www.xuefuyou.com Open in urlscan Pro
152.32.173.214  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?family=1mqxzf0vyu530b&mother=page&taken=greatest Page URL
2. https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?theres=m9yzb1kdst1s11n&therefore=built&let=teeth Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
16 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	shoppingcart.php Show response www.xuefuyou.com/2020/12/requestsample/disclosures/	3 KB 1 KB	3643ms 2642ms	Document text/html	152.32.173.214 UCLOUD-HK-AS-AP U...
General Check archive.org Show headers Download Go to Full URL https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?family=1mqxzf0vyu530b&mother=page&taken=greatest Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.32.173.214 , Hong Kong, ASN135377 (UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED, HK), Reverse DNS Software nginx / Resource Hash cbd5b52c120e8c26ee8c53c56e69e03a67665fdfd5780b5a68e1f1a7d44a4c6d Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers :method GET :authority www.xuefuyou.com :scheme https :path /2020/12/requestsample/disclosures/shoppingcart.php?family=1mqxzf0vyu530b&mother=page&taken=greatest pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers server nginx date Mon, 24 May 2021 13:06:14 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding strict-transport-security max-age=31536000 content-encoding gzip
GET H2	200	Primary Request shoppingcart.php Show response www.xuefuyou.com/2020/12/requestsample/disclosures/	1 MB 546 KB	3608ms 3608ms	Document text/html	152.32.173.214 UCLOUD-HK-AS-AP U...
General Check archive.org Show headers Download Go to Full URL https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?theres=m9yzb1kdst1s11n&therefore=built&let=teeth Requested by Host: www.xuefuyou.com URL: https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?family=1mqxzf0vyu530b&mother=page&taken=greatest Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.32.173.214 , Hong Kong, ASN135377 (UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED, HK), Reverse DNS Software nginx / Resource Hash bc4b28a32704f9ac84b69c8679291961c533f881021bc3f9781fc3028eeb62bd Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers :method GET :authority www.xuefuyou.com :scheme https :path /2020/12/requestsample/disclosures/shoppingcart.php?theres=m9yzb1kdst1s11n&therefore=built&let=teeth pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest document referer https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?family=1mqxzf0vyu530b&mother=page&taken=greatest accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Referer https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?family=1mqxzf0vyu530b&mother=page&taken=greatest Response headers server nginx date Mon, 24 May 2021 13:06:18 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding set-cookie X_CACHE_KEY=1a9c570ccd516f0fc9e68b85d12f6fb9; path=/; Expires=Fri, 31-Dec-9999 23:59:59 GMT strict-transport-security max-age=31536000 content-encoding gzip
GET DATA	200 OK	truncated /	43 B 0		Stylesheet image/gif
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/gif
GET H2	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/	86 KB 28 KB	12ms 12ms	Script application/javascript	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js Requested by Host: www.xuefuyou.com URL: https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?theres=m9yzb1kdst1s11n&therefore=built&let=teeth Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://www.xuefuyou.com/ User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers date Mon, 24 May 2021 13:06:21 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 4725738 cross-origin-resource-policy cross-origin alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 27748 cf-request-id 0a4014d94500004e4f17b97000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:48 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec4-15851" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AnvNZtrLeIf8%2B1H0R6E8nQJtUuDAS7gtnJ1SYExuBXFmJ1uY5acweuUbqJb8cJe%2F4JywB6eQ%2FfsBDNubnshrHg8FGJnwyn3ORW772ZYOfOUiFzKBU8IHUjRGP%2FZ3wMh5hw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6546bda208114e4f-FRA expires Sat, 14 May 2022 13:06:21 GMT
GET DATA	200 OK	truncated /	14 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8c7c6bcdfdcd2cf395138263cf8ca0abf8d5ad428aae8c1364c2d20a89593e73 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	104 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 51788094fd93d0e1a00b6d73c7bd2624617876a6470146e1fc9bec8ddeb7ec11 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/jpg
GET DATA	200 OK	truncated /	30 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash bf1f0c2da41746a9292a04a9f70da4aa47eaeac68a7cedd66c65cff18f8f69cf Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/jpg
GET DATA	200 OK	truncated /	131 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 442852bdefedf70c234d900bf3668a51aa48aa031496269dceb1965c03467058 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/jpg
GET DATA	200 OK	truncated /	44 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 387f60672bb585fbcb97a30a188d5233b83725d278615a5dbda2af34861aa537 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/jpg
GET DATA	200 OK	truncated /	7 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6202c2df1a98bebd0fd00b747a1398cc48ef05db3d055168347eeac2ef17f8ce Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	20 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4bdb8ed8c7a0ce2d937011aaf03410481e4836911fcb5815d3af5288c907e512 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	8 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 86810ef1e26c0d50902c0615fb2678238348b98b0e2a65d258120586806a5522 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d7af70fd2dab0fadd7b57438ae80cd4cbfc69384ace14284c990e2916631ff3b Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/jpg
GET DATA	200 OK	truncated /	7 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1099f9f7104a7a6ab217dceb4008a336d3640fc34602645a180d4593f9c01db8 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/jpg
GET DATA	200 OK	truncated /	4 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0080c6a3c7ae014102268cbe27c5a9c230d3b59b665e53637473f214ab4c61e3 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/jpg
GET DATA	200 OK	truncated /	7 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 8b9d110b4592d446bdfbac7b0ed11f540ef7b358d120fae362e3ac7076ab3873 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/jpg
GET DATA	200 OK	truncated /	5 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 2015042e2d956b85963e119efb4f6dac6da3de64ec61966d9713b80a60c46afb Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/jpg
GET DATA	200 OK	truncated /	7 KB 0		Image image/jpg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 972060c8d603cc5f0a10245ab0c6b0791987f932274a6508f47062b8a04d3deb Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/jpg
GET DATA	200 OK	truncated /	32 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 87de90beec215c83dfdc0d4476402da8fb29e86fef790abc7775ee1bc11b4e42 Request headers Referer User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| date

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.xuefuyou.com/	1978-01-11 21:31:40	Name: X_CACHE_KEY Value: 1a9c570ccd516f0fc9e68b85d12f6fb9

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
www.xuefuyou.com
152.32.173.214
2606:4700::6810:135e
0080c6a3c7ae014102268cbe27c5a9c230d3b59b665e53637473f214ab4c61e3
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1099f9f7104a7a6ab217dceb4008a336d3640fc34602645a180d4593f9c01db8
2015042e2d956b85963e119efb4f6dac6da3de64ec61966d9713b80a60c46afb
387f60672bb585fbcb97a30a188d5233b83725d278615a5dbda2af34861aa537
442852bdefedf70c234d900bf3668a51aa48aa031496269dceb1965c03467058
4bdb8ed8c7a0ce2d937011aaf03410481e4836911fcb5815d3af5288c907e512
51788094fd93d0e1a00b6d73c7bd2624617876a6470146e1fc9bec8ddeb7ec11
6202c2df1a98bebd0fd00b747a1398cc48ef05db3d055168347eeac2ef17f8ce
86810ef1e26c0d50902c0615fb2678238348b98b0e2a65d258120586806a5522
87de90beec215c83dfdc0d4476402da8fb29e86fef790abc7775ee1bc11b4e42
8b9d110b4592d446bdfbac7b0ed11f540ef7b358d120fae362e3ac7076ab3873
8c7c6bcdfdcd2cf395138263cf8ca0abf8d5ad428aae8c1364c2d20a89593e73
972060c8d603cc5f0a10245ab0c6b0791987f932274a6508f47062b8a04d3deb
bc4b28a32704f9ac84b69c8679291961c533f881021bc3f9781fc3028eeb62bd
bf1f0c2da41746a9292a04a9f70da4aa47eaeac68a7cedd66c65cff18f8f69cf
cbd5b52c120e8c26ee8c53c56e69e03a67665fdfd5780b5a68e1f1a7d44a4c6d
d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744
d7af70fd2dab0fadd7b57438ae80cd4cbfc69384ace14284c990e2916631ff3b