w0wtimegolands.com
Open in
urlscan Pro
167.235.104.44
Public Scan
Submitted URL: http://biroky.store/click?key=f7b7216b702ebf5e37e3&visitor_id=846548378950316104&cost=0.000051&zoneid=7044012&campai...
Effective URL: https://w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/?clickid=u2zi2x&trackingid=cr0pl92vrftc7384kveg&affclicki...
Submission: On August 18 via api from US — Scanned from DE
Effective URL: https://w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/?clickid=u2zi2x&trackingid=cr0pl92vrftc7384kveg&affclicki...
Submission: On August 18 via api from US — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 6 domains to perform 17 HTTP transactions.
The main IP is 167.235.104.44, located in
Bühl, Germany and
belongs to HETZNER-AS, DE.
The main domain is w0wtimegolands.com.
TLS certificate: Issued by R11 on July 6th 2024. Valid for: 3 months.
This is the only time w0wtimegolands.com was scanned on urlscan.io!
TLS certificate: Issued by R11 on July 6th 2024. Valid for: 3 months.
This is the only time w0wtimegolands.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 172.67.168.60 172.67.168.60 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 1 | 172.67.202.87 172.67.202.87 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 16 | 167.235.104.44 167.235.104.44 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 1 | 2a04:4e42::649 2a04:4e42::649 | 54113 (FASTLY) (FASTLY) | |
| 1 | 2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
| 17 | 3 |
16
167.235.104.44
(Bühl, Germany)
ASN24940 (HETZNER-AS, DE)
PTR: static.44.104.235.167.clients.your-server.de
ASN24940 (HETZNER-AS, DE)
PTR: static.44.104.235.167.clients.your-server.de
| w0wtimegolands.com |
1
2a03:2880:f083:100:face:b00c:0:3
(Frankfurt am Main, Germany)
ASN32934 (FACEBOOK, US)
ASN32934 (FACEBOOK, US)
| connect.facebook.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 16 |
w0wtimegolands.com
1 redirects
w0wtimegolands.com |
98 KB |
| 1 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236 |
60 KB |
| 1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211 |
31 KB |
| 1 |
trankingo.com
1 redirects
trankingo.com |
573 B |
| 1 |
wabotot.com
1 redirects
wabotot.com |
794 B |
| 1 |
biroky.store
1 redirects
biroky.store |
783 B |
| 17 | 6 |
| Domain | Requested by | |
|---|---|---|
| 16 | w0wtimegolands.com |
1 redirects
w0wtimegolands.com
code.jquery.com |
| 1 | connect.facebook.net |
w0wtimegolands.com
|
| 1 | code.jquery.com |
w0wtimegolands.com
|
| 1 | trankingo.com | 1 redirects |
| 1 | wabotot.com | 1 redirects |
| 1 | biroky.store | 1 redirects |
| 17 | 6 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| ps.w0wtime.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.w0wtimegolands.com R11 |
2024-07-06 - 2024-10-04 |
3 months | crt.sh |
| *.jquery.com Sectigo ECC Domain Validation Secure Server CA |
2024-06-25 - 2025-06-25 |
a year | crt.sh |
| *.facebook.com DigiCert SHA2 High Assurance Server CA |
2024-05-27 - 2024-08-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/?clickid=u2zi2x&trackingid=cr0pl92vrftc7384kveg&affclickid=cr0pp0dabvlc73d7orj0&sub1=4&sub4={sub_3}&sub5={sub_4}&ssid={sub_6}
Frame ID: 92D19CE35170307CE20280D22CE1CC40
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Wow TimePage URL History Show full URLs
-
http://biroky.store/click?key=f7b7216b702ebf5e37e3&visitor_id=846548378950316104&cost=0.000051&z...
HTTP 307
https://biroky.store/click?key=f7b7216b702ebf5e37e3&visitor_id=846548378950316104&cost=0.000051&z... HTTP 307
https://wabotot.com/click?key=4f1d935637a7063fffda&partnerid=3&clickid=cr0pp0dabvlc73d7orj0&pubi... HTTP 307
https://trankingo.com/?utm_campaign=180&bclickid=cr0pl92vrftc7384kveg&pclickid=cr0pp0dabvlc73d7orj... HTTP 302
https://w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/?clickid=u2zi2x&trackingid=cr0pl92vrftc73... HTTP 302
https://w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/?clickid=u2zi2x&trackingid=cr0pl92vrf... Page URL
Detected technologies
Facebook
(Widgets)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: https://ps.w0wtime.com/?code=nk3J4h5V3D
Title: استمر
Title: استمر
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://biroky.store/click?key=f7b7216b702ebf5e37e3&visitor_id=846548378950316104&cost=0.000051&zoneid=7044012&campaignid=8439651&device=desktop&browser=chrome&os=windows&osversion=win10&country=ps&language=en&isp=palestine%20telecommunications%20company%20paltel&user_activity=low&click_id=%7Bclick_id%7D
HTTP 307
https://biroky.store/click?key=f7b7216b702ebf5e37e3&visitor_id=846548378950316104&cost=0.000051&zoneid=7044012&campaignid=8439651&device=desktop&browser=chrome&os=windows&osversion=win10&country=ps&language=en&isp=palestine%20telecommunications%20company%20paltel&user_activity=low&click_id=%7Bclick_id%7D HTTP 307
https://wabotot.com/click?key=4f1d935637a7063fffda&partnerid=3&clickid=cr0pp0dabvlc73d7orj0&pubid=4&sourceid=17&sub1=7044012&sub2={sub_2}&sub3={sub_3}&sub4={sub_4}&sub5={sub_5}&sub6={sub_6} HTTP 307
https://trankingo.com/?utm_campaign=180&bclickid=cr0pl92vrftc7384kveg&pclickid=cr0pp0dabvlc73d7orj0&partnerid=3&pubid=4&sourceid=17&sub1=7044012&sub2={sub_2}&sub3={sub_3}&sub4={sub_4}&sub5={sub_5}&sub6={sub_6}&os_name=Linux HTTP 302
https://w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/?clickid=u2zi2x&trackingid=cr0pl92vrftc7384kveg&affclickid=cr0pp0dabvlc73d7orj0&sub1=4&sub4={sub_3}&sub5={sub_4}&ssid={sub_6} HTTP 302
https://w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/?clickid=u2zi2x&trackingid=cr0pl92vrftc7384kveg&affclickid=cr0pp0dabvlc73d7orj0&sub1=4&sub4={sub_3}&sub5={sub_4}&ssid={sub_6} Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/css/ |
15 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
getUrlParams.min.js
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/js/ |
385 B 578 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.svg
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/img/ |
339 B 523 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
back.svg
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/img/ |
699 B 883 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
nbb.min.js
w0wtimegolands.com/scripts/ |
696 B 889 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.maskedinput.js
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/js/ |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
events.js
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/js/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.min.js
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/js/ |
607 B 800 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ajax-support.min.js
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ajax.js
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/js/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
225 KB 60 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bg.png
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/img/ |
50 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wowlogo.png
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
api.php
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/analytics/ |
83 B 175 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.png
w0wtimegolands.com/htu/general/ps/wsx/lp1-2_tr_hlmnot/web/img/ |
642 B 822 B |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| getAllUrlParams string| sub5 function| fbq function| _fbq function| newLand function| $ function| jQuery function| sendEvents function| handleEvents object| textCount object| box object| footer6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| biroky.store/ | Name: uclick Value: nO/ZlAsJOok1hLehPGCYsAhDkCQ97K+QGVrKXPFstKZZIcsG7+xxYxBgPgtE3dieZ0wQEuo= |
|
| biroky.store/ | Name: bcid Value: cr0pp0dabvlc73d7orj0 |
|
| biroky.store/ | Name: cid Value: cr0pp0dabvlc73d7orj0 |
|
| wabotot.com/ | Name: uclick Value: mrWNxVZVb4g137ChbWCYvksACDjeXQzeUgEApUK7965tF3hQiyji8UUD2X+nfHfh1zUAnug= |
|
| wabotot.com/ | Name: bcid Value: cr0pl92vrftc7384kveg |
|
| wabotot.com/ | Name: cid Value: cr0pl92vrftc7384kveg |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
biroky.store
code.jquery.com
connect.facebook.net
trankingo.com
w0wtimegolands.com
wabotot.com
167.235.104.44
172.67.168.60
172.67.202.87
2a03:2880:f083:100:face:b00c:0:3
2a04:4e42::649
2a06:98c1:3121::3
034869bc9aadf8aae6c99c220f10c5436f8d8ca7acd07ff63f58c8421f9744ce
03754ecb3ea316daf3188c9831ed21ae25daf1e38c28cfcc6ecb0a13464e7a18
43d8c3c67081a758b5845cf8683065c7b9c317be9f118e99fd4ec084a343487c
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
5c1517d1846be360fbca95f89ecea79f0ee972b5019add51c915f9eebeb807cf
8021c83ec0beb15ed36bb869014c8bd451bedb1187664ce3e9e191bf76ce670c
94c2583a5aa84ffa0042b9b3c81f027497e8d8c81562d57af2c4d9444891dc67
a4ca1a54a710a7ade14dc4b2ecfb270d0fbfe01fb868decbf3e6a453f340e1ee
b683dbc4c6c16119b8bc0fb46c65ae500aaca228785c7e53db9fa98359f138dd
bb5662d901437eb59ecdd762c69e471a43db7ef7d0b1734475e124b827d2bae5
d13d54aeb3dd936822255d48abcdca7c73ec3e61148e386344263ca430c240a3
ec800dd5d5780c0ba4efc6fd6ccf7a9cad06ba8689f063c89b44cf75ce2224d1
efd93713e724f757f828e040126e5efb58899f28c8b2417b3ae6abe665c39de4
f476a9ebcb4aceebd15c00dfc1373c64e761acfd75b25cff82b5e76b40f8bfda
f8caf23df5a3b869393eeb1081b2385063b759853c40b51cbd631aae485544d7
fa77fd852f908cff2bb36c6b4046573d78310754b365ce6c0394fdf715cbde7d
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e