www.safetycovertouse326375645565.click Open in urlscan Pro
103.18.6.220 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.safetycovertouse326375645565.click/
Submission: On May 29 via api (May 29th 2023, 5:03:44 pm UTC) from JP — Scanned from JP

Summary HTTP 30 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 30 HTTP transactions. The main IP is 103.18.6.220, located in Viet Nam and belongs to RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN. The main domain is www.safetycovertouse326375645565.click.
TLS certificate: Issued by R3 on May 29th 2023. Valid for: 3 months.

This is the only time www.safetycovertouse326375645565.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address		AS Autonomous System
23	103.18.6.220 103.18.6.220		131392 (RUNSYSTEM...) (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company)
30	2

23 103.18.6.220 (Viet Nam)

ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN)
PTR: v103-18-6-220.tenten.vn

www.safetycovertouse326375645565.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	safetycovertouse326375645565.click www.safetycovertouse326375645565.click	370 KB
30	1

	Domain	Requested by
23	www.safetycovertouse326375645565.click	www.safetycovertouse326375645565.click
30	1

This site contains no links.

Subject Issuer	Validity	Valid
www.safetycovertouse326375645565.click R3	`2023-05-29` - `2023-08-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.safetycovertouse326375645565.click/
Frame ID: E53CCDB601B2C431D1B5123514F4C5C6
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Account security

Page Statistics

30
Requests

77 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

370 kB
Transfer

675 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.safetycovertouse326375645565.click/	137 KB 27 KB	1159ms 538ms	Document text/html	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / PHP/7.4.33 Resource Hash `bbba9198d2aff6137fdead9897af56ae4368f12d6a7d010c66b594b3ab4df6d9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers access-control-allow-origin * alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-store, no-cache, must-revalidate content-encoding br content-type text/html; charset=UTF-8 date Mon, 29 May 2023 17:03:14 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding x-powered-by PHP/7.4.33
GET H2	200	LBeK2AdVA10.css www.safetycovertouse326375645565.click/Account%20security_files/	13 KB 3 KB	183ms 180ms	Stylesheet text/css	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/LBeK2AdVA10.css Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `57410138a18d0cbaee57fba6123ff563c8d082a77cdf8ba0045c4a598207de05` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 29 May 2023 17:03:14 GMT content-encoding br last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-length 3177 expires Mon, 05 Jun 2023 17:03:14 GMT
GET H2	200	eknh9Re3ab9.css www.safetycovertouse326375645565.click/Account%20security_files/	540 B 267 B	185ms 181ms	Stylesheet text/css	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/eknh9Re3ab9.css Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `7cba0fed839d33a1180cc8f91a8fd112826eb0e2affad756951163c71e3b6064` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 29 May 2023 17:03:14 GMT content-encoding br last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-length 233 expires Mon, 05 Jun 2023 17:03:14 GMT
GET H2	200	ogGTLy0m35N.css www.safetycovertouse326375645565.click/Account%20security_files/	39 KB 8 KB	543ms 540ms	Stylesheet text/css	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/ogGTLy0m35N.css Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `38ae0a204dbb9cc74f7e42bdd23465176da69106da36ca69a7f280ad0f20201e` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 29 May 2023 17:03:14 GMT content-encoding br last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-length 8577 expires Mon, 05 Jun 2023 17:03:14 GMT
GET H2	200	tMCGgMHbEWk.css www.safetycovertouse326375645565.click/Account%20security_files/	18 KB 4 KB	546ms 543ms	Stylesheet text/css	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/tMCGgMHbEWk.css Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `cc390b94dfccaad4c284b9c948b78b4b8fa100a077a503163c0859f20571184c` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 29 May 2023 17:03:14 GMT content-encoding br last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-length 3945 expires Mon, 05 Jun 2023 17:03:14 GMT
GET H2	200	0gtnVJ5rfTK.css www.safetycovertouse326375645565.click/Account%20security_files/	28 KB 8 KB	549ms 545ms	Stylesheet text/css	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/0gtnVJ5rfTK.css Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `48b3fa97a45764e0c2e5c88239f701f739af54658d8499ab2d5ba9b044f79b0f` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 29 May 2023 17:03:14 GMT content-encoding br last-modified Wed, 08 Dec 2021 17:22:48 GMT server LiteSpeed vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-length 7819 expires Mon, 05 Jun 2023 17:03:14 GMT
GET H2	200	3s7j1GL9cZl.js.t%E1%BA%A3i%20xu%E1%BB%91ng Show response www.safetycovertouse326375645565.click/Account%20security_files/	47 KB 47 KB	1081ms 1077ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/3s7j1GL9cZl.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `4d8cccf3526c561bfe36bac0087da7600fec145917ccda36e31512015d9c73e4` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 48454 content-type application/octet-stream
GET H2	200	Gk3ISkHbjNq.js.t%E1%BA%A3i%20xu%E1%BB%91ng Show response www.safetycovertouse326375645565.click/Account%20security_files/	3 KB 3 KB	1443ms 1440ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/Gk3ISkHbjNq.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `c017851895b88f5bd4f459d22d8f081b4dcebc187989831717e4ea616e0571e0` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 3416 content-type application/octet-stream
GET H2	200	W0cYX1tntdY.js.t%E1%BA%A3i%20xu%E1%BB%91ng Show response www.safetycovertouse326375645565.click/Account%20security_files/	38 KB 38 KB	1444ms 1441ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/W0cYX1tntdY.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `7c8e927e8a052d4b5c80bb750b951b1148766ab3cf330586d5368c2273ddaa3e` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 39195 content-type application/octet-stream
GET H2	200	hHHTJ66daSh.js.t%E1%BA%A3i%20xu%E1%BB%91ng Show response www.safetycovertouse326375645565.click/Account%20security_files/	21 KB 21 KB	1444ms 1441ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/hHHTJ66daSh.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `bcaf71e36867ff12bf5af0340d114b33f7ed92ca14b3a8ed11ac583d21e46781` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 21021 content-type application/octet-stream
GET H2	200	wQjEXDzhVd7.js.t%E1%BA%A3i%20xu%E1%BB%91ng Show response www.safetycovertouse326375645565.click/Account%20security_files/	30 KB 30 KB	1445ms 1442ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/wQjEXDzhVd7.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `21c2a8eb713429aa2b8375646d8900e8cdbbd00340a301fe449e0f1ae14262f8` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 30974 content-type application/octet-stream
GET		2jr_tFUjDMy.js.t%E1%BA%A3i%20xu%E1%BB%91ng www.safetycovertouse326375645565.click/Account%20security_files/	0 0

GET		M4WYEDn5b1N.js.t%E1%BA%A3i%20xu%E1%BB%91ng www.safetycovertouse326375645565.click/Account%20security_files/	0 0

GET H2	200	0LOtvn7s0n2.js.t%E1%BA%A3i%20xu%E1%BB%91ng Show response www.safetycovertouse326375645565.click/Account%20security_files/	45 KB 45 KB	1446ms 1443ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/0LOtvn7s0n2.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `bae18e47dcd78f9d1606679d9e117d719e0d95350cf416654ba9f38b906e5323` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 45623 content-type application/octet-stream
GET H2	200	gxlhI1GBV6m.js.t%E1%BA%A3i%20xu%E1%BB%91ng www.safetycovertouse326375645565.click/Account%20security_files/	80 KB 0	1446ms 1444ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/gxlhI1GBV6m.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 84988 content-type application/octet-stream
GET H2	200	cN-N4Eu_deZ.js.t%E1%BA%A3i%20xu%E1%BB%91ng Show response www.safetycovertouse326375645565.click/Account%20security_files/	7 KB 7 KB	1447ms 1444ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/cN-N4Eu_deZ.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `095eceabca5358699a8efc64f4e44b27576d45c2ab864f1f50c3401676f9a827` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 7286 content-type application/octet-stream
GET H2	200	xCNlQDi1ngo.js.t%E1%BA%A3i%20xu%E1%BB%91ng Show response www.safetycovertouse326375645565.click/Account%20security_files/	30 KB 30 KB	1447ms 1444ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/xCNlQDi1ngo.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `08032e0d311d265c7b0d7b8ed45e26c6350179a691a8d33f029b66f928ee81d6` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 30918 content-type application/octet-stream
GET		UMjce8g8u4Z.js.t%E1%BA%A3i%20xu%E1%BB%91ng www.safetycovertouse326375645565.click/Account%20security_files/	0 0

GET H2	200	-7rtbzkhkiz.js.t%E1%BA%A3i%20xu%E1%BB%91ng www.safetycovertouse326375645565.click/Account%20security_files/	26 KB 0	1447ms 1445ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/-7rtbzkhkiz.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 585682 content-type application/octet-stream
GET H2	200	8v0m3wwOBP2.js.t%E1%BA%A3i%20xu%E1%BB%91ng Show response www.safetycovertouse326375645565.click/Account%20security_files/	70 KB 70 KB	1447ms 1445ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/8v0m3wwOBP2.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `0f0fe57e50692ac123af51a59e27ca1505d5879845695acaf252408f79e53238` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 71385 content-type application/octet-stream
GET H2	200	rP8p7Irlvdn.js.t%E1%BA%A3i%20xu%E1%BB%91ng Show response www.safetycovertouse326375645565.click/Account%20security_files/	13 KB 13 KB	1447ms 1445ms	Script application/octet-stream	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/rP8p7Irlvdn.js.t%E1%BA%A3i%20xu%E1%BB%91ng Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `ad71dbec91c3bf9fa25435f33eb961bc091a81c96cec0443f42356822f75a592` Request headers Referer https://www.safetycovertouse326375645565.click/ Origin https://www.safetycovertouse326375645565.click accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * date Mon, 29 May 2023 17:03:14 GMT last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed accept-ranges bytes content-length 13294 content-type application/octet-stream
GET H2	200	translateelement.css www.safetycovertouse326375645565.click/Account%20security_files/	18 KB 3 KB	549ms 547ms	Stylesheet text/css	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/Account%20security_files/translateelement.css Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed` Request headers accept-language jp-JP,jp;q=0.9 Referer https://www.safetycovertouse326375645565.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 29 May 2023 17:03:14 GMT content-encoding br last-modified Sun, 05 Dec 2021 17:24:52 GMT server LiteSpeed vary Accept-Encoding content-type text/css access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-length 3374 expires Mon, 05 Jun 2023 17:03:14 GMT
GET H2	200	meta.png www.safetycovertouse326375645565.click/	0 0	878ms 878ms	Image image/png	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Show image Full URL https://www.safetycovertouse326375645565.click/meta.png Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash Request headers accept-language jp-JP,jp;q=0.9 Referer https://www.safetycovertouse326375645565.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 29 May 2023 17:03:15 GMT last-modified Tue, 11 Oct 2022 17:56:52 GMT server LiteSpeed content-type image/png access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-length 91138 expires Mon, 05 Jun 2023 17:03:15 GMT
GET		OqQDSI5NZpt.js.t%E1%BA%A3i%20xu%E1%BB%91ng www.safetycovertouse326375645565.click/Account%20security_files/	0 0

GET		translate_24dp.png www.safetycovertouse326375645565.click/Account%20security_files/	0 0

POST H2	404	/ www.safetycovertouse326375645565.click/ajax/mtouch_perf_page_load_timings/	0 0	886ms 885ms	Ping text/html	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Full URL https://www.safetycovertouse326375645565.click/ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=1&event=prelude_onload&client_event_time=1685379795.0853&time_from_nav_start_ms=1725&jazoest=22060&previous_event=nav_started&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=4&ram_gb=8&downlink_mb=9.8&effective_connection_type=4g&rtt_ms=0&transmission_method=beacon Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash Request headers accept-language jp-JP,jp;q=0.9 Referer https://www.safetycovertouse326375645565.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers access-control-allow-origin * pragma no-cache date Mon, 29 May 2023 17:03:15 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 server LiteSpeed content-length 1238 content-type text/html
GET H2	200	lock.png www.safetycovertouse326375645565.click/	4 KB 4 KB	13055ms 13054ms	Image image/png	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Show image Full URL https://www.safetycovertouse326375645565.click/lock.png Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `703fd6652f10d4c9d587e28c10855652fad663c5504d5341e93eec96274bfe61` Request headers accept-language jp-JP,jp;q=0.9 Referer https://www.safetycovertouse326375645565.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 29 May 2023 17:03:24 GMT last-modified Wed, 12 Apr 2023 18:54:52 GMT server LiteSpeed content-type image/png access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-length 3734 expires Mon, 05 Jun 2023 17:03:24 GMT
GET H2	200	icons.png www.safetycovertouse326375645565.click/	8 KB 8 KB	13046ms 13045ms	Image image/png	103.18.6.220 RUNSYSTEM-AS-VN G...
General Check archive.org Show headers Download Go to Show image Full URL https://www.safetycovertouse326375645565.click/icons.png Requested by Host: www.safetycovertouse326375645565.click URL: https://www.safetycovertouse326375645565.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 103.18.6.220 , Viet Nam, ASN131392 (RUNSYSTEM-AS-VN GMO-Z.com Runsystem Joint Stock Company, VN), Reverse DNS v103-18-6-220.tenten.vn Software LiteSpeed / Resource Hash `5c9598c52ea130472e3041027ac8cc35501bc199421462e1b528c0fc18ae59c3` Request headers accept-language jp-JP,jp;q=0.9 Referer https://www.safetycovertouse326375645565.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 29 May 2023 17:03:24 GMT last-modified Wed, 08 Dec 2021 18:02:18 GMT server LiteSpeed content-type image/png access-control-allow-origin * cache-control public, max-age=604800 accept-ranges bytes content-length 7901 expires Mon, 05 Jun 2023 17:03:24 GMT
POST		/ www.safetycovertouse326375645565.click/ajax/mtouch_perf_page_load_timings/	0 0

POST		/ www.safetycovertouse326375645565.click/ajax/mtouch_perf_page_load_timings/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.safetycovertouse326375645565.click
URL: https://www.safetycovertouse326375645565.click/Account%20security_files/2jr_tFUjDMy.js.t%E1%BA%A3i%20xu%E1%BB%91ng

Domain: www.safetycovertouse326375645565.click
URL: https://www.safetycovertouse326375645565.click/Account%20security_files/M4WYEDn5b1N.js.t%E1%BA%A3i%20xu%E1%BB%91ng

Domain: www.safetycovertouse326375645565.click
URL: https://www.safetycovertouse326375645565.click/Account%20security_files/UMjce8g8u4Z.js.t%E1%BA%A3i%20xu%E1%BB%91ng

Domain: www.safetycovertouse326375645565.click
URL: https://www.safetycovertouse326375645565.click/Account%20security_files/OqQDSI5NZpt.js.t%E1%BA%A3i%20xu%E1%BB%91ng

Domain: www.safetycovertouse326375645565.click
URL: https://www.safetycovertouse326375645565.click/Account%20security_files/translate_24dp.png

Domain: www.safetycovertouse326375645565.click
URL: https://www.safetycovertouse326375645565.click/ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=2&event=first_paint&client_event_time=1685379795.0997&time_from_nav_start_ms=1739&jazoest=22060&previous_event=prelude_onload&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=4&ram_gb=8&downlink_mb=9.8&effective_connection_type=4g&rtt_ms=0&transmission_method=beacon

Domain: www.safetycovertouse326375645565.click
URL: https://www.safetycovertouse326375645565.click/ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=3&event=jewels_visible&client_event_time=1685379795.0997&time_from_nav_start_ms=1739&jazoest=22060&previous_event=first_paint&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=4&ram_gb=8&downlink_mb=9.8&effective_connection_type=4g&rtt_ms=0&transmission_method=beacon

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.safetycovertouse326375645565.click/	1969-12-31 23:59:59	Name: PHPSESSID Value: edbff037b9cfdb3a19721bca235d2cf4

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.safetycovertouse326375645565.click/ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=1&event=prelude_onload&client_event_time=1685379795.0853&time_from_nav_start_ms=1725&jazoest=22060&previous_event=nav_started&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=4&ram_gb=8&downlink_mb=9.8&effective_connection_type=4g&rtt_ms=0&transmission_method=beacon Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.safetycovertouse326375645565.click
www.safetycovertouse326375645565.click
103.18.6.220
08032e0d311d265c7b0d7b8ed45e26c6350179a691a8d33f029b66f928ee81d6
095eceabca5358699a8efc64f4e44b27576d45c2ab864f1f50c3401676f9a827
0f0fe57e50692ac123af51a59e27ca1505d5879845695acaf252408f79e53238
21c2a8eb713429aa2b8375646d8900e8cdbbd00340a301fe449e0f1ae14262f8
38ae0a204dbb9cc74f7e42bdd23465176da69106da36ca69a7f280ad0f20201e
48b3fa97a45764e0c2e5c88239f701f739af54658d8499ab2d5ba9b044f79b0f
4d8cccf3526c561bfe36bac0087da7600fec145917ccda36e31512015d9c73e4
57410138a18d0cbaee57fba6123ff563c8d082a77cdf8ba0045c4a598207de05
5c9598c52ea130472e3041027ac8cc35501bc199421462e1b528c0fc18ae59c3
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
703fd6652f10d4c9d587e28c10855652fad663c5504d5341e93eec96274bfe61
7c8e927e8a052d4b5c80bb750b951b1148766ab3cf330586d5368c2273ddaa3e
7cba0fed839d33a1180cc8f91a8fd112826eb0e2affad756951163c71e3b6064
ad71dbec91c3bf9fa25435f33eb961bc091a81c96cec0443f42356822f75a592
bae18e47dcd78f9d1606679d9e117d719e0d95350cf416654ba9f38b906e5323
bbba9198d2aff6137fdead9897af56ae4368f12d6a7d010c66b594b3ab4df6d9
bcaf71e36867ff12bf5af0340d114b33f7ed92ca14b3a8ed11ac583d21e46781
c017851895b88f5bd4f459d22d8f081b4dcebc187989831717e4ea616e0571e0
cc390b94dfccaad4c284b9c948b78b4b8fa100a077a503163c0859f20571184c

www.safetycovertouse326375645565.click Open in urlscan Pro 103.18.6.220 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

30 Requests

77 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

370 kBTransfer

675 kBSize

1 Cookies

0 Outgoing links

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

www.safetycovertouse326375645565.click Open in urlscan Pro
103.18.6.220 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

77 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

370 kB
Transfer

675 kB
Size

1
Cookies

30 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!