Submitted URL: https://safedevicedefend.online/nlp/index.php?id=nRqBsKrLf0r18fgrnqs7&s1=@ni&s2=4957&s5=eb7814k4p7vtwdz11d&url_bnm_redirect=http...
Effective URL: https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
Submission: On January 11 via manual from GB — Scanned from GB

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is promoteofficial.com.
TLS certificate: Issued by GTS CA 1P5 on December 25th 2023. Valid for: 3 months.
This is the only time promoteofficial.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 35.156.37.99 16509 (AMAZON-02)
6 2a06:98c1:312... 13335 (CLOUDFLAR...)
7 2
Domain Requested by
6 promoteofficial.com promoteofficial.com
1 aw-sv.realtracksonline.com 1 redirects
1 safedevicedefend.online
7 3

This site contains links to these domains. Also see Links.

Domain
url.totalav.com
url.scanguard.com
Subject Issuer Validity Valid
safedevicedefend.online
GTS CA 1P5
2023-12-14 -
2024-03-13
3 months crt.sh
promoteofficial.com
GTS CA 1P5
2023-12-25 -
2024-03-24
3 months crt.sh

This page contains 1 frames:

Primary Page: https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
Frame ID: A5FDA7FE7E06E4B4E9001BAB90D45D98
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

Mobile Protection

Page URL History Show full URLs

  1. https://safedevicedefend.online/nlp/index.php?id=nRqBsKrLf0r18fgrnqs7&s1=@ni&s2=4957&s5=eb7814k4p7vtwdz11d&u... Page URL
  2. https://aw-sv.realtracksonline.com/t/clk?id=nRqBsKrLf0r18fgrnqs7&s1=%40ni&s2=4957&s5=eb7814k4p7vtwdz11d HTTP 302
    https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab97... Page URL

Page Statistics

7
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

28 kB
Transfer

70 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://safedevicedefend.online/nlp/index.php?id=nRqBsKrLf0r18fgrnqs7&s1=@ni&s2=4957&s5=eb7814k4p7vtwdz11d&url_bnm_redirect=https://aw-sv.realtracksonline.com/t/clk Page URL
  2. https://aw-sv.realtracksonline.com/t/clk?id=nRqBsKrLf0r18fgrnqs7&s1=%40ni&s2=4957&s5=eb7814k4p7vtwdz11d HTTP 302
    https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
index.php
safedevicedefend.online/nlp/
148 B
634 B
Document
General
Full URL
https://safedevicedefend.online/nlp/index.php?id=nRqBsKrLf0r18fgrnqs7&s1=@ni&s2=4957&s5=eb7814k4p7vtwdz11d&url_bnm_redirect=https://aw-sv.realtracksonline.com/t/clk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:9895 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70fef5381ef941a63a144a9a7116cebaf1b46313637d7fb0fd1264f86038f85c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-transform
cf-cache-status
DYNAMIC
cf-ray
843efbf9faf7068e-LHR
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 11 Jan 2024 17:47:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FMmN1IPymJSfW4vEBD7aBkyypRBb4fl9qNo1ooLINBi1ea4EkZUN2LiLBH7CcdEOjESpzzNd0XKC1mcrQndCFy6xCRIuN%2BuC4mG7nOMLmXoWu%2BO2VVY%2BHP%2FOaoINKc6%2B1X1DCjRQTuy8dING4a1jUFLA26xZIw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
Primary Request /
promoteofficial.com/av/mobile-protection/
Redirect Chain
  • https://aw-sv.realtracksonline.com/t/clk?id=nRqBsKrLf0r18fgrnqs7&s1=%40ni&s2=4957&s5=eb7814k4p7vtwdz11d
  • https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
10 KB
4 KB
Document
General
Full URL
https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4825b222a01fd2d483bdfe9d89e6b970be6fb887ec6aa2006fc9758851ab5277

Request headers

Referer
https://safedevicedefend.online/nlp/index.php?id=nRqBsKrLf0r18fgrnqs7&s1=@ni&s2=4957&s5=eb7814k4p7vtwdz11d&url_bnm_redirect=https://aw-sv.realtracksonline.com/t/clk
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
843efc03aaa43691-LHR
content-encoding
br
content-type
text/html
date
Thu, 11 Jan 2024 17:47:21 GMT
last-modified
Mon, 06 Feb 2023 09:30:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSw2Vo%2Fgcw0786lpDM3Huzic4YK1qD77PQmgN7qoS2eNah7chDgodDnJvcaLKnl8GBh5TZg6p9QiMfxRRX2OOJlqK30uS%2BRSyIS0dDazXdv%2Fkpbs%2B9KHHkluaifNTuMrEMwuybCwCqwV%2F0rKqRmfLtST"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

cache-control
no-transform
content-language
en
content-length
0
content-type
text/html; charset=utf-8
date
Thu, 11 Jan 2024 17:47:21 GMT
location
https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
server
nginx/1.14.2
vary
Accept-Language, Cookie, Origin
x-frame-options
SAMEORIGIN
alpinejs.js
promoteofficial.com/av/mobile-protection/js/
39 KB
15 KB
Script
General
Full URL
https://promoteofficial.com/av/mobile-protection/js/alpinejs.js
Requested by
Host: promoteofficial.com
URL: https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b02426e749fbc4999d6407083463b9bcb5511f073f413249a56e21643bb6bd8

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 17:47:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 19 Jan 2023 16:30:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4072
etag
W/"63c9700c-9b85"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cm3sZbb%2Bi4vD4c5HK0ZQxlYKlNnGutQu0uzfA8QHnJJjer6ygBgnhlumn5Uce4XFGqfusAJF1FJd1fv%2F5zyctkDdNLeARVVL5CMMY6koQXqA5dZVdohvU6KbtQszuFVfP%2B2uJcYR527gOLpmFqrsVTxw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
843efc051d933691-LHR
alt-svc
h3=":443"; ma=86400
device-detect.js
promoteofficial.com/av/mobile-protection/js/
414 B
514 B
Script
General
Full URL
https://promoteofficial.com/av/mobile-protection/js/device-detect.js
Requested by
Host: promoteofficial.com
URL: https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ceeb3a54df2b5bf570456468414fa39a229530b750812dd61d46d0fde81498b6

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 17:47:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 19 Jan 2023 16:30:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4072
etag
W/"63c9700c-19e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t0W1JEs%2FEgi87QiBOTy4e86859Xhu6oOa5sWqp0MQmRgwjPu9nEqGS99pN7vf%2BQXLEEh7WywY3FyMplczxWQEhhwFmpXLHruKxDM1os1pjmE4sY2ElxbLraBuQOrfdwhN0m2sAgm13Emvua45qZEkLG3"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
843efc051d903691-LHR
alt-svc
h3=":443"; ma=86400
outbound-link.js
promoteofficial.com/av/mobile-protection/js/
2 KB
897 B
Script
General
Full URL
https://promoteofficial.com/av/mobile-protection/js/outbound-link.js
Requested by
Host: promoteofficial.com
URL: https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0ba484e0f92135d99e9b2b7a404b359660fb74d972c43f2d250a48f55f25603

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 17:47:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 06 Feb 2023 09:30:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4072
etag
W/"63e0c89c-6d9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iUHji2l7xpTnoDwc62dM9sYJE%2FB81N9T4t%2FszwVpreDj9zCsJWJhdCjNbxvJvNdof%2Bl3YNnKPH5gN0xrYYJuvdMrxQB8xS7e99Pj8ZuHiCrgruhFmBcAz51VdNp6qKP4t7Bo8Lr9SI0CKyseIjLF5des"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
843efc051d913691-LHR
alt-svc
h3=":443"; ma=86400
main.css
promoteofficial.com/av/mobile-protection/css/
6 KB
2 KB
Stylesheet
General
Full URL
https://promoteofficial.com/av/mobile-protection/css/main.css?v1.0.0
Requested by
Host: promoteofficial.com
URL: https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b9b2ee9768bcc645ad1d3bd01af2d388d5587bc94d112a20f73ce455f5c3e5a

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 17:47:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 19 Jan 2023 16:30:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4072
etag
W/"63c9700c-185f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nnA7A0v7%2B37XiKbpG6P6MA37EuRpPrujJD3MW2Mye8T7QWZMrGiXXZQgPiehmu%2B2Q5iT%2FwB6fMjyYB%2FYMi2KsO9zGdyUi%2FSN1dw3bk%2FjpZ8ZMgGPpjycxfBm7cWE4VA2X8SUwE3ZcuDvrh5o80lF08r1"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
843efc051d8e3691-LHR
alt-svc
h3=":443"; ma=86400
i18n.js
promoteofficial.com/av/mobile-protection/js/
13 KB
5 KB
Script
General
Full URL
https://promoteofficial.com/av/mobile-protection/js/i18n.js?v1.0.0
Requested by
Host: promoteofficial.com
URL: https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a02d04dfb40ed6c9960a9a554172c5624021add54225e12dfeecd04cce65fc21

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://promoteofficial.com/av/mobile-protection/?affiliate=a195627&click=19f24123-5053-4768-b9e8-97ab9722aab3&subaffiliate=@ni
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Thu, 11 Jan 2024 17:47:22 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 19 Jan 2023 16:30:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4073
etag
W/"63c9700c-3510"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oba20D%2BdtkiLE9nTV%2BfcayvgwgPW%2BKth9Pc2yPEAN%2FTEa5117WT1PtD%2FCI9h8VVoHayvcME%2BOZezAzljZ7x2cncgcNf3Isb85SglmNPGLLD2sap7VFLWSqOHMgsHbzy7kiqwCLBNMc%2FvtDJlPdnKlGxA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
843efc075d09459b-LHR
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| getUserDevice object| Alpine

2 Cookies

Domain/Path Name / Value
aw-sv.realtracksonline.com/ Name: uip
Value: "[\"QCAc4DBN\"\054 {\"2D4YO\": \"oya8oKY\"}]:1rNz9F:gBkAeRYTOZ0Ma78Qmecp38_1SGI"
aw-sv.realtracksonline.com/ Name: ydt_adc3c4b2f89d49aa87468740c2661042
Value: "[\"19f24123-5053-4768-b9e8-97ab9722aab3\"]:1rNz9F:zgPlOdMvX1v3gj3pw36C3M-8B64"