xfbm.isafety365.com Open in urlscan Pro
120.26.195.40 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://xfbm.isafety365.com/
Submission: On May 25 via automatic, source certstream-suspicious (May 25th 2023, 9:14:33 am UTC) — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 120.26.195.40, located in Hangzhou, China and belongs to ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is xfbm.isafety365.com.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on April 30th 2023. Valid for: a year.

This is the only time xfbm.isafety365.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	120.26.195.40 120.26.195.40	37963 (ALIBABA-C...) (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.)
1	43.152.28.37 43.152.28.37	139341 (ACE-AS-AP...) (ACE-AS-AP ACE)
2	240e:f7:ef00:... 240e:f7:ef00:3:0:4:0:8	136190 (CHINATELE...) (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA)
8	3

5 120.26.195.40 (Hangzhou, China)

ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN)

xfbm.isafety365.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 43.152.28.37 (Singapore)

ASN139341 (ACE-AS-AP ACE, SG)

res.wx.qq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 240e:f7:ef00:3:0:4:0:8 (China)

ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN)

cdn.waityou.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	isafety365.com xfbm.isafety365.com	164 KB
2	waityou.online cdn.waityou.online	973 KB
1	qq.com res.wx.qq.com — Cisco Umbrella Rank: 10699	5 KB
8	3

	Domain	Requested by
5	xfbm.isafety365.com	xfbm.isafety365.com
2	cdn.waityou.online	xfbm.isafety365.com
1	res.wx.qq.com	xfbm.isafety365.com
8	3

This site contains no links.

Subject Issuer	Validity	Valid
banshanwenlv.isafety365.com Encryption Everywhere DV TLS CA - G1	`2023-04-30` - `2024-04-30`	a year	crt.sh
weixin.qq.com DigiCert Secure Site CN CA G3	`2022-07-05` - `2023-08-05`	a year	crt.sh
cdn.waityou.online Encryption Everywhere DV TLS CA - G1	`2023-01-05` - `2024-01-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://xfbm.isafety365.com/
Frame ID: 8D75B360E9F2D8F4CC2ADADF2AC1CC02
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

欢迎

Page Statistics

8
Requests

38 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1142 kB
Transfer

1510 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response xfbm.isafety365.com/	945 B 859 B	1133ms 238ms	Document text/html	120.26.195.40 ALIBABA-CN-NET Ha...
General Check archive.org Show headers Download Go to Full URL https://xfbm.isafety365.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 120.26.195.40 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `e964f00364d2ac0eda483a29c208f62aebbe348c984bffd42f817556e2cf0b1b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control max-age=60 Connection keep-alive Content-Encoding gzip Content-Type text/html Date Thu, 25 May 2023 09:14:26 GMT ETag W/"64550a9a-3b1" Expires Thu, 25 May 2023 09:15:26 GMT Last-Modified Fri, 05 May 2023 13:54:34 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	jweixin-1.6.0.js Show response res.wx.qq.com/open/js/	13 KB 5 KB	1850ms 7ms	Script application/x-javascript	43.152.28.37 ACE-AS-AP ACE
General Check archive.org Show headers Download Go to Full URL https://res.wx.qq.com/open/js/jweixin-1.6.0.js Requested by Host: xfbm.isafety365.com URL: https://xfbm.isafety365.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 43.152.28.37 , Singapore, ASN139341 (ACE-AS-AP ACE, SG), Reverse DNS Software NWS_SSD_MID / Resource Hash `e55662dc8c011c02ffc492e7140a8651ef0a4de6b907b69c4bb5e2982961da28` Request headers accept-language de-DE,de;q=0.9 Referer https://xfbm.isafety365.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Tue, 16 May 2023 09:12:03 GMT Content-Encoding gzip X-Cache-Lookup Cache Hit, Hit From Inner Cluster Connection keep-alive X-Verify-Code 79b0dd3ef45a2f199692c42b0a41c7f6 Content-Length 4211 Last-Modified Tue, 16 May 2023 09:10:00 GMT Server NWS_SSD_MID Vary Origin Content-Type application/x-javascript Access-Control-Allow-Origin https://open.weixin.qq.com Cache-Control max-age=31536000 X-Daa-Tunnel hop_count=1 X-NWS-LOG-UUID 12382825847180941620 Accept-Ranges bytes Expires Wed, 15 May 2024 09:12:03 GMT
GET H/1.1	200 OK	506.js Show response xfbm.isafety365.com/js/	262 KB 73 KB	1155ms 1154ms	Script application/javascript	120.26.195.40 ALIBABA-CN-NET Ha...
General Check archive.org Show headers Download Go to Full URL https://xfbm.isafety365.com/js/506.js Requested by Host: xfbm.isafety365.com URL: https://xfbm.isafety365.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 120.26.195.40 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `212ba076dd9f4d61bb0c601c367c7243cee85ef2a9e222a3ad61824508ed9f79` Request headers accept-language de-DE,de;q=0.9 Referer https://xfbm.isafety365.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Thu, 25 May 2023 09:14:26 GMT Content-Encoding gzip Last-Modified Fri, 05 May 2023 13:54:34 GMT Server nginx ETag W/"64550a9a-4179c" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=60 Connection keep-alive Expires Thu, 25 May 2023 09:15:26 GMT
GET H/1.1	200 OK	app.js Show response xfbm.isafety365.com/js/	201 KB 71 KB	246ms 245ms	Script application/javascript	120.26.195.40 ALIBABA-CN-NET Ha...
General Check archive.org Show headers Download Go to Full URL https://xfbm.isafety365.com/js/app.js Requested by Host: xfbm.isafety365.com URL: https://xfbm.isafety365.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 120.26.195.40 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `ed8828575e50585281c095e40505defda18a6e435ed602a16a0732c7a2137188` Request headers accept-language de-DE,de;q=0.9 Referer https://xfbm.isafety365.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Thu, 25 May 2023 09:14:27 GMT Content-Encoding gzip Last-Modified Fri, 05 May 2023 13:54:34 GMT Server nginx ETag W/"64550a9a-322a5" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=60 Connection keep-alive Expires Thu, 25 May 2023 09:15:27 GMT
GET H/1.1	200 OK	217.js Show response xfbm.isafety365.com/chunk/	8 KB 3 KB	243ms 242ms	Script application/javascript	120.26.195.40 ALIBABA-CN-NET Ha...
General Check archive.org Show headers Download Go to Full URL https://xfbm.isafety365.com/chunk/217.js Requested by Host: xfbm.isafety365.com URL: https://xfbm.isafety365.com/js/app.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 120.26.195.40 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `c5418fb5522369846fba7b791331bc03e0655e3241e7363d0baad86e0ce5d422` Request headers accept-language de-DE,de;q=0.9 Referer https://xfbm.isafety365.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Thu, 25 May 2023 09:14:28 GMT Content-Encoding gzip Last-Modified Fri, 05 May 2023 13:54:34 GMT Server nginx ETag W/"64550a9a-1ea7" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=60 Connection keep-alive Expires Thu, 25 May 2023 09:15:28 GMT
GET H/1.1	200 OK	52.js Show response xfbm.isafety365.com/chunk/	56 KB 16 KB	476ms 476ms	Script application/javascript	120.26.195.40 ALIBABA-CN-NET Ha...
General Check archive.org Show headers Download Go to Full URL https://xfbm.isafety365.com/chunk/52.js Requested by Host: xfbm.isafety365.com URL: https://xfbm.isafety365.com/js/app.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 120.26.195.40 Hangzhou, China, ASN37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd., CN), Reverse DNS Software nginx / Resource Hash `a831a032be3aaff52e83bc52bf3f29b67cf757ed47da89884f7e6b512ac8d272` Request headers accept-language de-DE,de;q=0.9 Referer https://xfbm.isafety365.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Thu, 25 May 2023 09:14:28 GMT Content-Encoding gzip Last-Modified Fri, 05 May 2023 13:54:34 GMT Server nginx ETag W/"64550a9a-de1e" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=60 Connection keep-alive Expires Thu, 25 May 2023 09:15:28 GMT
GET H2	200	3aff93f9-8396-43f1-32fe-b752a20e73fa.png cdn.waityou.online/	958 KB 960 KB	1645ms 489ms	Image image/png	240e:f7:ef00:3:0:4:0:8 CHINATELECOM-ZHEJ...
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.waityou.online/3aff93f9-8396-43f1-32fe-b752a20e73fa.png Requested by Host: xfbm.isafety365.com URL: https://xfbm.isafety365.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 240e:f7:ef00:3:0:4:0:8 , China, ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN), Reverse DNS Software openresty / Resource Hash `d22fac5a596fcf9313154704b587b44d1b8540e6956d27bb6580a1bfc2ca6166` Request headers accept-language de-DE,de;q=0.9 Referer https://xfbm.isafety365.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-log X-Log date Thu, 25 May 2023 09:14:30 GMT x-svr IO content-md5 /djLAKxh9lcE5iuUCtKlKg== age 1757049 x-reqid JgIAAADABQ4RGlwX content-transfer-encoding binary content-disposition inline; filename="3aff93f9-8396-43f1-32fe-b752a20e73fa.png"; filename=utf-8''3aff93f9-8396-43f1-32fe-b752a20e73fa.png content-length* 981205 x-m-reqid qlQERFOpJ x-m-log QNM:cdn-cache-tel-zjqz-qz-3;QNM3:1 last-modified Fri, 05 May 2023 01:09:29 GMT server openresty etag "Fg4ayTsoSBnUAj99NEE7nSm29uiR" access-control-max-age 2592000 content-type image/png access-control-allow-origin * access-control-expose-headers X-Log, X-Reqid cache-control public, max-age=31536000 accept-ranges bytes x-qiniu-zone 2 x-qnm-cache Hit
GET H2	200	2f52a9f1-9bdb-436f-ebc6-a777200f7ada.png cdn.waityou.online/	13 KB 13 KB	1620ms 464ms	Image image/png	240e:f7:ef00:3:0:4:0:8 CHINATELECOM-ZHEJ...
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.waityou.online/2f52a9f1-9bdb-436f-ebc6-a777200f7ada.png Requested by Host: xfbm.isafety365.com URL: https://xfbm.isafety365.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 240e:f7:ef00:3:0:4:0:8 , China, ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN), Reverse DNS Software openresty / Resource Hash `d6ad82726da63c763ae13808c42f798f8f9a696133e3dab534effeaf7b551bbb` Request headers accept-language de-DE,de;q=0.9 Referer https://xfbm.isafety365.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-log X-Log date Thu, 25 May 2023 09:14:30 GMT x-svr IO content-md5 W/Ub5Tnlbp7Zu7o5H6v4vQ== age 1057398 x-reqid GSMAAABkrkesUlYX content-transfer-encoding binary content-disposition inline; filename="2f52a9f1-9bdb-436f-ebc6-a777200f7ada.png"; filename=utf-8''2f52a9f1-9bdb-436f-ebc6-a777200f7ada.png content-length* 13108 x-m-reqid 9Yp5cuwoy x-m-log QNM:cdn-cache-tel-zjqz-qz-4;QNM3 last-modified Sun, 16 Apr 2023 05:20:04 GMT server openresty etag "FhHlUy8IoIQ3g29AQwPWl_a1GqLV" access-control-max-age 2592000 content-type image/png access-control-allow-origin * access-control-expose-headers X-Log, X-Reqid cache-control public, max-age=31536000 accept-ranges bytes x-qiniu-zone 2 x-qnm-cache Hit

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.waityou.online
res.wx.qq.com
xfbm.isafety365.com
120.26.195.40
240e:f7:ef00:3:0:4:0:8
43.152.28.37
212ba076dd9f4d61bb0c601c367c7243cee85ef2a9e222a3ad61824508ed9f79
a831a032be3aaff52e83bc52bf3f29b67cf757ed47da89884f7e6b512ac8d272
c5418fb5522369846fba7b791331bc03e0655e3241e7363d0baad86e0ce5d422
d22fac5a596fcf9313154704b587b44d1b8540e6956d27bb6580a1bfc2ca6166
d6ad82726da63c763ae13808c42f798f8f9a696133e3dab534effeaf7b551bbb
e55662dc8c011c02ffc492e7140a8651ef0a4de6b907b69c4bb5e2982961da28
e964f00364d2ac0eda483a29c208f62aebbe348c984bffd42f817556e2cf0b1b
ed8828575e50585281c095e40505defda18a6e435ed602a16a0732c7a2137188

xfbm.isafety365.com Open in urlscan Pro 120.26.195.40 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

38 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1142 kBTransfer

1510 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

0 Cookies

Indicators

xfbm.isafety365.com Open in urlscan Pro
120.26.195.40 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

38 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1142 kB
Transfer

1510 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions