safewarns.com Open in urlscan Pro
132.148.232.95 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://favwbook.com/
Effective URL:
https://safewarns.com/reviews/zaful.php?sgt=BOruGxbLJFRsE5Np8ZamVd67PxxNwEwrlLQ-qb9EltcCzoXlnA2Ib0TJOLTO&subid=d390b25...
Submission: On September 14 via api (September 14th 2023, 8:49:41 pm UTC) from SG — Scanned from SG

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 11 HTTP transactions. The main IP is 132.148.232.95, located in and belongs to . The main domain is safewarns.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 15th 2023. Valid for: 3 months.

This is the only time safewarns.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	146.148.34.125 146.148.34.125	15169 (GOOGLE) (GOOGLE)
4	75.2.122.238 75.2.122.238	16509 (AMAZON-02) (AMAZON-02)
1	13.33.100.30 13.33.100.30	16509 (AMAZON-02) (AMAZON-02)
2	34.205.42.136 34.205.42.136	14618 (AMAZON-AES) (AMAZON-AES)
2	104.21.86.225 104.21.86.225	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	104.21.31.167 104.21.31.167	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	132.148.232.95 132.148.232.95	() ()
11	6

1 146.148.34.125 (Council Bluffs, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 125.34.148.146.bc.googleusercontent.com

favwbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 75.2.122.238 (United States)

ASN16509 (AMAZON-02, US)
PTR: ae2e29254fe717bf6.awsglobalaccelerator.com

ww11.favwbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.100.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-100-30.sin2.r.cloudfront.net

d38psrni17bvxu.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.205.42.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-205-42-136.compute-1.amazonaws.com

takhm-ylj.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.86.225 (None, )

ASN13335 (CLOUDFLARENET, US)

777569.popularcldfa.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.31.167 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

769432.moveyourdesk.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 132.148.232.95 (None, )

ASN- ()

safewarns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	favwbook.com 1 redirects favwbook.com ww11.favwbook.com	4 KB
2	moveyourdesk.co 1 redirects 769432.moveyourdesk.co	1 KB
2	popularcldfa.co 777569.popularcldfa.co	11 KB
2	takhm-ylj.com takhm-ylj.com	4 KB
1	safewarns.com safewarns.com	354 B
1	cloudfront.net d38psrni17bvxu.cloudfront.net	2 KB
11	6

	Domain	Requested by
4	ww11.favwbook.com	d38psrni17bvxu.cloudfront.net ww11.favwbook.com
2	769432.moveyourdesk.co	1 redirects
2	777569.popularcldfa.co	takhm-ylj.com
2	takhm-ylj.com	ww11.favwbook.com takhm-ylj.com
1	safewarns.com
1	d38psrni17bvxu.cloudfront.net	ww11.favwbook.com
1	favwbook.com	1 redirects
11	7

This site contains no links.

Subject Issuer	Validity	Valid
popularcldfa.co E1	`2023-09-10` - `2023-12-09`	3 months	crt.sh
moveyourdesk.co GTS CA 1P5	`2023-09-09` - `2023-12-08`	3 months	crt.sh
safewarns.com cPanel, Inc. Certification Authority	`2023-08-15` - `2023-11-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://safewarns.com/reviews/zaful.php?sgt=BOruGxbLJFRsE5Np8ZamVd67PxxNwEwrlLQ-qb9EltcCzoXlnA2Ib0TJOLTO&subid=d390b254883c87481baa2c389be118d9&mk=1
Frame ID: CDFF150AC617F30A9FB811732EA5723B
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://favwbook.com/ HTTP 302
http://ww11.favwbook.com/ Page URL
http://takhm-ylj.com/zclkvisitor/36452ea6-5340-11ee-931d-12561c4fd3ff/85aefdc2-9ed0-48aa-922d-60f... Page URL
http://takhm-ylj.com/zclkredirect?visitid=36452ea6-5340-11ee-931d-12561c4fd3ff&type=js&browserWid... Page URL
https://777569.popularcldfa.co/bdv_rd.dbm?ownid=0jn83aqad1-vbv-fofa&enparms2=1331%2C2067973%2C3880863%2C128... Page URL
https://777569.popularcldfa.co/bdv_rd3.dbm?frdto=777569 Page URL
https://769432.moveyourdesk.co/bdvfrd.dbm?gten=68747470732533412532462532463736393433322e6d6f7665796f757264... Page URL
https://769432.moveyourdesk.co/yardr.dbm?subid=d390b254883c87481baa2c389be118d9&ccd=SG&type=I-CHI1-I-CHI2-I... HTTP 302
https://safewarns.com/reviews/zaful.php?sgt=BOruGxbLJFRsE5Np8ZamVd67PxxNwEwrlLQ-qb9EltcCzoXlnA2Ib0... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

11
Requests

36 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

22 kB
Transfer

49 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://favwbook.com/ HTTP 302
http://ww11.favwbook.com/ Page URL
http://takhm-ylj.com/zclkvisitor/36452ea6-5340-11ee-931d-12561c4fd3ff/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=36535f76-5340-11ee-931d-12561c4fd3ff Page URL
http://takhm-ylj.com/zclkredirect?visitid=36452ea6-5340-11ee-931d-12561c4fd3ff&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false Page URL
https://777569.popularcldfa.co/bdv_rd.dbm?ownid=0jn83aqad1-vbv-fofa&enparms2=1331%2C2067973%2C3880863%2C1282%2C1332%2C52281%2C1460%2C0%2C0%2C1286%2C0%2C2073426%2C777569%2C206215%2C121544684159%2C140494662%2Cnlx.pllydezu&u_agnt=2e6de925b83fb1ba2705210ba8c28c4b&skter=vtzk%20mrtlo%20pllyvxzu%2Civtmvhhvn%20pllyvxzu%2Cvtzk%20vnls%20pllyvxzu%2Cmr%20mtrh%20pllyvxzu%2Cmr%20tlo%20pllyvxzu%2Cvero%20pllyvxzu%2Cpllyvxzu%2Cpllyvxzu%2Cpllyvxzu%2Cnivgplmey&czero=-1&cstate=vilkztmrh&skwdb=MLI&ccntry=TH&cctid=109&chsh=d390b254883c87481baa2c389be118d9&rn=102036811178&cf=8&dlt=0&da=894046&pbi=0&exids=&frdto=777569 Page URL
https://777569.popularcldfa.co/bdv_rd3.dbm?frdto=777569 Page URL
https://769432.moveyourdesk.co/bdvfrd.dbm?gten=68747470732533412532462532463736393433322e6d6f7665796f75726465736b2e636f25324679617264722e64626d25334673756269642533446433393062323534383833633837343831626161326333383962653131386439253236636364253344534725323674797065253344492d434849312d492d434849322d492d422d43484942542d4d4d4b253236646c74253344302532366c63696425334432303636363932253236637a65726f2533442d31&sgntmp=tZVUQ0AGgaKe7KBCguqVDrPz%2BK%2FJqREnqwvLlwPoVhuPk1lIPRT3QyU3jC3QSFVArHGuTsC5I4yTZG5xJNEVUL3CH5p5Nzs4it9WRMKS%2ByaRxGOLnd2bWRbGjItPFJr6ka2J%2Bl920jwqgPGEJasajzCiMa4%3D&subid=d390b254883c87481baa2c389be118d9&ccd=SG&type=I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692&prn=ci8090c4b5666852d3dcb3007493ae0b54&bm=0 Page URL
https://769432.moveyourdesk.co/yardr.dbm?subid=d390b254883c87481baa2c389be118d9&ccd=SG&type=I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692&czero=-1 HTTP 302
https://safewarns.com/reviews/zaful.php?sgt=BOruGxbLJFRsE5Np8ZamVd67PxxNwEwrlLQ-qb9EltcCzoXlnA2Ib0TJOLTO&subid=d390b254883c87481baa2c389be118d9&mk=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://favwbook.com/ HTTP 302
http://ww11.favwbook.com/

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
ww11.favwbook.com/
Redirect Chain

http://favwbook.com/
http://ww11.favwbook.com/

2 KB
2 KB

1870ms
972ms

Document
text/html

75.2.122.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww11.favwbook.com/
Protocol: HTTP/1.1
Server: 75.2.122.238 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ae2e29254fe717bf6.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 48bbb4ee176e8280c71543e03005968c45f81cf437d87dfd4c9f021976df7eec

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

Accept-CH: viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
Accept-CH-Lifetime: 30
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 14 Sep 2023 20:49:35 GMT
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_s6iMHbEgmln42L9OzfQOxUcm6Q+Y0aBoxLkWsdcfIwj8th3ZTMpMR9rCMdIBnpj+ADUJVPPptv6C897JZGqvnA==
X-Buckets: bucket011
X-Domain: favwbook.com
X-Language: english
X-Redirect: zeropark_zeroclick
X-Subdomain: ww11
X-Template: tpl_CleanPeppermintBlack_twoclick

Redirect headers

Connection: close
Content-Length: 0
Content-Type: text/html
Date: Thu, 14 Sep 2023 20:49:33 GMT
Location: http://ww11.favwbook.com/
Server: Apache

GET
H/1.1 200
OK js3.js Show response
d38psrni17bvxu.cloudfront.net/scripts/ 1 KB
2 KB 578ms
265ms Script
application/javascript 13.33.100.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by: Host: ww11.favwbook.com
URL: http://ww11.favwbook.com/
Protocol: HTTP/1.1
Server: 13.33.100.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-100-30.sin2.r.cloudfront.net
Software: nginx /
Resource Hash: 036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: http://ww11.favwbook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Date: Wed, 13 Sep 2023 23:34:48 GMT
Via: 1.1 f376d87611123aa47c006262522a6a94.cloudfront.net (CloudFront)
Last-Modified: Mon, 23 Jan 2023 11:12:07 GMT
Server: nginx
X-Amz-Cf-Pop: SIN2-P2
Age: 76487
ETag: "63ce6b87-448"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1096
X-Amz-Cf-Id: dFFQ-KbOWRPbh8ZX-JybYNU3UypD4rSicahIXR5mNpOognF0UZr7lg==

GET
H/1.1 200
OK track.php Show response
ww11.favwbook.com/ 0
608 B 387ms
387ms XHR
text/html 75.2.122.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww11.favwbook.com/track.php?domain=favwbook.com&toggle=browserjs&uid=MTY5NDcyNDU3NC42OTg1OmYzN2I0MzQ3Yzc3MTVhNjU5MmEyMGY0M2M4NGIxNjE1YWJhMjM5OGVjYzk3NGI5ZjFhMzIxM2M5Mjk1YjFlY2E6NjUwMzcxZGVhYTg3NA%3D%3D
Requested by: Host: d38psrni17bvxu.cloudfront.net
URL: http://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol: HTTP/1.1
Server: 75.2.122.238 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ae2e29254fe717bf6.awsglobalaccelerator.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: http://ww11.favwbook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 20:49:35 GMT
Content-Encoding: gzip
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
X-Custom-Track: browserjs
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Accept-CH-Lifetime: 30
Connection: keep-alive

GET
H/1.1 201
Created ls.php
ww11.favwbook.com/ 16 B
906 B 363ms
362ms XHR
text/javascript 75.2.122.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww11.favwbook.com/ls.php?t=650371df&token=80247a2d966d8b6663de8454bec0f4aece5d965d
Requested by: Host: ww11.favwbook.com
URL: http://ww11.favwbook.com/
Protocol: HTTP/1.1
Server: 75.2.122.238 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ae2e29254fe717bf6.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: http://ww11.favwbook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 20:49:36 GMT
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Transfer-Encoding: chunked
Accept-CH-Lifetime: 30
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin
Access-Control-Allow-Methods: POST, OPTIONS
Charset: utf-8
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_blhlsG5EWllUaUx9yk4zS1CuJHrVCZCDM+3/ymnpuF97MuYokJGYiTSQQmu8dmAbQRcopr2I0j/LdYVUc3P90w==
Connection: keep-alive
X-Log-Success: 650371e0b13d881b0a49fd09

GET
H/1.1 200
OK track.php
ww11.favwbook.com/ 0
601 B 632ms
631ms XHR
text/html 75.2.122.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ww11.favwbook.com/track.php?click=698ff4ef44bc0d3b60182cac23608b3c12cdd17a&domain=favwbook.com&uid=MTY5NDcyNDU3NC42OTg1OmYzN2I0MzQ3Yzc3MTVhNjU5MmEyMGY0M2M4NGIxNjE1YWJhMjM5OGVjYzk3NGI5ZjFhMzIxM2M5Mjk1YjFlY2E6NjUwMzcxZGVhYTg3NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NTAzNzFkZWFhODRkfHx8MTY5NDcyNDU3NS4wMDQzfDgyMDZlMTA2MGEzNGUxNDE3ZWZkODVjMDNjYWY1YmJkYmZlOWQ1NDB8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXw4MDI0N2EyZDk2NmQ4YjY2NjNkZTg0NTRiZWMwZjRhZWNlNWQ5NjVkfDB8fDB8MHw%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by: Host: d38psrni17bvxu.cloudfront.net
URL: http://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol: HTTP/1.1
Server: 75.2.122.238 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ae2e29254fe717bf6.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: http://ww11.favwbook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

Date: Thu, 14 Sep 2023 20:49:36 GMT
Content-Encoding: gzip
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Accept-CH-Lifetime: 30
X-View-Match: true
Connection: keep-alive

GET
H/1.1 200 85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d
takhm-ylj.com/zclkvisitor/36452ea6-5340-11ee-931d-12561c4fd3ff/ 1 KB
2 KB 719ms
710ms Document
text/html 34.205.42.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

http://takhm-ylj.com/zclkvisitor/36452ea6-5340-11ee-931d-12561c4fd3ff/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=36535f76-5340-11ee-931d-12561c4fd3ff

Requested by

Host: ww11.favwbook.com
URL: http://ww11.favwbook.com/

Protocol

HTTP/1.1

Server

34.205.42.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-205-42-136.compute-1.amazonaws.com

Software

WUWsJoAQ /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer: http://ww11.favwbook.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
Date: Thu, 14 Sep 2023 20:49:37 GMT
Server: WUWsJoAQ
Transfer-Encoding: chunked
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'

GET
H/1.1 200 zclkredirect
takhm-ylj.com/ 1 KB
2 KB 321ms
321ms Document
text/html 34.205.42.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

http://takhm-ylj.com/zclkredirect?visitid=36452ea6-5340-11ee-931d-12561c4fd3ff&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false

Requested by

Host: takhm-ylj.com
URL: http://takhm-ylj.com/zclkvisitor/36452ea6-5340-11ee-931d-12561c4fd3ff/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=36535f76-5340-11ee-931d-12561c4fd3ff

Protocol

HTTP/1.1

Server

34.205.42.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-205-42-136.compute-1.amazonaws.com

Software

eIqaEZPq /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer: http://takhm-ylj.com/zclkvisitor/36452ea6-5340-11ee-931d-12561c4fd3ff/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=36535f76-5340-11ee-931d-12561c4fd3ff
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
Date: Thu, 14 Sep 2023 20:49:37 GMT
Server: eIqaEZPq
Transfer-Encoding: chunked
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
redirected: JS
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'

GET
H2 200 bdv_rd.dbm Show response
777569.popularcldfa.co/ 40 KB
10 KB 832ms
137ms Document
text/html 104.21.86.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://777569.popularcldfa.co/bdv_rd.dbm?ownid=0jn83aqad1-vbv-fofa&enparms2=1331%2C2067973%2C3880863%2C1282%2C1332%2C52281%2C1460%2C0%2C0%2C1286%2C0%2C2073426%2C777569%2C206215%2C121544684159%2C140494662%2Cnlx.pllydezu&u_agnt=2e6de925b83fb1ba2705210ba8c28c4b&skter=vtzk%20mrtlo%20pllyvxzu%2Civtmvhhvn%20pllyvxzu%2Cvtzk%20vnls%20pllyvxzu%2Cmr%20mtrh%20pllyvxzu%2Cmr%20tlo%20pllyvxzu%2Cvero%20pllyvxzu%2Cpllyvxzu%2Cpllyvxzu%2Cpllyvxzu%2Cnivgplmey&czero=-1&cstate=vilkztmrh&skwdb=MLI&ccntry=TH&cctid=109&chsh=d390b254883c87481baa2c389be118d9&rn=102036811178&cf=8&dlt=0&da=894046&pbi=0&exids=&frdto=777569
Requested by: Host: takhm-ylj.com
URL: http://takhm-ylj.com/zclkredirect?visitid=36452ea6-5340-11ee-931d-12561c4fd3ff&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.86.225 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d800255ea5590992dbda692ea09f2c8a79df742e0ce26cbb2791f74b615eea9

Request headers

Referer: http://takhm-ylj.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 806b7f682f1c9f91-SIN
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 14 Sep 2023 20:49:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x1509DBR6bJnqhIuyy%2Fb0z6zFKSHLcTZtgDvQ1nviLsfUXp5LNkXF8Ogv8EHDFNC%2BXsPS7lORvXBDpfpAJOkNoNBJstAcmMy3lS2znG7xVaKHoLFkI2xKlmByM8MmdyyAZdUwcAzfLsZ"}],"group":"cf-nel","max_age":604800}
server: cloudflare

POST
H2 200 bdv_rd3.dbm
777569.popularcldfa.co/ 3 KB
1 KB 136ms
135ms Document
text/html 104.21.86.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://777569.popularcldfa.co/bdv_rd3.dbm?frdto=777569
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.86.225 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://777569.popularcldfa.co
Referer: https://777569.popularcldfa.co/bdv_rd.dbm?ownid=0jn83aqad1-vbv-fofa&enparms2=1331%2C2067973%2C3880863%2C1282%2C1332%2C52281%2C1460%2C0%2C0%2C1286%2C0%2C2073426%2C777569%2C206215%2C121544684159%2C140494662%2Cnlx.pllydezu&u_agnt=2e6de925b83fb1ba2705210ba8c28c4b&skter=vtzk%20mrtlo%20pllyvxzu%2Civtmvhhvn%20pllyvxzu%2Cvtzk%20vnls%20pllyvxzu%2Cmr%20mtrh%20pllyvxzu%2Cmr%20tlo%20pllyvxzu%2Cvero%20pllyvxzu%2Cpllyvxzu%2Cpllyvxzu%2Cpllyvxzu%2Cnivgplmey&czero=-1&cstate=vilkztmrh&skwdb=MLI&ccntry=TH&cctid=109&chsh=d390b254883c87481baa2c389be118d9&rn=102036811178&cf=8&dlt=0&da=894046&pbi=0&exids=&frdto=777569
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 806b7f6a58419f91-SIN
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 14 Sep 2023 20:49:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OoQMoe9in2%2BmZeHbr69iIu5MTzHvlbeyts4tjJ5w301YwqUHy0GI3GvkgTgOHkeO%2Fs7vNuyxXRXwEBdZuWtcNTMIyWEHPZkKU%2BIFrEC7wsQyn7%2FY4WhPrIohpGjHDXFJJ1ZF6HTQmpuH"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 bdvfrd.dbm
769432.moveyourdesk.co/ 493 B
848 B 891ms
210ms Document
text/html 104.21.31.167
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://769432.moveyourdesk.co/bdvfrd.dbm?gten=68747470732533412532462532463736393433322e6d6f7665796f75726465736b2e636f25324679617264722e64626d25334673756269642533446433393062323534383833633837343831626161326333383962653131386439253236636364253344534725323674797065253344492d434849312d492d434849322d492d422d43484942542d4d4d4b253236646c74253344302532366c63696425334432303636363932253236637a65726f2533442d31&sgntmp=tZVUQ0AGgaKe7KBCguqVDrPz%2BK%2FJqREnqwvLlwPoVhuPk1lIPRT3QyU3jC3QSFVArHGuTsC5I4yTZG5xJNEVUL3CH5p5Nzs4it9WRMKS%2ByaRxGOLnd2bWRbGjItPFJr6ka2J%2Bl920jwqgPGEJasajzCiMa4%3D&subid=d390b254883c87481baa2c389be118d9&ccd=SG&type=I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692&prn=ci8090c4b5666852d3dcb3007493ae0b54&bm=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.31.167 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 806b7f6fda7b8974-SIN
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 14 Sep 2023 20:49:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZM07uT3biUkHyh9pUdoiRo9xyhmf8BwRfLGeewyL8aS%2BfkTQh8Yq7RMIwCHDikLtG8X%2BzxYtBhFhEIn1Dy%2Ben9DZqLJCF%2Bkv%2FNVlEJpJIMTUU5Ie5to4rjRoGHGSYjD2DK12iOZnryB"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2

200

Primary Request zaful.php
safewarns.com/reviews/
Redirect Chain

https://769432.moveyourdesk.co/yardr.dbm?subid=d390b254883c87481baa2c389be118d9&ccd=SG&type=I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692&czero=-1
https://safewarns.com/reviews/zaful.php?sgt=BOruGxbLJFRsE5Np8ZamVd67PxxNwEwrlLQ-qb9EltcCzoXlnA2Ib0TJOLTO&subid=d390b254883c87481baa2c389be118d9&mk=1

190 B
354 B

1496ms
515ms

Document
text/html

132.148.232.95

General

Check archive.org

Show headers Download Go to

Full URL: https://safewarns.com/reviews/zaful.php?sgt=BOruGxbLJFRsE5Np8ZamVd67PxxNwEwrlLQ-qb9EltcCzoXlnA2Ib0TJOLTO&subid=d390b254883c87481baa2c389be118d9&mk=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.232.95 -, , ASN (),
Reverse DNS
Software: Apache / PHP/7.4.33
Resource Hash

Request headers

Referer: https://769432.moveyourdesk.co/bdvfrd.dbm?gten=68747470732533412532462532463736393433322e6d6f7665796f75726465736b2e636f25324679617264722e64626d25334673756269642533446433393062323534383833633837343831626161326333383962653131386439253236636364253344534725323674797065253344492d434849312d492d434849322d492d422d43484942542d4d4d4b253236646c74253344302532366c63696425334432303636363932253236637a65726f2533442d31&sgntmp=tZVUQ0AGgaKe7KBCguqVDrPz%2BK%2FJqREnqwvLlwPoVhuPk1lIPRT3QyU3jC3QSFVArHGuTsC5I4yTZG5xJNEVUL3CH5p5Nzs4it9WRMKS%2ByaRxGOLnd2bWRbGjItPFJr6ka2J%2Bl920jwqgPGEJasajzCiMa4%3D&subid=d390b254883c87481baa2c389be118d9&ccd=SG&type=I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692&prn=ci8090c4b5666852d3dcb3007493ae0b54&bm=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

content-encoding: br
content-length: 125
content-type: text/html; charset=UTF-8
date: Thu, 14 Sep 2023 20:49:41 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 806b7f711b2c8974-SIN
content-type: text/html; charset=UTF-8
date: Thu, 14 Sep 2023 20:49:40 GMT
location: https://safewarns.com/reviews/zaful.php?sgt=BOruGxbLJFRsE5Np8ZamVd67PxxNwEwrlLQ-qb9EltcCzoXlnA2Ib0TJOLTO&subid=d390b254883c87481baa2c389be118d9&mk=1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cpRUVLEiiWX3QKeOZYPXgNu1NhGnIl3pRUda9BuaueoEoZbBRta0Li174v5%2BdXOElRSKfGxJrkGEGok0Knot5N6om1i9VMbLAiDZfB%2FZIWoNbN%2BxhmdYLd6YIL6c8Vgn4%2Fu9HE2vhGdQ"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
777569.popularcldfa.co/	1970-01-20 14:45:24	Name: ci8090c4b5666852d3dcb3007493ae0b54 Value: 1694724632
777569.popularcldfa.co/	1970-01-20 14:45:24	Name: ci8090c4b5666852d3dcb3007493ae0b54_js Value: 1694724638705
777569.popularcldfa.co/	1970-01-20 14:45:50	Name: CF8-10a6acdc14670d5717a793dd8bb1e6077 Value: 1694750972

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

769432.moveyourdesk.co
777569.popularcldfa.co
d38psrni17bvxu.cloudfront.net
favwbook.com
safewarns.com
takhm-ylj.com
ww11.favwbook.com
104.21.31.167
104.21.86.225
13.33.100.30
132.148.232.95
146.148.34.125
34.205.42.136
75.2.122.238
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9
2d800255ea5590992dbda692ea09f2c8a79df742e0ce26cbb2791f74b615eea9
48bbb4ee176e8280c71543e03005968c45f81cf437d87dfd4c9f021976df7eec
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

safewarns.com Open in urlscan Pro 132.148.232.95 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

36 %HTTPS

0 %IPv6

6 Domains

7 Subdomains

6 IPs

2 Countries

22 kBTransfer

49 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

3 Cookies

Indicators

safewarns.com Open in urlscan Pro
132.148.232.95 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

36 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

22 kB
Transfer

49 kB
Size

3
Cookies

11 HTTP transactions
0 data transactions