www.safetodate.pw Open in urlscan Pro
162.0.229.226 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.safetodate.pw/
Submission: On September 08 via automatic, source certstream-suspicious (September 8th 2020, 5:59:08 pm UTC)

Summary HTTP 26 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 9 domains to perform 26 HTTP transactions. The main IP is 162.0.229.226, located in Canada and belongs to NAMECHEAP-NET, US. The main domain is www.safetodate.pw.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 8th 2020. Valid for: a year.

This is the only time www.safetodate.pw was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Tinder (Online)

Domain & IP information

	IP Address	AS Autonomous System
18	162.0.229.226 162.0.229.226	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE)
2 2	52.215.240.105 52.215.240.105	16509 (AMAZON-02) (AMAZON-02)
2 2	52.17.221.212 52.17.221.212	16509 (AMAZON-02) (AMAZON-02)
2 2	104.26.0.138 104.26.0.138	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	163.171.128.172 163.171.128.172	54994 (QUANTILNE...) (QUANTILNETWORKS)
1	2606:4700:303... 2606:4700:3031::681c:1cef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	6

18 162.0.229.226 (Canada)

ASN22612 (NAMECHEAP-NET, US)
PTR: premium124-4.web-hosting.com

www.safetodate.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.215.240.105 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-240-105.eu-west-1.compute.amazonaws.com

www.tmdth.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.221.212 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-221-212.eu-west-1.compute.amazonaws.com

www.tgtrak.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.0.138 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

joincheckout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 163.171.128.172 (Germany)

ASN54994 (QUANTILNETWORKS, US)

dkwpnv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::681c:1cef (United States)

ASN13335 (CLOUDFLARENET, US)

bootstraplugin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	safetodate.pw www.safetodate.pw	1 MB
2	dkwpnv.com dkwpnv.com
2	joincheckout.com 2 redirects joincheckout.com	1 KB
2	tgtrak.com 2 redirects www.tgtrak.com	4 KB
2	tmdth.com 2 redirects www.tmdth.com	3 KB
1	bootstraplugin.com bootstraplugin.com	570 B
1	gstatic.com fonts.gstatic.com	33 KB
1	googleapis.com fonts.googleapis.com	648 B
0	geoplugin.net Failed www.geoplugin.net Failed
26	9

	Domain	Requested by
18	www.safetodate.pw	www.safetodate.pw
2	dkwpnv.com	www.safetodate.pw
2	joincheckout.com	2 redirects
2	www.tgtrak.com	2 redirects
2	www.tmdth.com	2 redirects
1	bootstraplugin.com	www.safetodate.pw
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	www.safetodate.pw
0	www.geoplugin.net Failed	www.safetodate.pw
26	9

This site contains links to these domains. Also see Links.

Domain
tr.procashrevenue.com

Subject Issuer	Validity	Valid
safetodate.pw Sectigo RSA Domain Validation Secure Server CA	`2020-09-08` - `2021-09-08`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
www.dkwpnv.com AlphaSSL CA - SHA256 - G2	`2020-06-15` - `2022-07-29`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-13` - `2021-08-13`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.safetodate.pw/
Frame ID: 518DD1C4E130060856032BCB22575B0A
Requests: 24 HTTP requests in this frame

Frame: https://dkwpnv.com/newuser/?ofid=28&wlid=hup456&a_bid=be645a23&a_aid=16073&x_offer=141&x_code=23931&x_code2=10206b92bd8f1a8accd3e33649d0ba&x_clickid=10261d0b8c7e3d0372b14d77875752&sitekey=206acffc1929d5ca&ts=1599587930&tsc=bc87731257037bfbe1a64f0a7f77dc66&rtr=1
Frame ID: BC8E16E407CFC15421EB9317AD022BB0
Requests: 1 HTTP requests in this frame

Frame: https://dkwpnv.com/newuser/?ofid=28&wlid=hup456&a_bid=be645a23&a_aid=16073&x_offer=141&x_code=23931&x_code2=10206b92bd8f1a8accd3e33649d0ba&x_clickid=10200ac4937284ccc8c3e80bba83c9&sitekey=206acffc1929d5ca&ts=1599587930&tsc=bc87731257037bfbe1a64f0a7f77dc66&rtr=1
Frame ID: 151F8A8E805C3A3D9E8643C1CCD70F50
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

26
Requests

88 %
HTTPS

38 %
IPv6

9
Domains

9
Subdomains

6
IPs

4
Countries

1108 kB
Transfer

1150 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://tr.procashrevenue.com/tr?offer_id=11&pub=122
Title: Click Here

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://www.tmdth.com/aff_c?offer_id=8710&aff_id=23931 HTTP 302
https://www.tgtrak.com/aff_c?offer_id=141&aff_id=16073&url_id=2158&aff_sub=23931&aff_sub2=10206b92bd8f1a8accd3e33649d0ba HTTP 302
https://joincheckout.com/routes/?ofid=28&wlid=hup456&a_bid=be645a23&a_aid=16073&x_offer=141&x_code=23931&x_code2=10206b92bd8f1a8accd3e33649d0ba&x_clickid=10261d0b8c7e3d0372b14d77875752 HTTP 302
https://dkwpnv.com/newuser/?ofid=28&wlid=hup456&a_bid=be645a23&a_aid=16073&x_offer=141&x_code=23931&x_code2=10206b92bd8f1a8accd3e33649d0ba&x_clickid=10261d0b8c7e3d0372b14d77875752&sitekey=206acffc1929d5ca&ts=1599587930&tsc=bc87731257037bfbe1a64f0a7f77dc66&rtr=1

Request Chain 22

https://www.tmdth.com/aff_c?offer_id=8710&aff_id=23931 HTTP 302
https://www.tgtrak.com/aff_c?offer_id=141&aff_id=16073&url_id=2158&aff_sub=23931&aff_sub2=10206b92bd8f1a8accd3e33649d0ba HTTP 302
https://joincheckout.com/routes/?ofid=28&wlid=hup456&a_bid=be645a23&a_aid=16073&x_offer=141&x_code=23931&x_code2=10206b92bd8f1a8accd3e33649d0ba&x_clickid=10200ac4937284ccc8c3e80bba83c9 HTTP 302
https://dkwpnv.com/newuser/?ofid=28&wlid=hup456&a_bid=be645a23&a_aid=16073&x_offer=141&x_code=23931&x_code2=10206b92bd8f1a8accd3e33649d0ba&x_clickid=10200ac4937284ccc8c3e80bba83c9&sitekey=206acffc1929d5ca&ts=1599587930&tsc=bc87731257037bfbe1a64f0a7f77dc66&rtr=1

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.safetodate.pw/ 11 KB
3 KB 570ms
187ms Document
text/html 162.0.229.226
NAMECHEAP-NET

General

www.safetodate.pw Open in urlscan Pro 162.0.229.226 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

26 Requests

88 %HTTPS

38 %IPv6

9 Domains

9 Subdomains

6 IPs

4 Countries

1108 kBTransfer

1150 kBSize

1 Cookies

1 Outgoing links

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

www.safetodate.pw Open in urlscan Pro
162.0.229.226 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

88 %
HTTPS

38 %
IPv6

9
Domains

9
Subdomains

6
IPs

4
Countries

1108 kB
Transfer

1150 kB
Size

1
Cookies

26 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!