safe-offers.org Open in urlscan Pro
2606:4700:3033::ac43:a740 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://oldyghost.hopto.org/rd/c17843sIcYg492388cgPb3474yfl2467deDK1339
Effective URL:
https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=33...
Submission: On August 17 via api (August 17th 2023, 7:56:30 pm UTC) from BE — Scanned from NL

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3033::ac43:a740, located in United States and belongs to CLOUDFLARENET, US. The main domain is safe-offers.org.
TLS certificate: Issued by E1 on July 14th 2023. Valid for: 3 months.

This is the only time safe-offers.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	45.87.153.246 45.87.153.246	44477 (STARK-IND...) (STARK-INDUSTRIES)
1	45.79.3.248 45.79.3.248	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 1	185.142.236.235 185.142.236.235	174 (COGENT-174) (COGENT-174)
11	2606:4700:303... 2606:4700:3033::ac43:a740	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	3

2 45.87.153.246 (Meppel, Netherlands) 1 redirects

ASN44477 (STARK-INDUSTRIES, GB)
PTR: klhjsgghgk.com

oldyghost.hopto.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.79.3.248 (Richardson, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 45-79-3-248.ip.linodeusercontent.com

www.bestoffersleads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.142.236.235 (Amsterdam, Netherlands) 1 redirects

ASN174 (COGENT-174, US)

fnnt.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:3033::ac43:a740 (United States)

ASN13335 (CLOUDFLARENET, US)

safe-offers.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	safe-offers.org safe-offers.org	165 KB
2	hopto.org 1 redirects oldyghost.hopto.org	643 B
1	fnnt.cc 1 redirects fnnt.cc	841 B
1	bestoffersleads.com www.bestoffersleads.com	496 B
13	4

	Domain	Requested by
11	safe-offers.org	www.bestoffersleads.com safe-offers.org
2	oldyghost.hopto.org	1 redirects
1	fnnt.cc	1 redirects
1	www.bestoffersleads.com	oldyghost.hopto.org
13	4

This site contains no links.

Subject Issuer	Validity	Valid
www.bestoffersleads.com R3	`2023-06-05` - `2023-09-03`	3 months	crt.sh
safe-offers.org E1	`2023-07-14` - `2023-10-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl
Frame ID: 7D7A054945EFCDB36423CC1AD3193701
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://oldyghost.hopto.org/rd/c17843sIcYg492388cgPb3474yfl2467deDK1339 Page URL
http://oldyghost.hopto.org/track/c17843sIcYg492388cgPb3474yfl2467deDK1339 HTTP 302
https://www.bestoffersleads.com/LD0xS8mzbCxKDBVjLxnyrFwvXsQePTo8CTFbpiWCGxcQ2Z7zGLCeN3nIi3_a-J4Xu-yzB6p_ZZcS... Page URL
https://fnnt.cc/click.php?project_id=39ee5bd4c6&affiliate_id=rQn&lp=77110905c8&custom1=33967... HTTP 302
https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1... Page URL

Page Statistics

13
Requests

92 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

166 kB
Transfer

538 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://oldyghost.hopto.org/rd/c17843sIcYg492388cgPb3474yfl2467deDK1339 Page URL
http://oldyghost.hopto.org/track/c17843sIcYg492388cgPb3474yfl2467deDK1339 HTTP 302
https://www.bestoffersleads.com/LD0xS8mzbCxKDBVjLxnyrFwvXsQePTo8CTFbpiWCGxcQ2Z7zGLCeN3nIi3_a-J4Xu-yzB6p_ZZcSNzkPyI9nkQ~~/10/1339-17843/492388-3474-2467 Page URL
https://fnnt.cc/click.php?project_id=39ee5bd4c6&affiliate_id=rQn&lp=77110905c8&custom1=339677188&custom2=650196&custom3=10 HTTP 302
https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://oldyghost.hopto.org/track/c17843sIcYg492388cgPb3474yfl2467deDK1339 HTTP 302
https://www.bestoffersleads.com/LD0xS8mzbCxKDBVjLxnyrFwvXsQePTo8CTFbpiWCGxcQ2Z7zGLCeN3nIi3_a-J4Xu-yzB6p_ZZcSNzkPyI9nkQ~~/10/1339-17843/492388-3474-2467

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	c17843sIcYg492388cgPb3474yfl2467deDK1339 oldyghost.hopto.org/rd/	243 B 360 B	64ms 27ms	Document text/html	45.87.153.246 STARK-INDUSTRIES
General Check archive.org Show headers Download Go to Full URL http://oldyghost.hopto.org/rd/c17843sIcYg492388cgPb3474yfl2467deDK1339 Protocol HTTP/1.1 Server 45.87.153.246 Meppel, Netherlands, ASN44477 (STARK-INDUSTRIES, GB), Reverse DNS klhjsgghgk.com Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Content-Length 243 Content-Type text/html; charset=utf-8 Date Thu, 17 Aug 2023 19:56:22 GMT
GET H/1.1	200 OK	492388-3474-2467 www.bestoffersleads.com/LD0xS8mzbCxKDBVjLxnyrFwvXsQePTo8CTFbpiWCGxcQ2Z7zGLCeN3nIi3_a-J4Xu-yzB6p_ZZcSNzkPyI9nkQ~~/10/1339-17843/ Redirect Chain http://oldyghost.hopto.org/track/c17843sIcYg492388cgPb3474yfl2467deDK1339 https://www.bestoffersleads.com/LD0xS8mzbCxKDBVjLxnyrFwvXsQePTo8CTFbpiWCGxcQ2Z7zGLCeN3nIi3_a-J4Xu-yzB6p_ZZcSNzkPyI9nkQ~~/10/1339-17843/492388-3474-2467	185 B 496 B	859ms 337ms	Document text/html	45.79.3.248 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://www.bestoffersleads.com/LD0xS8mzbCxKDBVjLxnyrFwvXsQePTo8CTFbpiWCGxcQ2Z7zGLCeN3nIi3_a-J4Xu-yzB6p_ZZcSNzkPyI9nkQ~~/10/1339-17843/492388-3474-2467 Requested by Host: oldyghost.hopto.org URL: http://oldyghost.hopto.org/rd/c17843sIcYg492388cgPb3474yfl2467deDK1339 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.79.3.248 Richardson, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 45-79-3-248.ip.linodeusercontent.com Software Apache / Resource Hash Request headers Referer http://oldyghost.hopto.org/rd/c17843sIcYg492388cgPb3474yfl2467deDK1339 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers Content-Length 185 Content-Type text/html; charset=UTF-8 Date Thu, 17 Aug 2023 19:56:23 GMT Server Apache Redirect headers Content-Length 174 Content-Type text/html; charset=utf-8 Date Thu, 17 Aug 2023 19:56:22 GMT Location https://www.bestoffersleads.com/LD0xS8mzbCxKDBVjLxnyrFwvXsQePTo8CTFbpiWCGxcQ2Z7zGLCeN3nIi3_a-J4Xu-yzB6p_ZZcSNzkPyI9nkQ~~/10/1339-17843/492388-3474-2467
GET H2	200	Primary Request / Show response safe-offers.org/bitcoinera/ Redirect Chain https://fnnt.cc/click.php?project_id=39ee5bd4c6&affiliate_id=rQn&lp=77110905c8&custom1=339677188&custom2=650196&custom3=10 https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirect...	12 KB 2 KB	396ms 311ms	Document text/html	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Requested by Host: www.bestoffersleads.com URL: https://www.bestoffersleads.com/LD0xS8mzbCxKDBVjLxnyrFwvXsQePTo8CTFbpiWCGxcQ2Z7zGLCeN3nIi3_a-J4Xu-yzB6p_ZZcSNzkPyI9nkQ~~/10/1339-17843/492388-3474-2467 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `270a35f5a46194ae867079d516fd2e49e3b7f36b0f05bd9ff98067ff890d356b` Request headers Referer https://www.bestoffersleads.com/LD0xS8mzbCxKDBVjLxnyrFwvXsQePTo8CTFbpiWCGxcQ2Z7zGLCeN3nIi3_a-J4Xu-yzB6p_ZZcSNzkPyI9nkQ~~/10/1339-17843/492388-3474-2467 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7f847ae9abdb0b4e-AMS content-encoding br content-type text/html date Thu, 17 Aug 2023 19:56:24 GMT last-modified Thu, 17 Aug 2023 15:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xsHdoHoKRleU7WSIlaZ4JksLaqEkqQPP0vsuEDd4%2FTxcppnRjdTnEf7E2kdTJTip%2BxwV%2Bwg%2Fl8A9kHMJpm7%2BJyyxhXjeMRhbUgyMnioMwrJg9aoUW8KJj%2B88t8bWLobozc4JCwWxBiEpRg9JglQ%3D"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Thu, 17 Aug 2023 19:56:23 GMT Location https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl PX-X-Request-Id ae833f9ccc381b9c96d4a7e93df846c7 Server nginx Transfer-Encoding chunked Vary Accept-Encoding X-Server rizon
GET H2	200	runtime.efdd550b9f1ca2b0.js Show response safe-offers.org/bitcoinera/	1 KB 1017 B	308ms 303ms	Script application/javascript	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/bitcoinera/runtime.efdd550b9f1ca2b0.js Requested by Host: safe-offers.org URL: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b136a932f7cb9a721ab4cc9155519ef5dbffe6b1f05c35619f92745dfa8614f6` Request headers Referer https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Origin https://safe-offers.org accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Thu, 17 Aug 2023 19:56:24 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 17 Aug 2023 15:17:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UdZzy6UPqQ6XZn7q0wx%2BdOJZ4r%2BdFW5xQtvU8buE7FZ6IamtmGUhF%2FhiZ6SFVPr6e%2Ba3%2B1TfGW%2FR9jlhE1qfIaRSGp5sCoDugApQsOvvwyn53Fqpv2nIirVvmXPAWZUtHSipHo7dKDN4Jf636OA%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 7f847aebafba0b4e-AMS alt-svc h3=":443"; ma=86400
GET H2	200	polyfills.afe53779820dff83.js Show response safe-offers.org/bitcoinera/	33 KB 12 KB	309ms 304ms	Script application/javascript	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/bitcoinera/polyfills.afe53779820dff83.js Requested by Host: safe-offers.org URL: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5977d2e3222d44130e75c6578e706e898c5c51bad840f493e278c864ed6b9e87` Request headers Referer https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Origin https://safe-offers.org accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Thu, 17 Aug 2023 19:56:24 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 17 Aug 2023 15:17:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QWhR70KDs2yQ7XNmFk0boUO1vSoRfFUIWiCiGoCT2SxlEnco67dWhakSP%2BNTxW2XhffPhifiDBmTBFoej9616O6A5WQh8dw1fNQsbY4uBc3gtnJ9%2BU0FQSentSUA72ToMC0exkiMTRcmqCMrEqw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 7f847aebafbd0b4e-AMS alt-svc h3=":443"; ma=86400
GET H3	200	scripts.e0135f0deb9d3569.js Show response safe-offers.org/bitcoinera/	152 KB 49 KB	333ms 331ms	Script application/javascript	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/bitcoinera/scripts.e0135f0deb9d3569.js Requested by Host: safe-offers.org URL: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5f49e1b6e12622ebdaebc5a8ae6cc29c98e39b10db9a1bfaa4c1c6da94b8948a` Request headers accept-language nl-NL,nl;q=0.9 Referer https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Thu, 17 Aug 2023 19:56:24 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 17 Aug 2023 15:17:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k0N2v2JMpWEc8lRLVVq1O3Gm1Zh4u%2BQUSvIUV3a1DtPdyglEWjtAH5iHQNfq3MZIUxBxy0vPPTOBupX1tTx02sk5Jxz0q3a0jE3aDaNJX7UTnS%2BlkHQOwtnyGNpieArjQh1OhH6W3eokperjZ30%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 7f847aeddc590b7c-AMS alt-svc h3=":443"; ma=86400
GET H2	200	main.ad94c60f6a81419e.js Show response safe-offers.org/bitcoinera/	340 KB 100 KB	321ms 317ms	Script application/javascript	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/bitcoinera/main.ad94c60f6a81419e.js Requested by Host: safe-offers.org URL: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4e534c0a209fa341d5043d6a942f9c4f583aa035c6f3c8b6a295d0664001a690` Request headers Referer https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Origin https://safe-offers.org accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Thu, 17 Aug 2023 19:56:24 GMT content-encoding br cf-cache-status REVALIDATED last-modified Thu, 17 Aug 2023 15:17:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aS9o19gJv48kiAthiY3efmwoXkoCSF4Lq9N6OB%2BQvKiXfN2grq2pO5CrdN0ncNYJLvSpem6G3ti2LgTIx%2FpDhGSvK27rbdQGOJzsoWU3qpIy8fjpdAw4kzAOKiXYGyq6hUSKdu0P9oUblQlCxdQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 7f847aebafbe0b4e-AMS alt-svc h3=":443"; ma=86400
HEAD H2	200	/ Show response safe-offers.org/bitcoinera/	0 258 B	339ms 338ms	XHR text/html	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Requested by Host: safe-offers.org URL: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Thu, 17 Aug 2023 19:56:24 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 17 Aug 2023 15:17:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DlPg9SD8HgSpg98zyrBWEP6etAy0nSxs0QN2F9VXnU6C9Ql1bYfkY3n9R5NZTw0T5YhY19LfgH8L3gehAsrsYxYBQMoehVEJ3oPYKKoaSyKsbkQKOd3DAM3e3QlSUIB5TzYs2MvyUzl6%2BK%2BpLrs%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 7f847aebbfc90b4e-AMS alt-svc h3=":443"; ma=86400
GET H3	404	styles.370d4f5455219bfb.css safe-offers.org/	0 0	380ms 377ms	Stylesheet text/html	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/styles.370d4f5455219bfb.css Requested by Host: safe-offers.org URL: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Thu, 17 Aug 2023 19:56:24 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f5aqRem4dK9Wa2Jdzj%2B%2BaOI6VwVk%2BIO1fTTmGezOAVQQD3kNLTub70Ks%2FAKcaXZFqAY1UHEaqCHICIj3gvDEeR5gl7UlGege0%2BGRBCUkIi62pW8lL51Gan2Xs51PRINx9oSgbtehdTHVcdaCu3c%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 7f847aeddc600b7c-AMS alt-svc h3=":443"; ma=86400
GET H3	404	runtime.efdd550b9f1ca2b0.js safe-offers.org/	0 0	314ms 313ms	Script text/html	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/runtime.efdd550b9f1ca2b0.js Requested by Host: safe-offers.org URL: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Origin https://safe-offers.org accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Thu, 17 Aug 2023 19:56:24 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1NTfdCsjA0pga22V7FytdgFeqp03lEwE3pf8dtb3i%2BEZ5TSdZStwyThq%2F97q5pgPjsmzlFLrc3ejMjQOec2NuR9zlyTlj%2FEwQHqZshV86Wf%2F0m6K1ZDckOs1xbTM%2FnB3s9Jvka%2F8HivxwQ59Do%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 7f847aeddc640b7c-AMS alt-svc h3=":443"; ma=86400
GET H3	404	polyfills.afe53779820dff83.js safe-offers.org/	0 0	329ms 327ms	Script text/html	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/polyfills.afe53779820dff83.js Requested by Host: safe-offers.org URL: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Origin https://safe-offers.org accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Thu, 17 Aug 2023 19:56:24 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tPfDjZIexSBcERUmaeVHTUnnvTqqdbga5XFXcL3R2ayp8qaCNdrfTYpVWrYjMC2oECZxPe%2Bhl2%2Fky3txGvWFhPEJEFuTb9p0PnTrfRT6rO7gtBQ79DVt2ruKeHaj%2BsKpDFUNE%2FStHS7NUth086U%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 7f847aeddc650b7c-AMS alt-svc h3=":443"; ma=86400
GET H3	404	scripts.e0135f0deb9d3569.js safe-offers.org/	0 0	177ms 175ms	Script text/html	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/scripts.e0135f0deb9d3569.js Requested by Host: safe-offers.org URL: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Thu, 17 Aug 2023 19:56:24 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ydIjyZR%2FwMzfOpfxoarZ5sUTn3nA%2BiOgYUcE2h%2Bpql2EYnFRRRBz%2F4EWDWzRUr9D0JnHSykXABB8cVb9h0Rfq%2Ff7n2mIFePSPIDa4MiWnOexn35K3dtNjPIY%2F45uDwQtwi1OTn3g4b67r6rnGlA%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 7f847aeddc670b7c-AMS alt-svc h3=":443"; ma=86400
GET H3	404	main.ad94c60f6a81419e.js safe-offers.org/	0 0	323ms 321ms	Script text/html	2606:4700:3033::ac43:a740 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://safe-offers.org/main.ad94c60f6a81419e.js Requested by Host: safe-offers.org URL: https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:a740 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://safe-offers.org/bitcoinera/?intgrtn_clickID=qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K&intgrtn_custom1=339677188&intgrtn_custom2=650196&intgrtn_custom3=10&country=NL&intgrtn_redirectReturningLead=auto&intgrtn_language=nl Origin https://safe-offers.org accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Thu, 17 Aug 2023 19:56:24 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E23FR5oHpA1kT9U808q%2FR9i5bVsLmHD%2BejtUDxjEHdWiAfI4naQ5mFMpp8LJ93Dx%2FYNUMDdDTOiD47bFw4c%2BMmLilq1Mk7BbNGb2X6vCP6Nc2RPe0sBuVXZ0FoYBxbFfb8OEaLxMd9eMEl6OZu0%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 7f847aeddc680b7c-AMS alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture string| mappedRequestURI string| mappedRequestURIString object| req

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bestoffersleads.com/	1970-01-20 14:48:14	Name: uid1624 Value: 339677188-20230817155623-287028be65a79c63e0278c5cfd7f0b58-
fnnt.cc/	1970-01-20 14:15:06	Name: clickID Value: qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K
fnnt.cc/	1970-01-20 14:15:06	Name: leadID Value: qWxPprDaYJnQ2gZBELzOwqke3yer8V4vkedG795l3m0AojM1K

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://safe-offers.org/scripts.e0135f0deb9d3569.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://safe-offers.org/runtime.efdd550b9f1ca2b0.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://safe-offers.org/main.ad94c60f6a81419e.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://safe-offers.org/polyfills.afe53779820dff83.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://safe-offers.org/styles.370d4f5455219bfb.css Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fnnt.cc
oldyghost.hopto.org
safe-offers.org
www.bestoffersleads.com
185.142.236.235
2606:4700:3033::ac43:a740
45.79.3.248
45.87.153.246
270a35f5a46194ae867079d516fd2e49e3b7f36b0f05bd9ff98067ff890d356b
4e534c0a209fa341d5043d6a942f9c4f583aa035c6f3c8b6a295d0664001a690
5977d2e3222d44130e75c6578e706e898c5c51bad840f493e278c864ed6b9e87
5f49e1b6e12622ebdaebc5a8ae6cc29c98e39b10db9a1bfaa4c1c6da94b8948a
b136a932f7cb9a721ab4cc9155519ef5dbffe6b1f05c35619f92745dfa8614f6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

safe-offers.org Open in urlscan Pro 2606:4700:3033::ac43:a740 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

13 Requests

92 %HTTPS

25 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

166 kBTransfer

538 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

3 Cookies

5 Console Messages

Indicators

safe-offers.org Open in urlscan Pro
2606:4700:3033::ac43:a740 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

166 kB
Transfer

538 kB
Size

3
Cookies

13 HTTP transactions
0 data transactions