img.anfensi.com - urlscan.io

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 4 HTTP transactions. The main IP is 222.73.33.240, located in China and belongs to CHINANET-SH-AP China Telecom Group, CN. The main domain is img.anfensi.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on July 7th 2022. Valid for: a year.

This is the only time img.anfensi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	222.73.33.244 222.73.33.244	4812 (CHINANET-...) (CHINANET-SH-AP China Telecom Group)
1	222.73.33.240 222.73.33.240	4812 (CHINANET-...) (CHINANET-SH-AP China Telecom Group)
2	101.226.27.235 101.226.27.235	4812 (CHINANET-...) (CHINANET-SH-AP China Telecom Group)
1	240e:978:306:... 240e:978:306:8:3::3eb	4134 (CHINANET-...) (CHINANET-BACKBONE No.31)
4	3

1 222.73.33.244 (China) 1 redirects

ASN4812 (CHINANET-SH-AP China Telecom Group, CN)

img.anfensi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 222.73.33.240 (China)

ASN4812 (CHINANET-SH-AP China Telecom Group, CN)

img.anfensi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 101.226.27.235 (China)

ASN4812 (CHINANET-SH-AP China Telecom Group, CN)

www.anfensi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:978:306:8:3::3eb (China)

ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN)

s13.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	anfensi.com 1 redirects img.anfensi.com www.anfensi.com	101 KB
1	cnzz.com s13.cnzz.com — Cisco Umbrella Rank: 216604	440 B
4	2

	Domain	Requested by
2	www.anfensi.com	img.anfensi.com
2	img.anfensi.com	1 redirects
1	s13.cnzz.com	img.anfensi.com
4	3

This site contains no links.

Subject Issuer	Validity	Valid
*.anfensi.com AlphaSSL CA - SHA256 - G2	`2022-07-07` - `2023-08-08`	a year	crt.sh
*.cnzz.com GlobalSign Organization Validation CA - SHA256 - G3	`2023-01-28` - `2024-02-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://img.anfensi.com/
Frame ID: 278806C668EB69E963762659CBB1FE83
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://img.anfensi.com/ HTTP 301
https://img.anfensi.com/ Page URL

Page Statistics

4
Requests

100 %
HTTPS

25 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

102 kB
Transfer

107 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://img.anfensi.com/ HTTP 301
https://img.anfensi.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
img.anfensi.com/
Redirect Chain

http://img.anfensi.com/
https://img.anfensi.com/

11 KB
4 KB

905ms
381ms

Document
text/html

222.73.33.240
CHINANET-SH-AP Ch...

General

Check archive.org

Show headers Download Go to

Full URL

https://img.anfensi.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

222.73.33.240 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),

Reverse DNS

Software

Tengine / ASP.NET

Resource Hash

ce7835d7442689db06cdeafd8399faa813848b1d488def353439ca0f101e7ca3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Ali-Swift-Global-Savetime: 1686337093
Connection: keep-alive
Content-Encoding: br
Content-Type: text/html
Date: Fri, 09 Jun 2023 18:54:47 GMT
ETag: W/"4f2fab36d58dd61:0"
EagleId: de49212a16863370930923192e
Last-Modified: Fri, 18 Sep 2020 16:03:13 GMT
Server: Tengine
Timing-Allow-Origin: *
Transfer-Encoding: chunked
Vary: Accept-Encoding
Via: cache54.l2cn2647[96,96,304-0,M], cache66.l2cn2647[98,0], vcache2.cn5626[108,108,200-0,H], vcache22.cn5626[110,0]
X-Cache: HIT TCP_REFRESH_HIT dirn:13:371931141
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
X-Swift-CacheTime: 7200
X-Swift-SaveTime: Fri, 09 Jun 2023 18:58:13 GMT

Redirect headers

Connection: keep-alive
Content-Length: 262
Content-Type: text/html
Date: Fri, 09 Jun 2023 18:58:12 GMT
EagleId: de49212916863370922974961e
Location: https://img.anfensi.com/
Server: Tengine
Timing-Allow-Origin: *
Via: vcache21.cn5626[,0]

GET
H/1.1 200
OK 404.png
www.anfensi.com/statics/images/ 59 KB
60 KB 1202ms
296ms Image
image/png 101.226.27.235
CHINANET-SH-AP Ch...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.anfensi.com/statics/images/404.png
Requested by: Host: img.anfensi.com
URL: https://img.anfensi.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 101.226.27.235 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS
Software: Tengine / ASP.NET
Resource Hash: 7508c903691240ad48c6bdb88dd64adcb439aaf9960da1b92086d072901d356c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.anfensi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Fri, 09 Jun 2023 15:16:19 GMT
Via: cache67.l2cn2647[0,0,304-0,H], cache29.l2cn2647[1,0], vcache15.cn4756[0,21,200-0,H], vcache25.cn4756[24,0]
Age: 13109
X-Swift-CacheTime: 170226
X-Powered-By: ASP.NET
X-Cache: HIT TCP_HIT dirn:8:1400890458
Connection: keep-alive
X-Swift-SaveTime: Fri, 09 Jun 2023 16:02:39 GMT
Content-Length: 60728
Last-Modified: Wed, 30 May 2018 15:19:41 GMT
Server: Tengine
ETag: "bf34d3a129f8d31:0"
access-control-allow-methods: POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Ali-Swift-Global-Savetime: 1686323985
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,api_key,Authorization
EagleId: 65e21bad16863370943545246e

GET
H2 200 stat.php Show response
s13.cnzz.com/ 0
440 B 1914ms
396ms Script
application/javascript 240e:978:306:8:3::3eb
CHINANET-BACKBONE...

General

Check archive.org

Show headers Download Go to

Full URL: https://s13.cnzz.com/stat.php?id=1273819468
Requested by: Host: img.anfensi.com
URL: https://img.anfensi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 240e:978:306:8:3::3eb , China, ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN),
Reverse DNS
Software: Tengine / PHP/5.5.25
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://img.anfensi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 09 Jun 2023 18:58:15 GMT
content-encoding: gzip
via: cache15.l2cn1836[47,47,200-0,M], cache74.l2cn1836[49,0], cache6.cn5485[61,61,200-0,M], cache12.cn5485[62,0]
last-modified: Fri, 09 Jun 2023 18:58:15 GMT
server: Tengine
x-swift-cachetime: 3600
x-powered-by: PHP/5.5.25
vary: Accept-Encoding
ali-swift-global-savetime: 1686337095
content-type: application/javascript
x-cache: MISS TCP_REFRESH_MISS dirn:10:388717844
cache-control: max-age=1800,s-maxage=3600
x-swift-savetime: Fri, 09 Jun 2023 18:58:15 GMT
timing-allow-origin: *
eagleid: 3ad80f2016863370950546525e

GET
H/1.1 200
OK 404-bg.jpg
www.anfensi.com/statics/images/ 36 KB
37 KB 1191ms
223ms Image
image/jpeg 101.226.27.235
CHINANET-SH-AP Ch...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.anfensi.com/statics/images/404-bg.jpg
Requested by: Host: img.anfensi.com
URL: https://img.anfensi.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 101.226.27.235 , China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN),
Reverse DNS
Software: Tengine / ASP.NET
Resource Hash: 9a019fe3478b7a902be4527a70ccac5ad1547424364d46fdb09e1586b16da836

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://img.anfensi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Thu, 08 Jun 2023 03:20:04 GMT
Via: cache7.l2cn2647[56,56,304-0,M], cache13.l2cn2647[58,0], vcache15.cn4756[0,0,200-0,H], vcache4.cn4756[2,0]
Age: 142486
X-Swift-CacheTime: 172800
X-Powered-By: ASP.NET
X-Cache: HIT TCP_HIT dirn:10:112195929
Connection: keep-alive
X-Swift-SaveTime: Thu, 08 Jun 2023 03:23:28 GMT
Content-Length: 37277
Last-Modified: Wed, 30 May 2018 15:19:23 GMT
Server: Tengine
ETag: "5ea92f9729f8d31:0"
access-control-allow-methods: POST
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Ali-Swift-Global-Savetime: 1686194608
Accept-Ranges: bytes
Timing-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,api_key,Authorization
EagleId: 65e21b9816863370944353455e

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://img.anfensi.com/ Message: Mixed Content: The page at 'https://img.anfensi.com/' was loaded over HTTPS, but requested an insecure element 'http://www.anfensi.com/statics/images/404.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://img.anfensi.com/(Line 122) Message: Mixed Content: The page at 'https://img.anfensi.com/' was loaded over HTTPS, but requested an insecure element 'http://www.anfensi.com/statics/images/404.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
javascript	warning	URL: https://img.anfensi.com/(Line 122) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s13.cnzz.com/stat.php?id=1273819468, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://img.anfensi.com/(Line 122) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s13.cnzz.com/stat.php?id=1273819468, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	warning	URL: https://img.anfensi.com/ Message: Mixed Content: The page at 'https://img.anfensi.com/' was loaded over HTTPS, but requested an insecure element 'http://www.anfensi.com/statics/images/404-bg.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.anfensi.com
s13.cnzz.com
www.anfensi.com
101.226.27.235
222.73.33.240
222.73.33.244
240e:978:306:8:3::3eb
7508c903691240ad48c6bdb88dd64adcb439aaf9960da1b92086d072901d356c
9a019fe3478b7a902be4527a70ccac5ad1547424364d46fdb09e1586b16da836
ce7835d7442689db06cdeafd8399faa813848b1d488def353439ca0f101e7ca3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

img.anfensi.com Open in urlscan Pro 222.73.33.240 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

4 Requests

100 %HTTPS

25 %IPv6

2 Domains

3 Subdomains

3 IPs

1 Countries

102 kBTransfer

107 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

5 Console Messages

Security Headers

Indicators

img.anfensi.com Open in urlscan Pro
222.73.33.240 Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

25 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

102 kB
Transfer

107 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions