQuery function| fGetQueryHash function| $id function| fTrim function| fParseMNum function| fCheckAccount function| fGetScript function| fGetCookie function| fSetCookie function| fEventListen function| fEventUnlisten function| fRandom function| fUrlP function| fResize function| fFQ function| fStartTime object| gUserInfo object| gVisitorCookie undefined| gMobileNumMailIsForbidden undefined| gMobileNumMailResult object| gMobileNumMail function| fEnData function| loginRequest function| getRnd undefined| DOMContentLoaded function| DOMREADY string| base64EncodeChars function| base64encode function| utf16to8 function| fGetLocator function| fSetGadIndex function| MobCallback boolean| bGettingAlgorithm object| gIndexAd string| b64map string| b64pad function| hex2b64 function| b64tohex function| b64toBA number| dbits number| canary boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP string| BI_RM object| BI_RC number| rr number| vv function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| Arcfour function| ARC4init function| ARC4next function| prng_newstate number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr function| rng_seed_int function| rng_seed_time number| t undefined| z function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| add function| MD5hex function| R1 function| R2 function| R3 function| R4 function| MD50 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mail.qiye.163.com
mimg.qiye.163.com
mimghz.qiye.163.com
wuxx.com
123.58.177.239
220.194.24.216
40.85.249.239
1650584f5c4f5b4e20435812baabcdf60113361578b9c001c1ef9cc638c886fd
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
318f3fd7fb271bffa475517d77ea8f37ce8b2d8205a106210d35d03b0c604bd5
4d4e3c807ebac05494fad670e8b547b796435f6456c21c9e471f86fa60e1296c
4e0171daa235a3165e2295b05780d34c366126e00c624b958766b84ee3fbe832
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
8305dfa05e7ee9e7e6a389193b23ee62afb0148f845a6fd89d7b76199718ce0e
8696828c26cab79a60130d39242aa14bbcc38181ec2cfcb4320d5100f82fbf9e
9424ab51d34fd7ff9edc9dff6cfd37a5e330dca06a315891bd6bf0a95149b5c5
9d82ee4737ec3c29696992b39eea48a7b0d1f5587d74d4626ca508835019b027
a1305347219d673cc973172494248e557ce8eccaf65af995c07c9d7daed4475d
a48f5ba832b9bcb1444871afeeb254fade0edc8ccd3122de34acceabb66434ac
b13de2eb10e93a66f6332b6ccb258bcf1502362a89b91c16f78ea425562e40a0
c948a51709e4f0bd4c7f0b6f21ed55286524e2b6c74efdb1969473cb40deccde
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e75930cbf8fd37f7bf6d540b08f7c18cca1091cde2f26f0756d6b3425cd9d94d
e8d520daeac47000a5c92c5147bc1711e0aea45cb1d6f85e7330f3a6e90a4e4f
ed6dbc8fab5b63d6df0b079b70fc95459214b77dc174a05f0ea97d6a5fdc131c