![](/screenshots/736c6043-8f15-445c-834d-3689c9c80989.png)
www.xuefuyou.com
Open in
urlscan Pro
152.32.173.214
Malicious Activity!
Public Scan
Effective URL: https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?theres=m9yzb1kdst1s11n&therefore=built&let=teeth
Submission: On May 24 via api from US
Summary
TLS certificate: Issued by TrustAsia TLS RSA CA on April 7th 2021. Valid for: a year.
This is the only time www.xuefuyou.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 152.32.173.214 152.32.173.214 | 135377 (UCLOUD-HK...) (UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED) | |
1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 3 |
ASN135377 (UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY (HK) LIMITED, HK)
www.xuefuyou.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
xuefuyou.com
www.xuefuyou.com |
547 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
28 KB |
3 | 2 |
Domain | Requested by | |
---|---|---|
2 | www.xuefuyou.com |
www.xuefuyou.com
|
1 | cdnjs.cloudflare.com |
www.xuefuyou.com
|
3 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
shorturl7.pro |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.xuefuyou.com TrustAsia TLS RSA CA |
2021-04-07 - 2022-04-06 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?theres=m9yzb1kdst1s11n&therefore=built&let=teeth
Frame ID: BCD427FBC2511EF37819C96C49A063C7
Requests: 19 HTTP requests in this frame
Screenshot
![](/screenshots/736c6043-8f15-445c-834d-3689c9c80989.png)
Page URL History Show full URLs
- https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?family=1mqxzf0vyu530b&mot... Page URL
- https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?theres=m9yzb1kdst1s11n&th... Page URL
Detected technologies
Detected patterns
- url /\.php(?:$|\?)/i
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?family=1mqxzf0vyu530b&mother=page&taken=greatest Page URL
- https://www.xuefuyou.com/2020/12/requestsample/disclosures/shoppingcart.php?theres=m9yzb1kdst1s11n&therefore=built&let=teeth Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
shoppingcart.php
www.xuefuyou.com/2020/12/requestsample/disclosures/ |
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
shoppingcart.php
www.xuefuyou.com/2020/12/requestsample/disclosures/ |
1 MB 546 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
43 B 0 |
Stylesheet
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ |
86 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
104 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
30 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
131 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
44 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
20 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/jpg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
32 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| date1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.xuefuyou.com/ | Name: X_CACHE_KEY Value: 1a9c570ccd516f0fc9e68b85d12f6fb9 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
www.xuefuyou.com
152.32.173.214
2606:4700::6810:135e
0080c6a3c7ae014102268cbe27c5a9c230d3b59b665e53637473f214ab4c61e3
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1099f9f7104a7a6ab217dceb4008a336d3640fc34602645a180d4593f9c01db8
2015042e2d956b85963e119efb4f6dac6da3de64ec61966d9713b80a60c46afb
387f60672bb585fbcb97a30a188d5233b83725d278615a5dbda2af34861aa537
442852bdefedf70c234d900bf3668a51aa48aa031496269dceb1965c03467058
4bdb8ed8c7a0ce2d937011aaf03410481e4836911fcb5815d3af5288c907e512
51788094fd93d0e1a00b6d73c7bd2624617876a6470146e1fc9bec8ddeb7ec11
6202c2df1a98bebd0fd00b747a1398cc48ef05db3d055168347eeac2ef17f8ce
86810ef1e26c0d50902c0615fb2678238348b98b0e2a65d258120586806a5522
87de90beec215c83dfdc0d4476402da8fb29e86fef790abc7775ee1bc11b4e42
8b9d110b4592d446bdfbac7b0ed11f540ef7b358d120fae362e3ac7076ab3873
8c7c6bcdfdcd2cf395138263cf8ca0abf8d5ad428aae8c1364c2d20a89593e73
972060c8d603cc5f0a10245ab0c6b0791987f932274a6508f47062b8a04d3deb
bc4b28a32704f9ac84b69c8679291961c533f881021bc3f9781fc3028eeb62bd
bf1f0c2da41746a9292a04a9f70da4aa47eaeac68a7cedd66c65cff18f8f69cf
cbd5b52c120e8c26ee8c53c56e69e03a67665fdfd5780b5a68e1f1a7d44a4c6d
d346801abbf9bb4e9e9a055239053d4ab5596514304f601a6c70604187acb744
d7af70fd2dab0fadd7b57438ae80cd4cbfc69384ace14284c990e2916631ff3b