ch-m.zaful.com Open in urlscan Pro
18.173.154.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://payrevcosolutiosn.com/
Effective URL:
https://ch-m.zaful.com/?lkid=82742416&subid=2895370d&cid=WrvAYxHMsUsdTkuhVVGA9O
Submission: On September 09 via api (September 9th 2023, 8:31:51 am UTC) from GB — Scanned from CH

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 7 HTTP transactions. The main IP is 18.173.154.3, located in and belongs to . The main domain is ch-m.zaful.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on June 10th 2023. Valid for: a year.

This is the only time ch-m.zaful.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	81.17.29.148 81.17.29.148	51852 (PLI-AS) (PLI-AS)
2	3.228.195.94 3.228.195.94	14618 (AMAZON-AES) (AMAZON-AES)
2	172.67.137.106 172.67.137.106	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	172.67.178.173 172.67.178.173	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	132.148.232.95 132.148.232.95	398101 (GO-DADDY-...) (GO-DADDY-COM-LLC)
1 1	108.138.36.115 108.138.36.115	16509 (AMAZON-02) (AMAZON-02)
1 1	18.173.187.67 18.173.187.67	16509 (AMAZON-02) (AMAZON-02)
1	18.173.154.3 18.173.154.3	() ()
7	5

1 81.17.29.148 (Zurich, Switzerland) 1 redirects

ASN51852 (PLI-AS, PA)

payrevcosolutiosn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.228.195.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-228-195-94.compute-1.amazonaws.com

phraa-lby.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.137.106 (United States)

ASN13335 (CLOUDFLARENET, US)

778108.popularcldfa.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.178.173 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

769971.moveyourdesk.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 132.148.232.95 (United States) 1 redirects

ASN398101 (GO-DADDY-COM-LLC, US)
PTR: 95.232.148.132.host.secureserver.net

safewarns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.36.115 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-115.muc50.r.cloudfront.net

www.zaful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.187.67 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-67.muc50.r.cloudfront.net

m.zaful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.154.3 (None, )

ASN- ()

ch-m.zaful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	zaful.com 2 redirects www.zaful.com — Cisco Umbrella Rank: 776831 m.zaful.com ch-m.zaful.com	559 B
2	safewarns.com 1 redirects safewarns.com	508 B
2	moveyourdesk.co 1 redirects 769971.moveyourdesk.co	1 KB
2	popularcldfa.co 778108.popularcldfa.co	11 KB
2	phraa-lby.com phraa-lby.com — Cisco Umbrella Rank: 174422	4 KB
1	payrevcosolutiosn.com 1 redirects payrevcosolutiosn.com	493 B
7	6

	Domain	Requested by
2	safewarns.com	1 redirects
2	769971.moveyourdesk.co	1 redirects
2	778108.popularcldfa.co	phraa-lby.com
2	phraa-lby.com	phraa-lby.com
1	ch-m.zaful.com
1	m.zaful.com	1 redirects
1	www.zaful.com	1 redirects
1	payrevcosolutiosn.com	1 redirects
7	8

This site contains no links.

Subject Issuer	Validity	Valid
popularcldfa.co E1	`2023-07-13` - `2023-10-11`	3 months	crt.sh
moveyourdesk.co GTS CA 1P5	`2023-07-12` - `2023-10-10`	3 months	crt.sh
safewarns.com cPanel, Inc. Certification Authority	`2023-08-15` - `2023-11-13`	3 months	crt.sh
*.zaful.com Amazon RSA 2048 M02	`2023-06-10` - `2024-07-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ch-m.zaful.com/?lkid=82742416&subid=2895370d&cid=WrvAYxHMsUsdTkuhVVGA9O
Frame ID: F669ADDBD296F2F7F4BEE66F11FB4F8C
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://payrevcosolutiosn.com/ HTTP 302
http://phraa-lby.com/zclkvisitor/4f0f54f1-4eeb-11ee-96c3-12b515afc2eb/72092e88-2c53-401c-b988-51e... Page URL
http://phraa-lby.com/zclkredirect?visitid=4f0f54f1-4eeb-11ee-96c3-12b515afc2eb&type=js&browserWid... Page URL
https://778108.popularcldfa.co/bdv_rd.dbm?ownid=3c4k5jabae-gfg-zkzk&enparms2=1831%2C2068473%2C3881910%2C178... Page URL
https://778108.popularcldfa.co/bdv_rd3.dbm?frdto=778108 Page URL
https://769971.moveyourdesk.co/bdvfrd.dbm?gten=68747470732533412532462532463736393937312e6d6f7665796f757264... Page URL
https://769971.moveyourdesk.co/yardr.dbm?subid=7f28bde61eaab8de80e166745b862bb5&ccd=CH&type=I-B-mnotp-mmk-I... HTTP 302
https://safewarns.com/reviews/zaful.php?sgt=PmGZCsDlTrUsdKsldtnWHG2d3Bmer7pg9H2pSWeZBLpWXdfZFL5-YY... Page URL
https://safewarns.com/reviews/zaful.php HTTP 302
https://www.zaful.com/?lkid=82659175&subid=7f28bde61eaab8de80e166745b862bb5 HTTP 302
https://m.zaful.com/?lkid=82659175&subid=7f28bde61eaab8de80e166745b862bb5 HTTP 301
https://ch-m.zaful.com/?lkid=82742416&subid=2895370d&cid=WrvAYxHMsUsdTkuhVVGA9O Page URL

Page Statistics

7
Requests

71 %
HTTPS

0 %
IPv6

6
Domains

8
Subdomains

5
IPs

2
Countries

16 kB
Transfer

173 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://payrevcosolutiosn.com/ HTTP 302
http://phraa-lby.com/zclkvisitor/4f0f54f1-4eeb-11ee-96c3-12b515afc2eb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=4f1bd814-4eeb-11ee-96c3-12b515afc2eb Page URL
http://phraa-lby.com/zclkredirect?visitid=4f0f54f1-4eeb-11ee-96c3-12b515afc2eb&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false Page URL
https://778108.popularcldfa.co/bdv_rd.dbm?ownid=3c4k5jabae-gfg-zkzk&enparms2=1831%2C2068473%2C3881910%2C1782%2C1797%2C18081%2C1819%2C0%2C0%2C1786%2C0%2C2073426%2C778108%2C84925%2C129993099889%2C116470254%2Cnlx.mhlrgfolhlxevibzk&u_agnt=34e31726fbc7d351f736b6911f8960c6&skter=nzxh%20hmlrgfolhlxevibzk%2Chmlrgfolh%20lxevi%20bzk%2Chmlrgfolhhlxevibzk%2Chmlrgfolhlxevibzk%2Cmhlrgfolhlxevibzk&czero=-1&cstate=mvoozt%20gpmzh&skwdb=MLI&ccntry=SX&cctid=109&chsh=7f28bde61eaab8de80e166745b862bb5&rn=303031364540&cf=24&dlt=0&da=414426&pbi=0&exids=&frdto=778108 Page URL
https://778108.popularcldfa.co/bdv_rd3.dbm?frdto=778108 Page URL
https://769971.moveyourdesk.co/bdvfrd.dbm?gten=68747470732533412532462532463736393937312e6d6f7665796f75726465736b2e636f25324679617264722e64626d25334673756269642533443766323862646536316561616238646538306531363637343562383632626235253236636364253344434825323674797065253344492d422d6d6e6f74702d6d6d6b2d492d434849312d492d434849322d492d422d43484942542d4d4d4b253236646c74253344302532366c63696425334432303636363932&sgntmp=N2V8XXMON7qvdaExP5FMO8Ru2Dp0gOmlhLRaR%2ByLnk%2FQQioH8dSrjW9phiFjSf%2FnT%2BoFhlbcQnRZB9bBavUAb01hM7PzcJFCGjC7C5ae%2BuxiCiL%2FK2JPZlFkgwCzNmBHtp0INnNTl00MuL7LzHBXVDzPx1EGJg%3D%3D&subid=7f28bde61eaab8de80e166745b862bb5&ccd=CH&type=I-B-mnotp-mmk-I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692&prn=ci6bc60e5e1e4d77bc65594343908ef33e&bm=1 Page URL
https://769971.moveyourdesk.co/yardr.dbm?subid=7f28bde61eaab8de80e166745b862bb5&ccd=CH&type=I-B-mnotp-mmk-I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692 HTTP 302
https://safewarns.com/reviews/zaful.php?sgt=PmGZCsDlTrUsdKsldtnWHG2d3Bmer7pg9H2pSWeZBLpWXdfZFL5-YYIS4zGb&subid=7f28bde61eaab8de80e166745b862bb5&mk=1 Page URL
https://safewarns.com/reviews/zaful.php HTTP 302
https://www.zaful.com/?lkid=82659175&subid=7f28bde61eaab8de80e166745b862bb5 HTTP 302
https://m.zaful.com/?lkid=82659175&subid=7f28bde61eaab8de80e166745b862bb5 HTTP 301
https://ch-m.zaful.com/?lkid=82742416&subid=2895370d&cid=WrvAYxHMsUsdTkuhVVGA9O Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://payrevcosolutiosn.com/ HTTP 302
http://phraa-lby.com/zclkvisitor/4f0f54f1-4eeb-11ee-96c3-12b515afc2eb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=4f1bd814-4eeb-11ee-96c3-12b515afc2eb

Request Chain 5

https://769971.moveyourdesk.co/yardr.dbm?subid=7f28bde61eaab8de80e166745b862bb5&ccd=CH&type=I-B-mnotp-mmk-I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692 HTTP 302
https://safewarns.com/reviews/zaful.php?sgt=PmGZCsDlTrUsdKsldtnWHG2d3Bmer7pg9H2pSWeZBLpWXdfZFL5-YYIS4zGb&subid=7f28bde61eaab8de80e166745b862bb5&mk=1

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200

72092e88-2c53-401c-b988-51ef43ce1034 Show response
phraa-lby.com/zclkvisitor/4f0f54f1-4eeb-11ee-96c3-12b515afc2eb/
Redirect Chain

http://payrevcosolutiosn.com/
http://phraa-lby.com/zclkvisitor/4f0f54f1-4eeb-11ee-96c3-12b515afc2eb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=4f1bd814-4eeb-11ee-96c3-12b515afc2eb

1 KB
2 KB

794ms
771ms

Document
text/html

3.228.195.94
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

http://phraa-lby.com/zclkvisitor/4f0f54f1-4eeb-11ee-96c3-12b515afc2eb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=4f1bd814-4eeb-11ee-96c3-12b515afc2eb

Protocol

HTTP/1.1

Server

3.228.195.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-228-195-94.compute-1.amazonaws.com

Software

BNOmyfQw /

Resource Hash

a37d1c8df5857a92b8775a3dd1ff26d1d99b9ce3eb770344107fbb3cc6f7e875

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: de-CH,de;q=0.9

Response headers

Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
Date: Sat, 09 Sep 2023 08:31:45 GMT
Server: BNOmyfQw
Transfer-Encoding: chunked
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'

Redirect headers

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sat, 09 Sep 2023 08:31:44 GMT
location: http://phraa-lby.com/zclkvisitor/4f0f54f1-4eeb-11ee-96c3-12b515afc2eb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=4f1bd814-4eeb-11ee-96c3-12b515afc2eb
server: nginx

GET
H/1.1 200 zclkredirect
phraa-lby.com/ 1 KB
2 KB 225ms
225ms Document
text/html 3.228.195.94
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

http://phraa-lby.com/zclkredirect?visitid=4f0f54f1-4eeb-11ee-96c3-12b515afc2eb&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false

Requested by

Host: phraa-lby.com
URL: http://phraa-lby.com/zclkvisitor/4f0f54f1-4eeb-11ee-96c3-12b515afc2eb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=4f1bd814-4eeb-11ee-96c3-12b515afc2eb

Protocol

HTTP/1.1

Server

3.228.195.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-228-195-94.compute-1.amazonaws.com

Software

mPiYQUvW /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer: http://phraa-lby.com/zclkvisitor/4f0f54f1-4eeb-11ee-96c3-12b515afc2eb/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=4f1bd814-4eeb-11ee-96c3-12b515afc2eb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: de-CH,de;q=0.9

Response headers

Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
Date: Sat, 09 Sep 2023 08:31:46 GMT
Server: mPiYQUvW
Transfer-Encoding: chunked
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
redirected: JS
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'

GET
H2 200 bdv_rd.dbm Show response
778108.popularcldfa.co/ 40 KB
10 KB 758ms
198ms Document
text/html 172.67.137.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://778108.popularcldfa.co/bdv_rd.dbm?ownid=3c4k5jabae-gfg-zkzk&enparms2=1831%2C2068473%2C3881910%2C1782%2C1797%2C18081%2C1819%2C0%2C0%2C1786%2C0%2C2073426%2C778108%2C84925%2C129993099889%2C116470254%2Cnlx.mhlrgfolhlxevibzk&u_agnt=34e31726fbc7d351f736b6911f8960c6&skter=nzxh%20hmlrgfolhlxevibzk%2Chmlrgfolh%20lxevi%20bzk%2Chmlrgfolhhlxevibzk%2Chmlrgfolhlxevibzk%2Cmhlrgfolhlxevibzk&czero=-1&cstate=mvoozt%20gpmzh&skwdb=MLI&ccntry=SX&cctid=109&chsh=7f28bde61eaab8de80e166745b862bb5&rn=303031364540&cf=24&dlt=0&da=414426&pbi=0&exids=&frdto=778108
Requested by: Host: phraa-lby.com
URL: http://phraa-lby.com/zclkredirect?visitid=4f0f54f1-4eeb-11ee-96c3-12b515afc2eb&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.137.106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f815a7332b8d27e02a7c7f3345b9600f2ce27c4d44844d03b2099a00ac46f28

Request headers

Referer: http://phraa-lby.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: de-CH,de;q=0.9

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 803e13adf891d646-CDG
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 09 Sep 2023 08:31:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hHP%2FW5MWVh%2B6XrVEJOllT%2Brh8WYUK7hOMxXeIQisVEMK5nMb01h94DkSUSOfxLFClEbVpMxejxwHNa5i3nVseB0Glf%2FuosDOpLgmDkqFDMeajZl8bPpMxfzHz%2Bd%2Bt68lzXHRNtQO4E28"}],"group":"cf-nel","max_age":604800}
server: cloudflare

POST
H2 200 bdv_rd3.dbm
778108.popularcldfa.co/ 3 KB
1 KB 154ms
153ms Document
text/html 172.67.137.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://778108.popularcldfa.co/bdv_rd3.dbm?frdto=778108
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.137.106 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://778108.popularcldfa.co
Referer: https://778108.popularcldfa.co/bdv_rd.dbm?ownid=3c4k5jabae-gfg-zkzk&enparms2=1831%2C2068473%2C3881910%2C1782%2C1797%2C18081%2C1819%2C0%2C0%2C1786%2C0%2C2073426%2C778108%2C84925%2C129993099889%2C116470254%2Cnlx.mhlrgfolhlxevibzk&u_agnt=34e31726fbc7d351f736b6911f8960c6&skter=nzxh%20hmlrgfolhlxevibzk%2Chmlrgfolh%20lxevi%20bzk%2Chmlrgfolhhlxevibzk%2Chmlrgfolhlxevibzk%2Cmhlrgfolhlxevibzk&czero=-1&cstate=mvoozt%20gpmzh&skwdb=MLI&ccntry=SX&cctid=109&chsh=7f28bde61eaab8de80e166745b862bb5&rn=303031364540&cf=24&dlt=0&da=414426&pbi=0&exids=&frdto=778108
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 803e13b07ae4d646-CDG
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 09 Sep 2023 08:31:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fg9j4YUUqVMlwkvpWN0b6hg9ON5uVY2RRuqwAoKApCyPAR4xMnxmKpHYIBhpVtETUcOlLW7xs3OVQvpEaUBBCqn14X%2B7r2k38J5%2F6TrzDPyNPysNBLONQixgbCOyq8qeBCv8SzYkrUYY"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 bdvfrd.dbm Show response
769971.moveyourdesk.co/ 498 B
842 B 1011ms
227ms Document
text/html 172.67.178.173
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://769971.moveyourdesk.co/bdvfrd.dbm?gten=68747470732533412532462532463736393937312e6d6f7665796f75726465736b2e636f25324679617264722e64626d25334673756269642533443766323862646536316561616238646538306531363637343562383632626235253236636364253344434825323674797065253344492d422d6d6e6f74702d6d6d6b2d492d434849312d492d434849322d492d422d43484942542d4d4d4b253236646c74253344302532366c63696425334432303636363932&sgntmp=N2V8XXMON7qvdaExP5FMO8Ru2Dp0gOmlhLRaR%2ByLnk%2FQQioH8dSrjW9phiFjSf%2FnT%2BoFhlbcQnRZB9bBavUAb01hM7PzcJFCGjC7C5ae%2BuxiCiL%2FK2JPZlFkgwCzNmBHtp0INnNTl00MuL7LzHBXVDzPx1EGJg%3D%3D&subid=7f28bde61eaab8de80e166745b862bb5&ccd=CH&type=I-B-mnotp-mmk-I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692&prn=ci6bc60e5e1e4d77bc65594343908ef33e&bm=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.178.173 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2dcc92654c77039c268c37c743ed129c229b40b6a4b6c29554bb539cc7fece9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: de-CH,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 803e13b6cbc00e0b-MXP
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 09 Sep 2023 08:31:48 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2MYiQOHDvbBnMOP1caoOgoi8xr31jC4d7jAKlsNjH845RbOZMqOW3k4U0Tt1sH%2Bbz1%2BWVRrPOrNs5a22YsoAKNh6wQfJx1rpxDps%2B2FMC84TAVYDoi6amSW%2BgXO7RfHtrcgxxn2wUbhA"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2

200

zaful.php Show response
safewarns.com/reviews/
Redirect Chain

https://769971.moveyourdesk.co/yardr.dbm?subid=7f28bde61eaab8de80e166745b862bb5&ccd=CH&type=I-B-mnotp-mmk-I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692
https://safewarns.com/reviews/zaful.php?sgt=PmGZCsDlTrUsdKsldtnWHG2d3Bmer7pg9H2pSWeZBLpWXdfZFL5-YYIS4zGb&subid=7f28bde61eaab8de80e166745b862bb5&mk=1

190 B
353 B

768ms
243ms

Document
text/html

132.148.232.95
GO-DADDY-COM-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://safewarns.com/reviews/zaful.php?sgt=PmGZCsDlTrUsdKsldtnWHG2d3Bmer7pg9H2pSWeZBLpWXdfZFL5-YYIS4zGb&subid=7f28bde61eaab8de80e166745b862bb5&mk=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 132.148.232.95 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS: 95.232.148.132.host.secureserver.net
Software: Apache / PHP/7.4.33
Resource Hash: 12368831f07831701c1e9a5a88869d504c16408cca1e6a5baec2e495fc0a30c9

Request headers

Referer: https://769971.moveyourdesk.co/bdvfrd.dbm?gten=68747470732533412532462532463736393937312e6d6f7665796f75726465736b2e636f25324679617264722e64626d25334673756269642533443766323862646536316561616238646538306531363637343562383632626235253236636364253344434825323674797065253344492d422d6d6e6f74702d6d6d6b2d492d434849312d492d434849322d492d422d43484942542d4d4d4b253236646c74253344302532366c63696425334432303636363932&sgntmp=N2V8XXMON7qvdaExP5FMO8Ru2Dp0gOmlhLRaR%2ByLnk%2FQQioH8dSrjW9phiFjSf%2FnT%2BoFhlbcQnRZB9bBavUAb01hM7PzcJFCGjC7C5ae%2BuxiCiL%2FK2JPZlFkgwCzNmBHtp0INnNTl00MuL7LzHBXVDzPx1EGJg%3D%3D&subid=7f28bde61eaab8de80e166745b862bb5&ccd=CH&type=I-B-mnotp-mmk-I-CHI1-I-CHI2-I-B-CHIBT-MMK&dlt=0&lcid=2066692&prn=ci6bc60e5e1e4d77bc65594343908ef33e&bm=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: de-CH,de;q=0.9

Response headers

content-encoding: br
content-length: 125
content-type: text/html; charset=UTF-8
date: Sat, 09 Sep 2023 08:31:49 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 803e13b81db50e0b-MXP
content-type: text/html; charset=UTF-8
date: Sat, 09 Sep 2023 08:31:48 GMT
location: https://safewarns.com/reviews/zaful.php?sgt=PmGZCsDlTrUsdKsldtnWHG2d3Bmer7pg9H2pSWeZBLpWXdfZFL5-YYIS4zGb&subid=7f28bde61eaab8de80e166745b862bb5&mk=1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bTK2ry7VEmjSoUrZYZfbzC0yvegplpVEiZ6kbMgjl%2FQ1uWMoHxDrbnRHnRcZT7GxsY5GI0dwdIMGT4uImhppbB7W1ChUEuSjjt47n0WIODTzReZHyJ3XCVLKpnrrvvSDsiFh%2Fzd8fXnN"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2

200

Primary Request /
ch-m.zaful.com/
Redirect Chain

https://safewarns.com/reviews/zaful.php
https://www.zaful.com/?lkid=82659175&subid=7f28bde61eaab8de80e166745b862bb5
https://m.zaful.com/?lkid=82659175&subid=7f28bde61eaab8de80e166745b862bb5
https://ch-m.zaful.com/?lkid=82742416&subid=2895370d&cid=WrvAYxHMsUsdTkuhVVGA9O

127 KB
0

500ms
120ms

Document
text/html

18.173.154.3

General

Check archive.org

Show headers Download Go to

Full URL: https://ch-m.zaful.com/?lkid=82742416&subid=2895370d&cid=WrvAYxHMsUsdTkuhVVGA9O
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.154.3 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://safewarns.com/reviews/zaful.php?sgt=PmGZCsDlTrUsdKsldtnWHG2d3Bmer7pg9H2pSWeZBLpWXdfZFL5-YYIS4zGb&subid=7f28bde61eaab8de80e166745b862bb5&mk=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language: de-CH,de;q=0.9

Response headers

age: 1780
cache-control: max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 09 Sep 2023 08:02:11 GMT
etag: W/"16ed9924504387a07b2530352457c3c6"
expires: Sat, 09 Sep 2023 09:02:11 GMT
last-modified: Fri, 08 Sep 2023 07:56:30 GMT
via: 1.1 fe6d656eba9969a63bb94889f81e9bf8.cloudfront.net (CloudFront)
x-amz-cf-id: wph6W-fJdYb5S306UEqgNaMUu2Ns-x9pdUUUzHgYzOsqaOAwjco6nw==
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront

Redirect headers

age: 86889
content-length: 216
content-type: text/html
date: Fri, 08 Sep 2023 08:23:41 GMT
location: https://ch-m.zaful.com/?lkid=82742416&subid=2895370d&cid=WrvAYxHMsUsdTkuhVVGA9O
via: 1.1 42dac3d09c367576dbfe5b6113ecddce.cloudfront.net (CloudFront)
x-amz-cf-id: ahrPmymCIEltEJJF4w3QLDiy_XQun-ecTiFA6WB1KNJxqpHTw7QhpA==
x-amz-cf-pop: MUC50-P4
x-cache: Hit from cloudfront

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
safewarns.com/reviews	1970-01-20 14:37:28	Name: subid Value: 7f28bde61eaab8de80e166745b862bb5
safewarns.com/reviews	1970-01-20 14:37:28	Name: mk Value: 1
.payrevcosolutiosn.com/	1970-01-21 00:13:28	Name: sid Value: 4efd9580-4eeb-11ee-a99a-e094a988235a
778108.popularcldfa.co/	1970-01-20 14:37:28	Name: ci6bc60e5e1e4d77bc65594343908ef33e Value: 1694248362
778108.popularcldfa.co/	1970-01-20 14:37:28	Name: ci6bc60e5e1e4d77bc65594343908ef33e_js Value: 1694248367038
778108.popularcldfa.co/	1970-01-20 14:38:47	Name: CF24-1eb82657754e73ddf6420c8ce1f1116f7 Value: 1694327502

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

769971.moveyourdesk.co
778108.popularcldfa.co
ch-m.zaful.com
m.zaful.com
payrevcosolutiosn.com
phraa-lby.com
safewarns.com
www.zaful.com
108.138.36.115
132.148.232.95
172.67.137.106
172.67.178.173
18.173.154.3
18.173.187.67
3.228.195.94
81.17.29.148
12368831f07831701c1e9a5a88869d504c16408cca1e6a5baec2e495fc0a30c9
5f815a7332b8d27e02a7c7f3345b9600f2ce27c4d44844d03b2099a00ac46f28
a37d1c8df5857a92b8775a3dd1ff26d1d99b9ce3eb770344107fbb3cc6f7e875
d2dcc92654c77039c268c37c743ed129c229b40b6a4b6c29554bb539cc7fece9

ch-m.zaful.com Open in urlscan Pro 18.173.154.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

7 Requests

71 %HTTPS

0 %IPv6

6 Domains

8 Subdomains

5 IPs

2 Countries

16 kBTransfer

173 kBSize

6 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

6 Cookies

Security Headers

Indicators

ch-m.zaful.com Open in urlscan Pro
18.173.154.3 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

0 %
IPv6

6
Domains

8
Subdomains

5
IPs

2
Countries

16 kB
Transfer

173 kB
Size

6
Cookies

7 HTTP transactions
0 data transactions