zfwd.co.uk Open in urlscan Pro
2a07:7800::185 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://zfwd.co.uk/
Effective URL:
https://zfwd.co.uk/
Submission: On December 21 via api (December 21st 2024, 4:46:59 pm UTC) from US — Scanned from GB

Summary HTTP 17 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 8 IPs in 4 countries across 8 domains to perform 17 HTTP transactions. The main IP is 2a07:7800::185, located in United Kingdom and belongs to TWENTYI 20i Limited, GB. The main domain is zfwd.co.uk.
TLS certificate: Issued by R11 on October 31st 2024. Valid for: 3 months.

This is the only time zfwd.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

	IP Address	AS Autonomous System
6	2a07:7800::185 2a07:7800::185	48254 (TWENTYI 2...) (TWENTYI 20i Limited)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
5	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.144.197 172.64.144.197	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	193.108.153.27 193.108.153.27	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
1	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
17	8

6 2a07:7800::185 (United Kingdom)

ASN48254 (TWENTYI 20i Limited, GB)

zfwd.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.144.197 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

terminal.jup.ag	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.108.153.27 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a193-108-153-27.deploy.static.akamaitechnologies.com

store.akamai.steamstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	zfwd.co.uk zfwd.co.uk	115 KB
5	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	130 KB
1	gstatic.com fonts.gstatic.com	30 KB
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3370	16 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 847	24 KB
1	steamstatic.com store.akamai.steamstatic.com — Cisco Umbrella Rank: 55637	2 KB
1	jup.ag terminal.jup.ag — Cisco Umbrella Rank: 523218	71 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	969 B
17	8

	Domain	Requested by
6	zfwd.co.uk	zfwd.co.uk
5	cdnjs.cloudflare.com	zfwd.co.uk cdnjs.cloudflare.com
1	fonts.gstatic.com	fonts.googleapis.com
1	stackpath.bootstrapcdn.com	zfwd.co.uk
1	code.jquery.com	zfwd.co.uk
1	store.akamai.steamstatic.com	zfwd.co.uk
1	terminal.jup.ag	zfwd.co.uk
1	fonts.googleapis.com	zfwd.co.uk
17	8

This site contains links to these domains. Also see Links.

Domain
discord.gg
store.steampowered.com
markmozza.com

Subject Issuer	Validity	Valid
*.zfwd.co.uk R11	`2024-10-31` - `2025-01-29`	3 months	crt.sh
upload.video.google.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
jup.ag WE1	`2024-11-06` - `2025-02-04`	3 months	crt.sh
cdn.akamai.steamstatic.com R11	`2024-12-03` - `2025-03-03`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
bootstrapcdn.com WE1	`2024-11-18` - `2025-02-16`	3 months	crt.sh
*.gstatic.com WR2	`2024-12-02` - `2025-02-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://zfwd.co.uk/
Frame ID: 15DB75B8628100F91A4D2331204D16EA
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ZForward

Page URL History Show full URLs

http://zfwd.co.uk/ HTTP 307
https://zfwd.co.uk/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Highlight.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/(?:([\d.])+/)?highlight(?:\.min)?\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

38 %
IPv6

8
Domains

8
Subdomains

8
IPs

4
Countries

388 kB
Transfer

980 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://discord.gg/eVvyjHZYRj
Title: Support

Search URL Search Domain Scan URL

URL: https://store.steampowered.com/app/1934590/The_Visit/

Search URL Search Domain Scan URL

URL: https://markmozza.com/humanoid-basics/
Title: Humanoid Basics

Search URL Search Domain Scan URL

URL: https://markmozza.com/ultimate-parallax/
Title: Ultimate Parallax

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://zfwd.co.uk/ HTTP 307
https://zfwd.co.uk/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
zfwd.co.uk/
Redirect Chain

http://zfwd.co.uk/
https://zfwd.co.uk/

14 KB
4 KB

336ms
222ms

Document
text/html

2a07:7800::185
TWENTYI 20i Limited

General

Check archive.org

Show headers Download Go to

Full URL: https://zfwd.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a07:7800::185 , United Kingdom, ASN48254 (TWENTYI 20i Limited, GB),
Reverse DNS
Software: Apache / PHP/7.4.33
Resource Hash: 18bb92da316c71e89909cb820ca07e6c3d154633bb8a36440a0d430df553dc56

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 21 Dec 2024 16:46:46 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding Accept-Encoding
x-cdn-cache-status: MISS
x-cdn-node-is-at-origin: 1
x-origin-cache-status: MISS
x-powered-by: PHP/7.4.33
x-provided-by: StackCDN
x-via: LHR3

Redirect headers

Location: https://zfwd.co.uk/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
969 B 177ms
62ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Dosis:wght@300;400;700&display=swap

Requested by

Host: zfwd.co.uk
URL: https://zfwd.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

05de664acc57e23cd40f3d34a28db5da5ffa14d12c568f3a4805337b80f3b1ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://zfwd.co.uk/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Sat, 21 Dec 2024 16:46:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 21 Dec 2024 16:46:54 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Sat, 21 Dec 2024 16:46:54 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 style.css
zfwd.co.uk/cms-content/assets/css/ 208 KB
39 KB 139ms
137ms Stylesheet
text/css 2a07:7800::185
TWENTYI 20i Limited

General

Check archive.org

Show headers Download Go to

Full URL: https://zfwd.co.uk/cms-content/assets/css/style.css
Requested by: Host: zfwd.co.uk
URL: https://zfwd.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a07:7800::185 , United Kingdom, ASN48254 (TWENTYI 20i Limited, GB),
Reverse DNS
Software: Apache /
Resource Hash: b9be205e4d4ac7901076a803f93790fd8c8b92d1fdc0e8f18178f724cfd9f6a4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://zfwd.co.uk/

Response headers

x-cdn-node-is-at-origin: 1
content-encoding: gzip
x-via: LHR3
etag: W/"33f8f-5da51ac735900"
x-cdn-cache-status: MISS
access-control-allow-origin: *
date: Sat, 21 Dec 2024 16:46:46 GMT
x-origin-cache-status: MISS
last-modified: Wed, 16 Mar 2022 08:26:44 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding
server: Apache
x-provided-by: StackCDN

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/ 58 KB
11 KB 112ms
65ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/all.min.css

Requested by

Host: zfwd.co.uk
URL: https://zfwd.co.uk/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://zfwd.co.uk
Referer: https://zfwd.co.uk/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5f7b5b5f-e7d0"
age: 1954972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HW2cVwBPgoc0phnZLycVkUGJRv6RWaNDB8evqUSkOzXhwdpxSlXfHatIfPY6UXj9xe9SATjtnPaqA6lIwRT1Oc4IaeubsjjeMIZzoLNeVtPXWx2xL%2F91BpeWrAtFWOoi8IQeE5pE"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 16:46:54 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 21 Dec 2024 16:46:54 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
vary: Accept-Encoding
priority: u=0,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f5959d82a8aeefd-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10491
server: cloudflare

GET
H3 200 main-v3.js Show response
terminal.jup.ag/ 219 KB
71 KB 131ms
71ms Script
application/javascript 172.64.144.197
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://terminal.jup.ag/main-v3.js

Requested by

Host: zfwd.co.uk
URL: https://zfwd.co.uk/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.144.197 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b55887784098703943d0865f55e4cdb903754f481fd2a2de893d09858140a2ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://zfwd.co.uk/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"67387218bd961da87fcfe91d756fd21b"
age: 46165
x-matched-path: /main-v3.js
expires: Sun, 22 Dec 2024 16:46:54 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 21 Dec 2024 16:46:54 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename="main-v3.js"
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=63072000
cache-control: public, max-age=86400
x-vercel-cache: HIT
last-modified: Wed, 04 Dec 2024 03:13:51 GMT
cf-ray: 8f5959d97cf69532-LHR
access-control-allow-origin: *
server: cloudflare
x-vercel-id: iad1::2cb84-1733282031555-ab861a0dbcd7

GET
H3 200 default.min.css
cdnjs.cloudflare.com/ajax/libs/highlight.js/10.7.2/styles/ 763 B
895 B 145ms
98ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.7.2/styles/default.min.css

Requested by

Host: zfwd.co.uk
URL: https://zfwd.co.uk/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3cc36c64ef86bed21592653daac82fd7e4c364c32c8344336aa13f7dbf52c90

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://zfwd.co.uk/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "606a1fee-2fb"
age: 2058926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EdOhYYPFkcDbUKKB6msPXC5%2BGW%2Bu9i9NjnRhuMQGqWaXKVno%2FalOQfdkrItlRSFeCQfnmQW%2Bc%2BhgyRk5HjfCgW6BwP5PfZEnRMGgFVc8gynpKAp%2FtHzjXNFKoJvi00I3bMABFx9j"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 16:46:54 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 21 Dec 2024 16:46:54 GMT
content-type: text/css; charset=utf-8
last-modified: Sun, 04 Apr 2021 20:22:06 GMT
vary: Accept-Encoding
priority: u=0,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f5959d82d19ef41-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 271
server: cloudflare

GET
H3 200 highlight.min.js Show response
cdnjs.cloudflare.com/ajax/libs/highlight.js/10.7.2/ 132 KB
34 KB 102ms
56ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.7.2/highlight.min.js

Requested by

Host: zfwd.co.uk
URL: https://zfwd.co.uk/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c3bb686cf87c692323c53cdc32528edc686417d44700afd32888b39349f18c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://zfwd.co.uk/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "606a1fee-21184"
age: 237383
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h4jjXX81ql8MYe4LtDAfxlhMEsE6lCfAqXYF1nSulxlwdm7xOeQQmCzssoAFWHFnktKFbuSCYrdGCaZ4WeYzmuijEkn5ESCeXt5gHLPvzEBXNBHqMOhsrZhWXK3%2FpH3YwfxYlSM8"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 16:46:54 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 21 Dec 2024 16:46:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 04 Apr 2021 20:22:06 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f5959d82d1def41-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34275
server: cloudflare

GET
H2 200 zforward_small_trans.png
zfwd.co.uk/cms-content/assets/images/ 22 KB
22 KB 50ms
50ms Image
image/png 2a07:7800::185
TWENTYI 20i Limited

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zfwd.co.uk/cms-content/assets/images/zforward_small_trans.png
Requested by: Host: zfwd.co.uk
URL: https://zfwd.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a07:7800::185 , United Kingdom, ASN48254 (TWENTYI 20i Limited, GB),
Reverse DNS
Software: Apache /
Resource Hash: c081f36e29ad8a29fe0ad534af831ad3359245a5db111e7d55aa963036350313

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://zfwd.co.uk/

Response headers

x-via: LHR3
etag: "57ab-5da4250ed9f00"
x-cdn-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 22443
date: Sat, 21 Dec 2024 16:46:46 GMT
x-origin-cache-status: MISS
content-type: image/png
last-modified: Tue, 15 Mar 2022 14:07:24 GMT
server: Apache
x-provided-by: StackCDN
x-cdn-node-is-at-origin: 1

GET
H2 200 zforward_small_256.png
zfwd.co.uk/cms-content/assets/images/ 16 KB
16 KB 137ms
135ms Image
image/png 2a07:7800::185
TWENTYI 20i Limited

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zfwd.co.uk/cms-content/assets/images/zforward_small_256.png
Requested by: Host: zfwd.co.uk
URL: https://zfwd.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a07:7800::185 , United Kingdom, ASN48254 (TWENTYI 20i Limited, GB),
Reverse DNS
Software: Apache /
Resource Hash: a5b728a11b0b6c29bb64101d0962d6a7cb2f7c9f118efff0469a628f2105a69d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://zfwd.co.uk/

Response headers

x-via: LHR3
etag: "3f4d-5da426e5f7680"
x-cdn-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16205
date: Sat, 21 Dec 2024 16:46:46 GMT
x-origin-cache-status: MISS
content-type: image/png
last-modified: Tue, 15 Mar 2022 14:15:38 GMT
server: Apache
x-provided-by: StackCDN
x-cdn-node-is-at-origin: 1

GET
H2 200 visit.png
zfwd.co.uk/cms-content/assets/images/ 33 KB
34 KB 93ms
92ms Image
image/png 2a07:7800::185
TWENTYI 20i Limited

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zfwd.co.uk/cms-content/assets/images/visit.png
Requested by: Host: zfwd.co.uk
URL: https://zfwd.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a07:7800::185 , United Kingdom, ASN48254 (TWENTYI 20i Limited, GB),
Reverse DNS
Software: Apache /
Resource Hash: c4810aef4959ce0da5acf733ebba5f25f47d4dd0cae1d6eb4441ccb20e35eca7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://zfwd.co.uk/

Response headers

x-via: LHR3
etag: "85af-5da517e41c940"
x-cdn-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34223
date: Sat, 21 Dec 2024 16:46:46 GMT
x-origin-cache-status: MISS
content-type: image/png
last-modified: Wed, 16 Mar 2022 08:13:49 GMT
server: Apache
x-provided-by: StackCDN
x-cdn-node-is-at-origin: 1

GET
H/1.1 200
OK logo_steam.svg
store.akamai.steamstatic.com/public/shared/images/header/ 4 KB
2 KB 194ms
55ms Image
image/svg+xml 193.108.153.27
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://store.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Requested by: Host: zfwd.co.uk
URL: https://zfwd.co.uk/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 193.108.153.27 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a193-108-153-27.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://zfwd.co.uk/

Response headers

Content-Encoding: gzip
ETag: "5fb45dbf-e64"
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 1736
Date: Sat, 21 Dec 2024 16:46:54 GMT
Content-Type: image/svg+xml
Last-Modified: Tue, 17 Nov 2020 23:33:19 GMT
Server: nginx
Vary: Accept-Encoding

GET
H2 200 jquery-3.3.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 201ms
58ms Script
application/javascript 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.slim.min.js
Requested by: Host: zfwd.co.uk
URL: https://zfwd.co.uk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://zfwd.co.uk
Referer: https://zfwd.co.uk/

Response headers

content-encoding: gzip
etag: W/"28feccc0-1111d"
age: 1473399
x-cache: HIT, HIT
date: Sat, 21 Dec 2024 16:46:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits: 1, 21681
x-served-by: cache-lga21982-LGA, cache-fra-etou8220101-FRA
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1734799615.994551,VS0,VE0
cross-origin-resource-policy: cross-origin
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 24038
server: nginx

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/ 21 KB
7 KB 55ms
54ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

Requested by

Host: zfwd.co.uk
URL: https://zfwd.co.uk/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://zfwd.co.uk
Referer: https://zfwd.co.uk/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb03fa9-520c"
age: 159346
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B3cyk9R47W8GExHI0tN6u7Rri1Ze0ntulsWzf68Tjp5D%2BZjka21fJfXIcQVUcmq59PDdy4Cx7WL9AyF2W2t30m%2BcclrpD03O%2BjOgItKUIKTsLXvaYbNskg%2FTi4vdjuGM%2F51gNvky"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 16:46:54 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 21 Dec 2024 16:46:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 16:15:37 GMT
vary: Accept-Encoding
priority: u=2,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f5959d91dcbeefd-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6646
server: cloudflare

GET
H3 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/ 59 KB
16 KB 146ms
90ms Script
application/javascript 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js

Requested by

Host: zfwd.co.uk
URL: https://zfwd.co.uk/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://zfwd.co.uk
Referer: https://zfwd.co.uk/

Response headers

cdn-status: 200
content-encoding: br
cf-cache-status: MISS
etag: "6bea60c34c5db6797150610dacdc6bce"
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 21 Dec 2024 16:46:54 GMT
last-modified: Mon, 25 Jan 2021 22:04:10 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-cache: HIT
cdn-cachedat: 12/12/2024 14:46:34
cdn-requestpullcode: 200
priority: u=2,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
timing-allow-origin: *
cdn-requesttime: 0
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 232c31a33ecac95d061962e33e87a579
cross-origin-resource-policy: cross-origin
cdn-pullzone: 252412
cdn-proxyver: 1.07
cf-ray: 8f5959d97a60ef33-LHR
access-control-allow-origin: *
cdn-edgestorageid: 1219
server: cloudflare
cdn-requestcountrycode: FR

GET
H3 200 HhyaU5sn9vOmLzloC_U.woff2
fonts.gstatic.com/s/dosis/v32/ 30 KB
30 KB 118ms
55ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/dosis/v32/HhyaU5sn9vOmLzloC_U.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Dosis:wght@300;400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

0dcac7cabd17a67b5d09d54d506c6ed734516248e9e8552d194b1a5cf16b7722

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://zfwd.co.uk
Referer: https://fonts.googleapis.com/

Response headers

age: 181435
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 19 Dec 2025 14:22:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 19 Dec 2024 14:22:59 GMT
last-modified: Thu, 24 Aug 2023 20:45:32 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30208
x-xss-protection: 0
server: sffe

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/ 77 KB
77 KB 54ms
54ms Font
application/octet-stream 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://zfwd.co.uk
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/all.min.css

Response headers

cf-cdnjs-via: cfworker/kv
cf-cache-status: HIT
etag: "5f7b5b5f-1327c"
age: 159665
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gOZtkL5D2jfXaw%2BSPJplfM7CDmve5Ka1KMgGoCn1fczTvgNO2UbJUuRvrSjBNGmSwWwKgI4ubUjfUf90mPCpUrtKseh%2B%2FcsnXGoGAO1Riy5RO8CJNbBxz%2BPuuYxIz3Fgw93I794p"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 11 Dec 2025 16:46:54 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Sat, 21 Dec 2024 16:46:54 GMT
content-type: application/octet-stream; charset=utf-8
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
vary: Accept-Encoding
priority: u=0,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f5959d92dfaeefd-LHR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 78460
server: cloudflare

GET
H2 200 zforward_small_256.png
zfwd.co.uk/cms-content/assets/images/ 16 KB
0 0ms
0ms Other
image/png 2a07:7800::185
TWENTYI 20i Limited

General

Check archive.org

Show headers Download Go to

Full URL: https://zfwd.co.uk/cms-content/assets/images/zforward_small_256.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a07:7800::185 , United Kingdom, ASN48254 (TWENTYI 20i Limited, GB),
Reverse DNS
Software: Apache /
Resource Hash: a5b728a11b0b6c29bb64101d0962d6a7cb2f7c9f118efff0469a628f2105a69d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://zfwd.co.uk/

Response headers

x-via: LHR3
etag: "3f4d-5da426e5f7680"
x-cdn-cache-status: MISS
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16205
date: Sat, 21 Dec 2024 16:46:46 GMT
x-origin-cache-status: MISS
content-type: image/png
last-modified: Tue, 15 Mar 2022 14:15:38 GMT
server: Apache
x-provided-by: StackCDN
x-cdn-node-is-at-origin: 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.zfwd.co.uk/	1970-01-21 02:03:24	Name: mmc Value: 9dae64c23d58c8d66212501a70e946a4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
stackpath.bootstrapcdn.com
store.akamai.steamstatic.com
terminal.jup.ag
zfwd.co.uk
104.17.24.14
104.18.10.207
142.250.186.35
172.64.144.197
193.108.153.27
2a00:1450:4001:813::200a
2a04:4e42:600::649
2a07:7800::185
05de664acc57e23cd40f3d34a28db5da5ffa14d12c568f3a4805337b80f3b1ab
0dcac7cabd17a67b5d09d54d506c6ed734516248e9e8552d194b1a5cf16b7722
18bb92da316c71e89909cb820ca07e6c3d154633bb8a36440a0d430df553dc56
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
7c3bb686cf87c692323c53cdc32528edc686417d44700afd32888b39349f18c5
a5b728a11b0b6c29bb64101d0962d6a7cb2f7c9f118efff0469a628f2105a69d
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
b55887784098703943d0865f55e4cdb903754f481fd2a2de893d09858140a2ed
b9be205e4d4ac7901076a803f93790fd8c8b92d1fdc0e8f18178f724cfd9f6a4
c081f36e29ad8a29fe0ad534af831ad3359245a5db111e7d55aa963036350313
c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb
c4810aef4959ce0da5acf733ebba5f25f47d4dd0cae1d6eb4441ccb20e35eca7
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1
e3cc36c64ef86bed21592653daac82fd7e4c364c32c8344336aa13f7dbf52c90

zfwd.co.uk Open in urlscan Pro 2a07:7800::185 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

38 %IPv6

8 Domains

8 Subdomains

8 IPs

4 Countries

388 kBTransfer

980 kBSize

1 Cookies

4 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

Indicators

zfwd.co.uk Open in urlscan Pro
2a07:7800::185 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

38 %
IPv6

8
Domains

8
Subdomains

8
IPs

4
Countries

388 kB
Transfer

980 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!