fh.xaaest.com Open in urlscan Pro
47.246.46.220 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://1156u.com/
Effective URL:
https://fh.xaaest.com/
Submission: On December 06 via api (December 6th 2023, 1:13:41 am UTC) from BY — Scanned from DE

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 47.246.46.220, located in Milan, Italy and belongs to TAOBAO Zhejiang Taobao Network Co.,Ltd, CN. The main domain is fh.xaaest.com.
TLS certificate: Issued by TrustAsia RSA DV TLS CA G2 on November 19th 2023. Valid for: a year.

This is the only time fh.xaaest.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	154.13.30.87 154.13.30.87	55799 (IPTELECOM...) (IPTELECOM-AP IPTELECOM ASIA)
1 1	182.150.0.164 182.150.0.164	38283 (CHINANET-...) (CHINANET-SCIDC-AS-AP CHINANET SiChuan Telecom Internet Data Center)
8	47.246.46.220 47.246.46.220	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
1	240e:90:2011:... 240e:90:2011:0:3::3e8	140061 (CHINANET-...) (CHINANET-QINGHAI-AS-AP Qinghai Telecom)
10	3

1 154.13.30.87 (Los Angeles, United States)

ASN55799 (IPTELECOM-AP IPTELECOM ASIA, MY)

1156u.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 182.150.0.164 (China) 1 redirects

ASN38283 (CHINANET-SCIDC-AS-AP CHINANET SiChuan Telecom Internet Data Center, CN)

chaoji.6868shop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 47.246.46.220 (Milan, Italy)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

fh.xaaest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:90:2011:0:3::3e8 (China)

ASN140061 (CHINANET-QINGHAI-AS-AP Qinghai Telecom, CN)

s4.cnzz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	xaaest.com fh.xaaest.com	517 KB
1	cnzz.com s4.cnzz.com — Cisco Umbrella Rank: 100692	381 B
1	6868shop.com 1 redirects chaoji.6868shop.com	255 B
1	1156u.com 1156u.com	561 B
10	4

	Domain	Requested by
8	fh.xaaest.com	1156u.com fh.xaaest.com
1	s4.cnzz.com	fh.xaaest.com
1	chaoji.6868shop.com	1 redirects
1	1156u.com
10	4

This site contains links to these domains. Also see Links.

Domain
www.1156dh3.net
www.zhmhtclub.com

Subject Issuer	Validity	Valid
fh.xaaest.com TrustAsia RSA DV TLS CA G2	`2023-11-19` - `2024-11-18`	a year	crt.sh
*.cnzz.com GlobalSign Organization Validation CA - SHA256 - G3	`2023-01-28` - `2024-02-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://fh.xaaest.com/
Frame ID: 600C864A939B516D79B106686A006B24
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome...

Page URL History Show full URLs

http://1156u.com/ Page URL
https://chaoji.6868shop.com:8811/?u=http://1156u.com/&p=/ HTTP 302
https://fh.xaaest.com/ Page URL

Detected technologies

CNZZ (Analytics) Expand

Overall confidence: 100%
Detected patterns

//[^./]+\.cnzz\.com/(?:z_stat.php|core)\?

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

90 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

518 kB
Transfer

520 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.1156dh3.net/

Search URL Search Domain Scan URL

URL: https://www.zhmhtclub.com/a001/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://1156u.com/ Page URL
https://chaoji.6868shop.com:8811/?u=http://1156u.com/&p=/ HTTP 302
https://fh.xaaest.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.0	200 OK	/ 1156u.com/	432 B 561 B	512ms 141ms	Document text/html	154.13.30.87 IPTELECOM-AP IPTE...
General Check archive.org Show headers Download Go to Full URL http://1156u.com/ Protocol HTTP/1.0 Server 154.13.30.87 Los Angeles, United States, ASN55799 (IPTELECOM-AP IPTELECOM ASIA, MY), Reverse DNS Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control max-age=259200 Connection close Content-Length 432 Content-Type text/html;charset=utf-8
GET H/1.1	200 OK	Primary Request / Show response fh.xaaest.com/ Redirect Chain https://chaoji.6868shop.com:8811/?u=http://1156u.com/&p=/ https://fh.xaaest.com/	8 KB 3 KB	687ms 258ms	Document text/html	47.246.46.220 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://fh.xaaest.com/ Requested by Host: 1156u.com URL: http://1156u.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.46.220 Milan, Italy, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `1bfe5942d63d32356bb13d968a1d0b5348d44feb36e96bc16e94f4d140cbc495` Request headers Referer http://1156u.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Wed, 06 Dec 2023 01:13:33 GMT EagleId 2ff62e9717018252133941437e Server Tengine Timing-Allow-Origin * Transfer-Encoding chunked Vary Accept-Encoding Via cache21.l2hk3[14,0], cache3.it2[221,0] Redirect headers Connection keep-alive Content-Length 0 Content-Type text/html; charset=utf-8 Date Wed, 06 Dec 2023 01:13:32 GMT Location https://fh.xaaest.com Server nginx Vary Origin X-Cache-Status MISS X-Frame-Options SAMEORIGIN
GET H/1.1	200 OK	base.css fh.xaaest.com/css/	2 KB 3 KB	216ms 215ms	Stylesheet text/css	47.246.46.220 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://fh.xaaest.com/css/base.css Requested by Host: fh.xaaest.com URL: https://fh.xaaest.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.46.220 Milan, Italy, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `bd0cfc5da1accbbab309c52fa9c79623f105dc48ec97aead1724461385f29b42` Request headers accept-language de-DE,de;q=0.9 Referer https://fh.xaaest.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 01:13:33 GMT Via cache33.l2hk3[3,0], cache3.it2[200,0] Last-Modified Sat, 15 May 2021 07:21:56 GMT Server Tengine Etag "609f7694-901" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 2305 EagleId 2ff62e9717018252136651751e Expires Wed, 06 Dec 2023 13:13:33 GMT
GET H/1.1	200 OK	css.css fh.xaaest.com/css/	638 B 1 KB	266ms 232ms	Stylesheet text/css	47.246.46.220 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://fh.xaaest.com/css/css.css Requested by Host: fh.xaaest.com URL: https://fh.xaaest.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.46.220 Milan, Italy, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `6c7971c11c5d5c347bfe9ebe2973b9f5b1debc5b988719cb605c54a19581fdb4` Request headers accept-language de-DE,de;q=0.9 Referer https://fh.xaaest.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 01:13:33 GMT Via cache39.l2hk3[10,0], cache5.it2[204,0] Last-Modified Sat, 15 May 2021 07:21:56 GMT Server Tengine Etag "609f7694-27e" Content-Type text/css Cache-Control max-age=43200 Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 638 EagleId 2ff62e9917018252136873476e Expires Wed, 06 Dec 2023 13:13:33 GMT
GET H/1.1	200 OK	animation.css fh.xaaest.com/css/	65 KB 65 KB	264ms 229ms	Stylesheet text/css	47.246.46.220 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://fh.xaaest.com/css/animation.css Requested by Host: fh.xaaest.com URL: https://fh.xaaest.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.46.220 Milan, Italy, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `87415f271c6b3c95e23ee19a83fce4dbdb743f0e191af0acdeae13aa69902687` Request headers accept-language de-DE,de;q=0.9 Referer https://fh.xaaest.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 01:13:33 GMT Via cache36.l2hk3[4,0], cache2.it2[204,0] Last-Modified Sat, 15 May 2021 07:21:55 GMT Server Tengine Etag "609f7693-1020b" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=43200 Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 66059 EagleId 2ff62e9617018252136893128e Expires Wed, 06 Dec 2023 13:13:33 GMT
GET H/1.1	200 OK	jquery-1.8.2.min.js Show response fh.xaaest.com/js/	91 KB 92 KB	259ms 222ms	Script application/javascript	47.246.46.220 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Full URL https://fh.xaaest.com/js/jquery-1.8.2.min.js Requested by Host: fh.xaaest.com URL: https://fh.xaaest.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.46.220 Milan, Italy, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `f23d4b309b72743aa8afe1f8c98a25b3ee31246fa572c66d9d8cb1982cae4fbc` Request headers accept-language de-DE,de;q=0.9 Referer https://fh.xaaest.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 01:13:33 GMT Via cache33.l2hk3[3,0], cache6.it2[201,0] Last-Modified Sat, 15 May 2021 07:20:54 GMT Server Tengine Etag "609f7656-16cfc" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=43200 Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 93436 EagleId 2ff62e9a17018252136862641e Expires Wed, 06 Dec 2023 13:13:33 GMT
GET H2	200	z_stat.php Show response s4.cnzz.com/	0 381 B	3149ms 385ms	Script text/plain	240e:90:2011:0:3::3e8 CHINANET-QINGHAI-...
General Check archive.org Show headers Download Go to Full URL https://s4.cnzz.com/z_stat.php?id=1279967215&web_id=1279967215 Requested by Host: fh.xaaest.com URL: https://fh.xaaest.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 240e:90:2011:0:3::3e8 , China, ASN140061 (CHINANET-QINGHAI-AS-AP Qinghai Telecom, CN), Reverse DNS Software Tengine / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://fh.xaaest.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Wed, 06 Dec 2023 01:13:36 GMT content-encoding gzip via cache17.l2cn3032[28,27,200-0,M], cache67.l2cn3032[28,0], ens-cache25.cn5874[62,61,200-0,M], ens-cache20.cn5874[64,0] server Tengine x-swift-cachetime 90 vary accept-encoding ali-swift-global-savetime 1701825216 x-cache MISS TCP_REFRESH_MISS dirn:10:457062768 cache-control public, max-age=90 x-swift-savetime Wed, 06 Dec 2023 01:13:36 GMT timing-allow-origin * content-length 20 eagleid 7d486d2817018252165536181e
GET H/1.1	200 OK	bg.jpg fh.xaaest.com/images/	290 KB 290 KB	227ms 227ms	Image image/jpeg	47.246.46.220 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Show image Full URL https://fh.xaaest.com/images/bg.jpg Requested by Host: fh.xaaest.com URL: https://fh.xaaest.com/css/css.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.46.220 Milan, Italy, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `0917d7a4c26ace6fca41b93fad7a992134a3e82d76b7c55c2502124fcc587a76` Request headers accept-language de-DE,de;q=0.9 Referer https://fh.xaaest.com/css/css.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 01:13:34 GMT Via cache29.l2hk3[5,0], cache2.it2[210,0] Last-Modified Sat, 15 May 2021 07:21:31 GMT Server Tengine Etag "609f767b-4864e" Content-Type image/jpeg Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 296526 EagleId 2ff62e9617018252145204113e Expires Fri, 05 Jan 2024 01:13:34 GMT
GET H/1.1	200 OK	btn1.png fh.xaaest.com/images/	35 KB 35 KB	240ms 240ms	Image image/png	47.246.46.220 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Show image Full URL https://fh.xaaest.com/images/btn1.png Requested by Host: fh.xaaest.com URL: https://fh.xaaest.com/css/css.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.46.220 Milan, Italy, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `b53463926fb0a5810069bbf322de82d2dc208fe9fd2743ebe9468359cf96942d` Request headers accept-language de-DE,de;q=0.9 Referer https://fh.xaaest.com/css/css.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 01:13:34 GMT Via cache2.l2hk3[4,0], cache6.it2[216,0] Last-Modified Thu, 16 Jun 2022 08:54:13 GMT Server Tengine Etag "62aaefb5-8aea" Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 35562 EagleId 2ff62e9a17018252145163602e Expires Fri, 05 Jan 2024 01:13:34 GMT
GET H/1.1	200 OK	btn2.png fh.xaaest.com/images/	29 KB 29 KB	215ms 215ms	Image image/png	47.246.46.220 TAOBAO Zhejiang T...
General Check archive.org Show headers Download Go to Show image Full URL https://fh.xaaest.com/images/btn2.png Requested by Host: fh.xaaest.com URL: https://fh.xaaest.com/css/css.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 47.246.46.220 Milan, Italy, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN), Reverse DNS Software Tengine / Resource Hash `fbd3c9a8493471b0153161ed16b8c9e9829ccda381de90cab7348e6d543e2a7e` Request headers accept-language de-DE,de;q=0.9 Referer https://fh.xaaest.com/css/css.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Wed, 06 Dec 2023 01:13:34 GMT Via cache24.l2hk3[4,0], cache5.it2[200,0] Last-Modified Tue, 21 Jun 2022 04:56:55 GMT Server Tengine Etag "62b14f97-72e5" Content-Type image/png Cache-Control max-age=2592000 Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 29413 EagleId 2ff62e9917018252145194466e Expires Fri, 05 Jan 2024 01:13:34 GMT

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://fh.xaaest.com/(Line 15) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://s4.cnzz.com/z_stat.php?id=1279967215&web_id=1279967215, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1156u.com
chaoji.6868shop.com
fh.xaaest.com
s4.cnzz.com
154.13.30.87
182.150.0.164
240e:90:2011:0:3::3e8
47.246.46.220
0917d7a4c26ace6fca41b93fad7a992134a3e82d76b7c55c2502124fcc587a76
1bfe5942d63d32356bb13d968a1d0b5348d44feb36e96bc16e94f4d140cbc495
6c7971c11c5d5c347bfe9ebe2973b9f5b1debc5b988719cb605c54a19581fdb4
87415f271c6b3c95e23ee19a83fce4dbdb743f0e191af0acdeae13aa69902687
b53463926fb0a5810069bbf322de82d2dc208fe9fd2743ebe9468359cf96942d
bd0cfc5da1accbbab309c52fa9c79623f105dc48ec97aead1724461385f29b42
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f23d4b309b72743aa8afe1f8c98a25b3ee31246fa572c66d9d8cb1982cae4fbc
fbd3c9a8493471b0153161ed16b8c9e9829ccda381de90cab7348e6d543e2a7e

fh.xaaest.com Open in urlscan Pro 47.246.46.220 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

90 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

3 IPs

3 Countries

518 kBTransfer

520 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

fh.xaaest.com Open in urlscan Pro
47.246.46.220 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

518 kB
Transfer

520 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions