urlscan.io logo urlscan.io
SecurityTrails logo

zfqfmrne.com Open in urlscan Pro
116.202.189.245  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://youtubers.boats/
Effective URL: https://zfqfmrne.com/1?r=ilijahbrs31064&sub1={ty}
Submission: On November 24 via api from SG — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 5 countries across 6 domains to perform 2 HTTP transactions. The main IP is 116.202.189.245, located in Germany and belongs to HETZNER-AS, DE. The main domain is zfqfmrne.com.
TLS certificate: Issued by R3 on November 19th 2023. Valid for: 3 months.
This is the only time zfqfmrne.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a00:f940:2:2... 197695 (AS-REG)
1 116.202.189.245 24940 (HETZNER-AS)
2 2 34.147.1.177 396982 (GOOGLE-CL...)
1 1 52.74.99.12 16509 (AMAZON-02)
1 34.160.108.161 396982 (GOOGLE-CL...)
2 2
1    2a00:f940:2:2:1:1:0:128 (Russian Federation)

ASN197695 (AS-REG, RU)
youtubers.boats
1    116.202.189.245 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.245.189.202.116.clients.your-server.de
zfqfmrne.com
2    34.147.1.177 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 177.1.147.34.bc.googleusercontent.com
tc.mbailer.com
adthorized.media-412.com
1    52.74.99.12 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-74-99-12.ap-southeast-1.compute.amazonaws.com
bl.adkzmol.com
1    34.160.108.161 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 161.108.160.34.bc.googleusercontent.com
www.bks22jtrk.com
Apex Domain
Subdomains		 Transfer
1 bks22jtrk.com
www.bks22jtrk.com
1 media-412.com
adthorized.media-412.com
329 B
1 adkzmol.com
bl.adkzmol.com
625 B
1 mbailer.com
tc.mbailer.com
210 B
1 zfqfmrne.com
zfqfmrne.com
1 KB
1 youtubers.boats
youtubers.boats
256 B
2 6
Domain Requested by
1 www.bks22jtrk.com zfqfmrne.com
1 adthorized.media-412.com 1 redirects
1 bl.adkzmol.com 1 redirects
1 tc.mbailer.com 1 redirects
1 zfqfmrne.com
1 youtubers.boats 1 redirects
2 6

This site contains links to these domains. Also see Links.

Domain
tc.mbailer.com
Subject Issuer Validity Valid
zfqfmrne.com
R3		 2023-11-19 -
2024-02-17		 3 months crt.sh
a2y8vytrk.com
Starfield Secure Certificate Authority - G2		 2023-11-01 -
2024-03-06		 4 months crt.sh

This page contains 1 frames:

Frame: https://www.bks22jtrk.com/4WB1QC/3QQG7/?sub2=424&sub3=TB_SG_1734&sub5=6560f12aac0021000160ab19
Frame ID: 2772660C62393E07892B444C4FED124A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://youtubers.boats/ HTTP 301
    https://zfqfmrne.com/1?r=ilijahbrs31064&sub1={ty} Page URL

Page Statistics

2
Requests

100 %
HTTPS

20 %
IPv6

6
Domains

6
Subdomains

2
IPs

5
Countries

1 kB
Transfer

1 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://youtubers.boats/ HTTP 301
    https://zfqfmrne.com/1?r=ilijahbrs31064&sub1={ty} Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://tc.mbailer.com/click?offer_id=4522&pid=1734&sub1=31064_&sub3=018c02ae07e773d994a7d59a756ab0 HTTP 302
  • https://bl.adkzmol.com/506f6a04-c7d8-4cd0-9173-ff0239f2dd4a?affid=&source=&pid=1734&sub1=1734_31064_&offerid=4522&sub3=018c02ae07e773d994a7d59a756ab0 HTTP 302
  • https://adthorized.media-412.com/click?pid=424&offer_id=6787&sub1=TB_SG_1734&sub3=wiekgsbsjfikmq8ticn0dsme HTTP 302
  • https://www.bks22jtrk.com/4WB1QC/3QQG7/?sub2=424&sub3=TB_SG_1734&sub5=6560f12aac0021000160ab19

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 1
zfqfmrne.com/
Redirect Chain
  • http://youtubers.boats/
  • https://zfqfmrne.com/1?r=ilijahbrs31064&sub1={ty}
716 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://zfqfmrne.com/1?r=ilijahbrs31064&sub1={ty}
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
116.202.189.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.245.189.202.116.clients.your-server.de
Software
/
Resource Hash
39721d600cd38b81b3727e9c5de031b10a50055a5911702563484c673837b6df

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
716
Content-Type
text/html; charset=utf-8
Expires
0
Pragma
no-cache
Referrer-Policy
no-referrer

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 24 Nov 2023 18:53:27 GMT
Location
https://zfqfmrne.com/1?r=ilijahbrs31064&sub1={ty}
Server
nginx
X-Powered-By
PHP/8.0.17
/
www.bks22jtrk.com/4WB1QC/3QQG7/
Redirect Chain
  • https://tc.mbailer.com/click?offer_id=4522&pid=1734&sub1=31064_&sub3=018c02ae07e773d994a7d59a756ab0
  • https://bl.adkzmol.com/506f6a04-c7d8-4cd0-9173-ff0239f2dd4a?affid=&source=&pid=1734&sub1=1734_31064_&offerid=4522&sub3=018c02ae07e773d994a7d59a756ab0
  • https://adthorized.media-412.com/click?pid=424&offer_id=6787&sub1=TB_SG_1734&sub3=wiekgsbsjfikmq8ticn0dsme
  • https://www.bks22jtrk.com/4WB1QC/3QQG7/?sub2=424&sub3=TB_SG_1734&sub5=6560f12aac0021000160ab19
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bks22jtrk.com/4WB1QC/3QQG7/?sub2=424&sub3=TB_SG_1734&sub5=6560f12aac0021000160ab19
Requested by
Host: zfqfmrne.com
URL: https://zfqfmrne.com/1?r=ilijahbrs31064&sub1={ty}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.108.161 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
161.108.160.34.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

accept-ch
Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 24 Nov 2023 18:53:31 GMT
server
nginx
vary
Origin
via
1.1 google
x-eflow-request-id
7a56eb9c-8721-4b52-b126-f46c73c5cc63

Redirect headers

access-control-allow-origin
*
content-length
0
date
Fri, 24 Nov 2023 18:53:30 GMT
location
https://www.bks22jtrk.com/4WB1QC/3QQG7/?sub2=424&sub3=TB_SG_1734&sub5=6560f12aac0021000160ab19
server
nginx
x-adjust-use-original-forwarded-for
1

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| redirect

5 Cookies

Domain/Path Name / Value
zfqfmrne.com/ Name: 47145
Value: 018c02ae-07e7-73d9-94a7-d59a756ab08c
.bl.adkzmol.com/ Name: 506f6a04-c7d8-4cd0-9173-ff0239f2dd4a-v4
Value: T9MSNc89ytrejt2PUJj4CPLH97Bdu4rG5WQP-6X4EIE
.bl.adkzmol.com/ Name: cc-v4
Value: %2B2CBV6ziCcELjfs0xPs%2FE5W%2FgzNpeg%2FyXWgarLrAop9gY6fy8nu2QCFJZcZPmE1FQwy%2BmFe9e41Gtzazg7I0nD4B1EJtiikGwTWCjX0rzb91UZv6U7E7BhrwKsJ7D2ji%2FpKTLBwpGBj6EFN9tWxcMQ%3D%3D
adthorized.media-412.com/ Name: afclick
Value: 6560f12aac0021000160ab19
adthorized.media-412.com/ Name: afoffers
Value: {"6787":1700852010}

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adthorized.media-412.com
bl.adkzmol.com
tc.mbailer.com
www.bks22jtrk.com
youtubers.boats
zfqfmrne.com
116.202.189.245
2a00:f940:2:2:1:1:0:128
34.147.1.177
34.160.108.161
52.74.99.12
39721d600cd38b81b3727e9c5de031b10a50055a5911702563484c673837b6df