form.safeloom.com Open in urlscan Pro
151.139.128.11 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://form.safeloom.com/
Submission: On July 31 via automatic, source certstream-suspicious (July 31st 2020, 7:32:44 am UTC)

Summary HTTP 10 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 151.139.128.11, located in Dallas, United States and belongs to HIGHWINDS3, US. The main domain is form.safeloom.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 31st 2020. Valid for: 3 months.

This is the only time form.safeloom.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:81f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
10	3

8 151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

form.safeloom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	safeloom.com form.safeloom.com	230 KB
1	gstatic.com fonts.gstatic.com	10 KB
1	googleapis.com fonts.googleapis.com	540 B
10	3

	Domain	Requested by
8	form.safeloom.com	form.safeloom.com
1	fonts.gstatic.com	form.safeloom.com
1	fonts.googleapis.com	form.safeloom.com
10	3

This site contains links to these domains. Also see Links.

Domain
www.safeloom.com

Subject Issuer	Validity	Valid
form.safeloom.com Let's Encrypt Authority X3	`2020-07-31` - `2020-10-29`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://form.safeloom.com/
Frame ID: 844C16D958F7645A6E856B28EA65E69D
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

10
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

240 kB
Transfer

629 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.safeloom.com/
Title: Return to Safeloom website

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
form.safeloom.com/ 1 KB
684 B 888ms
769ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://form.safeloom.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Render /

Resource Hash

23895896d1db15eb84eadbc0d87071c3404f0ad2eaed9836ed4115996be6f25a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: form.safeloom.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 31 Jul 2020 07:32:25 GMT
accept-ranges: bytes
content-encoding: br
content-length: 431
content-type: text/html; charset=utf-8
x-hw: 1596180745.cds027.pa1.hn,1596180745.cds215.pa1.sc,1596180745.cds215.pa1.p
cache-control: public, max-age=0, s-maxage=604800
etag: "1f981944900b8dd5a4609b4e4e45726d"
server: Render
x-content-type-options: nosniff
last-modified: Thu, 30 Jul 2020 13:23:38 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
540 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:81f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Sen:wght@400;700&display=swap

Requested by

Host: form.safeloom.com
URL: https://form.safeloom.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e382529c386da72a98cf0be19e9b5539ddbaeea389cef11f1d2f327fcb15ac54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://form.safeloom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 31 Jul 2020 07:32:25 GMT
server: ESF
date: Fri, 31 Jul 2020 07:32:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 31 Jul 2020 07:32:25 GMT

GET
H2 200 vendor.1ce6d89b.css
form.safeloom.com/css/ 193 KB
34 KB 920ms
919ms Stylesheet
text/css 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://form.safeloom.com/css/vendor.1ce6d89b.css

Requested by

Host: form.safeloom.com
URL: https://form.safeloom.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Render /

Resource Hash

54b4360f028d5d6829d47c84a3172d005daea794147a0fa891bd3bd5ff076e35

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://form.safeloom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 07:32:26 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 30 Jul 2020 13:23:38 GMT
server: Render
etag: "63d2f12dc9d4da77edaa341ea117ae7f"
x-hw: 1596180745.cds027.pa1.hn,1596180745.cds013.pa1.sc,1596180746.cds013.pa1.p
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-length: 34911

GET
H2 200 app.271200ee.css
form.safeloom.com/css/ 32 B
183 B 870ms
869ms Stylesheet
text/css 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://form.safeloom.com/css/app.271200ee.css

Requested by

Host: form.safeloom.com
URL: https://form.safeloom.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Render /

Resource Hash

f706a9ee4422fa9f15f774f7fb782ca7249c294a04767eec9ecfb3d3207ef672

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://form.safeloom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 07:32:26 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 30 Jul 2020 13:23:38 GMT
server: Render
etag: "13a9376735b8de84bd83ede2efafd490"
x-hw: 1596180745.cds027.pa1.hn,1596180745.cds201.pa1.sc,1596180746.cds201.pa1.p
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-length: 26

GET
H2 200 vendor.6cd928b5.js Show response
form.safeloom.com/js/ 335 KB
111 KB 1289ms
1288ms Script
text/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://form.safeloom.com/js/vendor.6cd928b5.js

Requested by

Host: form.safeloom.com
URL: https://form.safeloom.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Render /

Resource Hash

d31ccdb1f99ccab82b7e827022f508400942c1c2884593a763fef73ac297f12a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://form.safeloom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 07:32:27 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 30 Jul 2020 13:23:38 GMT
server: Render
etag: "58d3547db564905d522e06e9552c9c37"
x-hw: 1596180745.cds027.pa1.hn,1596180745.cds023.pa1.sc,1596180747.cds023.pa1.p
content-type: text/javascript; charset=utf-8
status: 200
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-length: 113322

GET
H2 200 app.94e93e41.js Show response
form.safeloom.com/js/ 8 KB
3 KB 789ms
788ms Script
text/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://form.safeloom.com/js/app.94e93e41.js

Requested by

Host: form.safeloom.com
URL: https://form.safeloom.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Render /

Resource Hash

c915cd8318321cd341927f31983ef6fcac57d822dcceeafb32f32d0b954b4844

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://form.safeloom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 07:32:26 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 30 Jul 2020 13:23:38 GMT
server: Render
etag: "f96077074dde64d4652344a056a9149d"
x-hw: 1596180745.cds027.pa1.hn,1596180745.cds210.pa1.sc,1596180746.cds210.pa1.p
content-type: text/javascript; charset=utf-8
status: 200
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-length: 2760

GET
H2 200 2.f672df76.js Show response
form.safeloom.com/js/ 1 KB
798 B 779ms
778ms Script
text/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://form.safeloom.com/js/2.f672df76.js

Requested by

Host: form.safeloom.com
URL: https://form.safeloom.com/js/app.94e93e41.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Render /

Resource Hash

a4f5375cec854c9132ff7a7d9a5a92d17a44bc4d2335bcba80b3d60b838fd0d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://form.safeloom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 07:32:27 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 30 Jul 2020 13:23:38 GMT
server: Render
etag: "6b50d4fb9633ec08ec0952aa67f0b452"
x-hw: 1596180747.cds027.pa1.hn,1596180747.cds022.pa1.sc,1596180747.cds022.pa1.p
content-type: text/javascript; charset=utf-8
status: 200
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-length: 659

GET
H2 200 5.34dae967.js Show response
form.safeloom.com/js/ 837 B
586 B 826ms
826ms Script
text/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://form.safeloom.com/js/5.34dae967.js

Requested by

Host: form.safeloom.com
URL: https://form.safeloom.com/js/app.94e93e41.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Render /

Resource Hash

c6439e4b5842b05021d76cb61b2965b0c006d3d22174cc1d7ff5f2721b619d53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://form.safeloom.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 31 Jul 2020 07:32:27 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 30 Jul 2020 13:23:38 GMT
server: Render
etag: "0d2ad29ed9a70e0d8bda38629d4a1e45"
x-hw: 1596180747.cds027.pa1.hn,1596180747.cds001.pa1.sc,1596180747.cds001.pa1.p
content-type: text/javascript; charset=utf-8
status: 200
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-length: 447

GET
H2 200 6xKjdSxYI9_3nPWNAGn5LA.woff2
fonts.gstatic.com/s/sen/v2/ 10 KB
10 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sen/v2/6xKjdSxYI9_3nPWNAGn5LA.woff2

Requested by

Host: form.safeloom.com
URL: https://form.safeloom.com/js/vendor.6cd928b5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

165ec2e19d2faa9e3562a32cd4e82e03ab835c7ebd6e7a66b589d6687b5fb3d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://fonts.googleapis.com/css2?family=Sen:wght@400;700&display=swap
Origin: https://form.safeloom.com

Response headers

date: Mon, 27 Jul 2020 11:16:03 GMT
x-content-type-options: nosniff
last-modified: Thu, 23 Jul 2020 19:43:44 GMT
server: sffe
age: 332185
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10108
x-xss-protection: 0
expires: Tue, 27 Jul 2021 11:16:03 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.2987c5cc.woff2
form.safeloom.com/fonts/ 79 KB
79 KB 855ms
854ms Font
font/woff2 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://form.safeloom.com/fonts/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.2987c5cc.woff2

Requested by

Host: form.safeloom.com
URL: https://form.safeloom.com/js/vendor.6cd928b5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Render /

Resource Hash

056a60b6cf1f53937846037ffe4002264a99a5e810b4d74738258f667eda4096

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://form.safeloom.com/css/vendor.1ce6d89b.css
Origin: https://form.safeloom.com

Response headers

date: Fri, 31 Jul 2020 07:32:28 GMT
x-content-type-options: nosniff
last-modified: Thu, 30 Jul 2020 13:23:38 GMT
server: Render
etag: "945837e0b4566b601ce571159eb59e07"
x-hw: 1596180748.cds027.pa1.hn,1596180748.cds006.pa1.sc,1596180748.cds006.pa1.p
content-type: font/woff2
status: 200
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
content-length: 81040

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackJsonp

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
form.safeloom.com
151.139.128.11
2a00:1450:4001:818::2003
2a00:1450:4001:81f::200a
056a60b6cf1f53937846037ffe4002264a99a5e810b4d74738258f667eda4096
165ec2e19d2faa9e3562a32cd4e82e03ab835c7ebd6e7a66b589d6687b5fb3d7
23895896d1db15eb84eadbc0d87071c3404f0ad2eaed9836ed4115996be6f25a
54b4360f028d5d6829d47c84a3172d005daea794147a0fa891bd3bd5ff076e35
a4f5375cec854c9132ff7a7d9a5a92d17a44bc4d2335bcba80b3d60b838fd0d5
c6439e4b5842b05021d76cb61b2965b0c006d3d22174cc1d7ff5f2721b619d53
c915cd8318321cd341927f31983ef6fcac57d822dcceeafb32f32d0b954b4844
d31ccdb1f99ccab82b7e827022f508400942c1c2884593a763fef73ac297f12a
e382529c386da72a98cf0be19e9b5539ddbaeea389cef11f1d2f327fcb15ac54
f706a9ee4422fa9f15f774f7fb782ca7249c294a04767eec9ecfb3d3207ef672

form.safeloom.com Open in urlscan Pro 151.139.128.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

240 kBTransfer

629 kBSize

0 Cookies

1 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

form.safeloom.com Open in urlscan Pro
151.139.128.11 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

240 kB
Transfer

629 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions