urlscan.io logo urlscan.io
SecurityTrails logo

www.dfh1.one Open in urlscan Pro
45.156.221.36  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://dfhvip7.cc/
Effective URL: https://www.dfh1.one/
Submission: On May 11 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 7 HTTP transactions. The main IP is 45.156.221.36, located in United States and belongs to XDPCLOUD-NET, GB. The main domain is www.dfh1.one.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on March 22nd 2024. Valid for: 3 months.
This is the only time www.dfh1.one was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 45.156.221.102 216047 (XDPCLOUD-NET)
1 1 103.140.8.30 216047 (XDPCLOUD-NET)
1 5 45.156.221.36 216047 (XDPCLOUD-NET)
7 3
Apex Domain
Subdomains		 Transfer
3 dfh-app.me
web.app.dfh-app.me
2 KB
1 dfh1.one
www.dfh1.one
4 KB
1 beiming22.xyz
mat-tj.beiming22.xyz
24 KB
1 xdpcloud.cc
vipurl.xdpcloud.cc
484 B
1 dfhvip7.cc
dfhvip7.cc
3 KB
7 5
Domain Requested by
3 web.app.dfh-app.me 1 redirects dfhvip7.cc
web.app.dfh-app.me
1 www.dfh1.one web.app.dfh-app.me
1 mat-tj.beiming22.xyz web.app.dfh-app.me
mat-tj.beiming22.xyz
www.dfh1.one
1 vipurl.xdpcloud.cc 1 redirects
1 dfhvip7.cc
7 5

This site contains no links.

Subject Issuer Validity Valid
dfhvip7.cc
R3		 2024-04-30 -
2024-07-29		 3 months crt.sh
web.app.dfh-app.me
R3		 2024-04-19 -
2024-07-18		 3 months crt.sh
mat-tj.beiming22.xyz
R3		 2024-04-05 -
2024-07-04		 3 months crt.sh
dfh1.one
ZeroSSL RSA Domain Secure Site CA		 2024-03-22 -
2024-06-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.dfh1.one/
Frame ID: DE2D9F16443644A5F5A0F0C54E5BC7D2
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

前往导航页···

Page URL History Show full URLs

  1. http://dfhvip7.cc/ HTTP 307
    https://dfhvip7.cc/ Page URL
  2. https://vipurl.xdpcloud.cc:2087/.js?__tls=ZGZodmlwNy5jYw== HTTP 302
    https://web.app.dfh-app.me/ Page URL
  3. https://web.app.dfh-app.me/ Page URL
  4. https://web.app.dfh-app.me/redirect.php?url=aHR0cHM6Ly93d3cuZGZoMS5vbmU%3D HTTP 302
    https://www.dfh1.one/ Page URL

Page Statistics

7
Requests

71 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

32 kB
Transfer

77 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dfhvip7.cc/ HTTP 307
    https://dfhvip7.cc/ Page URL
  2. https://vipurl.xdpcloud.cc:2087/.js?__tls=ZGZodmlwNy5jYw== HTTP 302
    https://web.app.dfh-app.me/ Page URL
  3. https://web.app.dfh-app.me/ Page URL
  4. https://web.app.dfh-app.me/redirect.php?url=aHR0cHM6Ly93d3cuZGZoMS5vbmU%3D HTTP 302
    https://www.dfh1.one/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://dfhvip7.cc/ HTTP 307
  • https://dfhvip7.cc/
Request Chain 1
  • https://vipurl.xdpcloud.cc:2087/.js?__tls=ZGZodmlwNy5jYw== HTTP 302
  • https://web.app.dfh-app.me/

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
dfhvip7.cc/
Redirect Chain
  • http://dfhvip7.cc/
  • https://dfhvip7.cc/
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dfhvip7.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.156.221.102 , United States, ASN216047 (XDPCLOUD-NET, GB),
Reverse DNS
ddos.xdpcloud.com
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

cache-control
max-age=864000
content-length
2530
content-type
text/html
date
Sat, 11 May 2024 06:41:40 GMT

Redirect headers

Location
https://dfhvip7.cc/
Non-Authoritative-Reason
HttpsUpgrades
/
web.app.dfh-app.me/
Redirect Chain
  • https://vipurl.xdpcloud.cc:2087/.js?__tls=ZGZodmlwNy5jYw==
  • https://web.app.dfh-app.me/
47 B
425 B 		Document
General
Check archive.org
Download Go to
Full URL
https://web.app.dfh-app.me/
Requested by
Host: dfhvip7.cc
URL: https://dfhvip7.cc/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.156.221.36 , United States, ASN216047 (XDPCLOUD-NET, GB),
Reverse DNS
ddos.xdpcloud.com
Software
XDPCLOUD/2.0.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://dfhvip7.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Length
47
Content-Type
text/html
Date
Sat, 11 May 2024 06:41:48 GMT
Server
XDPCLOUD/2.0.0
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Robots-Tag
noindex,nofollow
referrer-policy
strict-origin-when-cross-origin

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
public, max-age=86400
Connection
keep-alive
Content-Length
49
Content-Type
text/html; charset=utf-8
Date
Sat, 11 May 2024 06:41:43 GMT
Expires
Sun, 12 May 2024 06:41:43 UTC
Location
https://web.app.dfh-app.me
Server
XDPCLOUD/2.0.0
X-Request-Id
63d8760b746b9c4e31990ece9d9a4bc0
cache-status
MISS
referrer-policy
strict-origin-when-cross-origin
/
web.app.dfh-app.me/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web.app.dfh-app.me/
Requested by
Host: web.app.dfh-app.me
URL: https://web.app.dfh-app.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.156.221.36 , United States, ASN216047 (XDPCLOUD-NET, GB),
Reverse DNS
ddos.xdpcloud.com
Software
XDPCLOUD/2.0.0 /
Resource Hash
988f45b1395174e7b58d29f82aab4556ff2da56b424757d8485a3a547eaf20a0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://web.app.dfh-app.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 11 May 2024 06:41:48 GMT
Server
XDPCLOUD/2.0.0
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Request-Id
8302cdb364357cc7b283e6df2506787c
X-Robots-Tag
noindex,nofollow
referrer-policy
strict-origin-when-cross-origin
matomo.js
mat-tj.beiming22.xyz/ 		65 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mat-tj.beiming22.xyz/matomo.js
Requested by
Host: web.app.dfh-app.me
URL: https://web.app.dfh-app.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.156.221.36 , United States, ASN216047 (XDPCLOUD-NET, GB),
Reverse DNS
ddos.xdpcloud.com
Software
XDPCLOUD/2.0.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://web.app.dfh-app.me/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 11 May 2024 06:41:52 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
keep-alive
X-Request-Id
df52ccf13c0e2b3f3d03869fd0a941ab
referrer-policy
strict-origin-when-cross-origin
Last-Modified
Thu, 28 Dec 2023 04:52:04 GMT
Server
XDPCLOUD/2.0.0
ETag
W/"658cfef4-10433"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=43200
X-Robots-Tag
noindex,nofollow
Expires
Sat, 11 May 2024 18:41:52 GMT
Primary Request /
www.dfh1.one/
Redirect Chain
  • https://web.app.dfh-app.me/redirect.php?url=aHR0cHM6Ly93d3cuZGZoMS5vbmU%3D
  • https://www.dfh1.one/
8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dfh1.one/
Requested by
Host: web.app.dfh-app.me
URL: https://web.app.dfh-app.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.156.221.36 , United States, ASN216047 (XDPCLOUD-NET, GB),
Reverse DNS
ddos.xdpcloud.com
Software
XDPCLOUD/2.0.0 /
Resource Hash
dc4585a68e5acd657b166b9552f47579ce44616a104cdbdf6f81b6346127d358

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://web.app.dfh-app.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 11 May 2024 06:41:53 GMT
Server
XDPCLOUD/2.0.0
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Request-Id
f6ef2ae5ffe11313df9798e51e3eb9b2
X-Robots-Tag
noindex,nofollow
referrer-policy
strict-origin-when-cross-origin

Redirect headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 11 May 2024 06:41:49 GMT
Location
https://www.dfh1.one
Server
XDPCLOUD/2.0.0
Transfer-Encoding
chunked
X-Request-Id
2b5d8460d81c2b6ea9b4bec6962a457c
X-Robots-Tag
noindex,nofollow
referrer-policy
strict-origin-when-cross-origin
matomo.php
mat-tj.beiming22.xyz/ 		0
0
matomo.js
mat-tj.beiming22.xyz/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mat-tj.beiming22.xyz
URL
https://mat-tj.beiming22.xyz/matomo.php?action_name=%E8%B7%B3%E8%BD%AC%E4%B8%AD---&idsite=50&rec=1&r=520082&h=8&m=41&s=52&url=https%3A%2F%2Fweb.app.dfh-app.me%2F&urlref=https%3A%2F%2Fweb.app.dfh-app.me%2F&_id=a9c9e606d6fc6687&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=m9htIB&devicePixelRatio=1&pf_net=0&pf_srv=463&pf_tfr=1&pf_dm1=9&pf_dm2=501&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22124.0.6367.118%22%7D%2C%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22124.0.6367.118%22%7D%2C%7B%22brand%22%3A%22Not-A.Brand%22%2C%22version%22%3A%2299.0.0.0%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%7D
Domain
mat-tj.beiming22.xyz
URL
https://mat-tj.beiming22.xyz/matomo.js

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| checkurl object| _paq function| showPopup function| closePopup string| key number| totalTime string| str1 string| str2 string| completedTitle string| pcon string| btnText number| bodyWidth number| boxWidth object| btn number| num object| span1 object| span2 object| span3 number| t

5 Cookies

Domain/Path Name / Value
vipurl.xdpcloud.cc/ Name: X-XDPCLOUD-WAF-R-C
Value: 0001675204
web.app.dfh-app.me/ Name: X-XDPCLOUD-WAF-R-C
Value: 0001675204
web.app.dfh-app.me/ Name: _pk_id.50.1bc3
Value: a9c9e606d6fc6687.1715409713.
web.app.dfh-app.me/ Name: _pk_ses.50.1bc3
Value: 1
www.dfh1.one/ Name: X-XDPCLOUD-WAF-R-C
Value: 0001675204

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dfhvip7.cc
mat-tj.beiming22.xyz
vipurl.xdpcloud.cc
web.app.dfh-app.me
www.dfh1.one
mat-tj.beiming22.xyz
103.140.8.30
45.156.221.102
45.156.221.36
988f45b1395174e7b58d29f82aab4556ff2da56b424757d8485a3a547eaf20a0
dc4585a68e5acd657b166b9552f47579ce44616a104cdbdf6f81b6346127d358