urlscan.io logo urlscan.io
SecurityTrails logo

ewo-whatsapp.xyz Open in urlscan Pro
2606:4700:3037::ac43:c421  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ltowuwy.top/ad/?l=id&x=1
Effective URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Submission Tags: falconsandbox
Submission: On December 27 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 12 domains to perform 23 HTTP transactions. The main IP is 2606:4700:3037::ac43:c421, located in United States and belongs to CLOUDFLARENET, US. The main domain is ewo-whatsapp.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 8th 2020. Valid for: a year.
This is the only time ewo-whatsapp.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 185.66.200.220 201702 (SKHOSTING-EU)
5 151.101.12.193 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:303... 13335 (CLOUDFLAR...)
2 103.235.46.191 55967 (BAIDU Bei...)
1 2a00:1450:400... 15169 (GOOGLE)
23 12
1    2606:4700:3036::681c:102b (United States)

ASN13335 (CLOUDFLARENET, US)
ltowuwy.top
1    2606:4700:3037::ac43:c421 (United States)

ASN13335 (CLOUDFLARENET, US)
ewo-whatsapp.xyz
1    2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
1.bp.blogspot.com
4    2606:4700:3035::6818:6daf (United States)

ASN13335 (CLOUDFLARENET, US)
lb.href.style
1    2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    185.66.200.220 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.220.skhosting.eu
uprimp.com
5    151.101.12.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
i.imgur.com
2    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
encrypted-tbn0.gstatic.com
www.google-analytics.com
2    2606:4700:3032::6812:3818 (United States)

ASN13335 (CLOUDFLARENET, US)
ajax.googlescdn.com
2    103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com
1    2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
5 i.imgur.com ewo-whatsapp.xyz
4 lb.href.style ewo-whatsapp.xyz
2 www.google-analytics.com www.googletagmanager.com
2 hm.baidu.com ewo-whatsapp.xyz
2 ajax.googlescdn.com ewo-whatsapp.xyz
2 uprimp.com ewo-whatsapp.xyz
uprimp.com
1 encrypted-tbn0.gstatic.com ewo-whatsapp.xyz
1 www.googletagmanager.com ewo-whatsapp.xyz
1 1.bp.blogspot.com ewo-whatsapp.xyz
1 ajax.googleapis.com ewo-whatsapp.xyz
1 ewo-whatsapp.xyz ltowuwy.top
1 ltowuwy.top
23 12

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-12-22 -
2021-12-21		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
misc-sni.blogspot.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
uprimp.com
R3		 2020-12-15 -
2021-03-15		 3 months crt.sh
*.imgur.com
DigiCert SHA2 Secure Server CA		 2020-01-15 -
2022-03-16		 2 years crt.sh
*.gstatic.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
baidu.com
GlobalSign Organization Validation CA - SHA256 - G2		 2020-10-20 -
2021-07-26		 9 months crt.sh

This page contains 2 frames:

Primary Page: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Frame ID: C2B2BA403EA6095A46B295C4ED953F4B
Requests: 22 HTTP requests in this frame

Frame: https://uprimp.com/bnr_xload.php?section=General&pub=518855&format=300x50&ga=g&xt=160907842993061&xtt=7590493
Frame ID: 46A3D83FE1A4787BC8E8B619E13D16C7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://ltowuwy.top/ad/?l=id&x=1 Page URL
  2. https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • html /<(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com\/(?:v|embed)/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /([\d.]+)\/dojo\/dojo(?:\.xd)?\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

23
Requests

100 %
HTTPS

75 %
IPv6

12
Domains

12
Subdomains

12
IPs

4
Countries

435 kB
Transfer

622 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ltowuwy.top/ad/?l=id&x=1 Page URL
  2. https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ltowuwy.top/ad/ 		851 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ltowuwy.top/ad/?l=id&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681c:102b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71296727e81ba33fd6d10f984f18b23ea8d28b3db8d2668d53390fd5f8716426

Request headers

:method
GET
:authority
ltowuwy.top
:scheme
https
:path
/ad/?l=id&x=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
content-type
text/html;charset=UTF-8
set-cookie
__cfduid=d7231e705cf1fdb13c9f854b29eedcfab1609078429; expires=Tue, 26-Jan-21 14:13:49 GMT; path=/; domain=.ltowuwy.top; HttpOnly; SameSite=Lax; Secure
vary
Accept-Encoding
access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-request-id
0746256e7f00002c2abf23e000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TaY%2Bz%2F%2B7ELoD2imkTRJW9aohOCohskfWgi8wPMVKVxe%2Bt24bXBuyY1SLJwBNcJpY777WavfGGRkNmfEkVPCA0OoWRI%2FKV7mnq23Zuf7bn12QyCkTH9g4vg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6083a4f73f9d2c2a-FRA
content-encoding
br
Primary Request l.php
ewo-whatsapp.xyz/ad/ 		20 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Requested by
Host: ltowuwy.top
URL: https://ltowuwy.top/ad/?l=id&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:c421 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8dad5a450ce7dda3d0454a289345ff7d9dc4b4dc95ec4a2408f8f693528e2892

Request headers

:method
GET
:authority
ewo-whatsapp.xyz
:scheme
https
:path
/ad/l.php?l=en&x=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://ltowuwy.top/ad/?l=id&x=1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://ltowuwy.top/ad/?l=id&x=1

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
content-type
text/html;charset=UTF-8
set-cookie
__cfduid=d1390f62576bbcaa94591e474e5175a591609078429; expires=Tue, 26-Jan-21 14:13:49 GMT; path=/; domain=.ewo-whatsapp.xyz; HttpOnly; SameSite=Lax; Secure
vary
Accept-Encoding
access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-request-id
0746256ed9000016ea6b397000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=of75Jzqb6EJd7gHIYkCe45linUMza%2FQyNN9busLleN9OtH4K06JeTpm2Aa2VVno%2BPqzZ5HZYRc7Yp2ZNWwrv5oHwunnqSZOjyn%2BYq%2FpeoQjWMdieyYgop3YT5lNx"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6083a4f7ce1316ea-FRA
content-encoding
br
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 26 Dec 2020 15:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
81658
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33593
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 26 Dec 2021 15:32:51 GMT
kfc_n.jpg
1.bp.blogspot.com/-s8Zeu2rrHps/X-Vg3asdESI/AAAAAAAAAlA/joNSWjR9VVEYTdbSDwLZDrNIYseCJghHwCLcBGAsYHQ/ 		114 KB
114 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://1.bp.blogspot.com/-s8Zeu2rrHps/X-Vg3asdESI/AAAAAAAAAlA/joNSWjR9VVEYTdbSDwLZDrNIYseCJghHwCLcBGAsYHQ/kfc_n.jpg
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
59368d4dc5b045d7b8b0b8b9d84962556d803ab9fb7a58483bd90d12cdb009a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 10:35:09 GMT
x-content-type-options
nosniff
age
13120
content-disposition
inline;filename="kfc_n.jpg"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116724
x-xss-protection
0
server
fife
etag
"v252"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 26 Dec 2020 06:45:04 GMT
adidas.css
lb.href.style/ad/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lb.href.style/ad/adidas.css?8888112311
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6818:6daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af536edc872886836c5caa7df0ee38bcc42a3a15124aaf113688e11c95672896

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
24598
cf-polished
origSize=15175
cf-bgj
minify
cf-request-id
0746256f2f0000c2bdb70fb000000001
last-modified
Mon, 30 Nov 2020 08:11:28 GMT
server
cloudflare
etag
W/"5fc4a930-3b47"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6qYRLbyYW129iMA1GG8%2Bl5NAHuCf8oUSK3UjwcF%2Bfe3KXdzrWwKu0PeBijnYOelu9p1PyLJ9zrVt8oBS28F7eCvpPR7ORKJz%2BLEwklbBItxzx8eIo2%2FKa4TQ"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
6083a4f84e09c2bd-FRA
expires
Sun, 27 Dec 2020 19:23:51 GMT
js
www.googletagmanager.com/gtag/ 		133 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-GPBVHMC0B7
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ed8ba732b1743bab4214e766fe868a5e329374321a6a551f40720b3f12b2b0ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52298
x-xss-protection
0
expires
Sun, 27 Dec 2020 14:13:49 GMT
giphy.gif
lb.href.style/ad/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lb.href.style/ad/giphy.gif?8888112311
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6818:6daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62347ea947399d485373491b46da5463873758e016c8d9f861a6375e2f6a225b

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2089682
content-length
3531
cf-request-id
0746256f2f0000c2bd36be3000000001
last-modified
Mon, 30 Nov 2020 08:11:28 GMT
server
cloudflare
etag
"5fc4a930-dcb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ECT8ckTfakWpopHuWckvBR7zqzERlYXIDjtDGq6dAon%2FdMhtegLKqFgKTJTvJO0R8F97VtBsHOWWhBuhBOA8Oi7OVCNwFhpOrbbh7xjgpIhhrVxJQMeXklqD"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6083a4f84e0bc2bd-FRA
expires
Sat, 02 Jan 2021 09:45:47 GMT
icon.png
lb.href.style/ad/ 		140 KB
140 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lb.href.style/ad/icon.png
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6818:6daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25cd093ab8fb3c22c583193d839dc41e601db3ca60318565e70fe08bd558ecf9

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
952275
content-length
143298
cf-request-id
0746256f300000c2bdaeb09000000001
last-modified
Mon, 30 Nov 2020 08:11:28 GMT
server
cloudflare
etag
"5fc4a930-22fc2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=j5mwM02P7LSdWH9lHDWndep4NWEWJfYjiFBuVMQN78Z2PV6bBucvETSS6A8LYymZ1jtGqsZoilF8a1Yc2r5o1CFV9BUtadu%2B433cr8qJ%2FKs1V8ReJmtDdYi4"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
6083a4f84e0dc2bd-FRA
expires
Fri, 15 Jan 2021 13:42:34 GMT
bnr.php
uprimp.com/ 		372 B
626 B 		Script
General
Check archive.org
Download Go to
Full URL
https://uprimp.com/bnr.php?section=General&pub=518855&format=300x50&ga=g
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.200.220 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.220.skhosting.eu
Software
nginx /
Resource Hash
d5e90bc51c9e8f8b42a43689354cc05f088b092f6b857bf3cdb16246973c3fef

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 27 Dec 2020 14:13:49 GMT
last-modified
Sun, 27 Dec 2020 14:13:49 GMT
server
nginx
content-type
application/javascript
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-robots-tag
noindex, nofollow, noarchive, nosnippet
expires
Sun, 27 Dec 2020 14:13:49 GMT
gVT1lvV.jpg
i.imgur.com/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/gVT1lvV.jpg
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
63ae306b0ecc11b34ddb01b5e6b4472704391560a2f5ef483819ac9301b95f75
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
x-content-type-options
nosniff
age
9008631
x-cache
HIT, HIT
content-length
5139
x-served-by
cache-bwi5146-BWI, cache-fra19171-FRA
last-modified
Mon, 20 Apr 2020 23:57:39 GMT
server
cat factory 1.0
x-timer
S1609078430.508089,VS0,VE0
etag
"eb78590959399b4ef747ad624cab71bb"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 671
pruRrLG.jpg
i.imgur.com/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/pruRrLG.jpg
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
d3948d1e943e42d0b1f282856a144b7fa06161bdeaeaa3616828b36d6e63d4ec
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
x-content-type-options
nosniff
age
11304748
x-cache
HIT, HIT
content-length
4264
x-served-by
cache-bwi5123-BWI, cache-fra19171-FRA
last-modified
Mon, 20 Apr 2020 23:57:40 GMT
server
cat factory 1.0
x-timer
S1609078430.508360,VS0,VE0
etag
"fe9a0b838dc9a652adc001f26e095121"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 9
9BVpvoE.jpg
i.imgur.com/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/9BVpvoE.jpg
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
b7305eddc86d8712838ab6fbf40eda1e55c33b6647f9f1f23ebf61ba8f1bda6b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
x-content-type-options
nosniff
age
9353774
x-cache
HIT, HIT
content-length
5516
x-served-by
cache-bwi5122-BWI, cache-fra19171-FRA
last-modified
Mon, 20 Apr 2020 23:57:40 GMT
server
cat factory 1.0
x-timer
S1609078430.508677,VS0,VE0
etag
"65a56fcb67f29f6966acecbbeaf22465"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 9
8tl1B3q.jpg
i.imgur.com/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/8tl1B3q.jpg
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
e3d9790279f053a39e37f7fb04bdebda41f4f78d2fbf0b988cadf0d9e97dc8b9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
x-content-type-options
nosniff
age
11077687
x-cache
HIT, HIT
content-length
4631
x-served-by
cache-bwi5142-BWI, cache-fra19171-FRA
last-modified
Mon, 20 Apr 2020 23:57:40 GMT
server
cat factory 1.0
x-timer
S1609078430.508662,VS0,VE0
etag
"5f9471dddb3818cc5551929d753e870d"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 657
5tpZiak.jpg
i.imgur.com/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/5tpZiak.jpg
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
e2ef2d03532e76f643bb5ba3fe2ec629a0ac01ce01031cf9f7af8fba3cb30c4e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
x-content-type-options
nosniff
age
5728762
x-cache
HIT, HIT
content-length
4812
x-served-by
cache-bwi5145-BWI, cache-fra19171-FRA
last-modified
Mon, 20 Apr 2020 23:57:40 GMT
server
cat factory 1.0
x-timer
S1609078430.508850,VS0,VE0
etag
"9c43cc528fc0b556ebb0a7dd1329cd7b"
access-control-allow-methods
GET, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 8
images
encrypted-tbn0.gstatic.com/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://encrypted-tbn0.gstatic.com/images?q=tbn%3AANd9GcQUm_y5QkxoStG_q3Mj7etbBMJZZ7WQr6Vzxw&usqp=CAU
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb125dc7a7266fcfcdc852da31d2fd6a94966e07dcd06f75e8aedfc8312a1c2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 05 Nov 2017 07:24:31 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36732
x-xss-protection
0
expires
Mon, 27 Dec 2021 14:13:49 GMT
adidas.js
lb.href.style/ad/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lb.href.style/ad/adidas.js?8888112311
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6818:6daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a567d45342507f8fac03ed4e517606f2a8c51537c54c5f11a94c785bc4d7cb0e

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
24598
cf-polished
origSize=12699
cf-bgj
minify
cf-request-id
0746256f350000c2bdd19fb000000001
last-modified
Thu, 03 Dec 2020 07:45:13 GMT
server
cloudflare
etag
W/"5fc89789-319b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xp4w4on9j5kipNH6YTCLHHNgETNk28n0f8k5PW7KgTuN1yMCtNeP1bJBEIGV5%2BbI1e7qcQIOoq2oKYrTtQq7vn6oyGWedzNjw4oxfao%2BYJAobH%2BYTfGIjrl2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6083a4f85e17c2bd-FRA
expires
Sun, 27 Dec 2020 19:23:51 GMT
js
ajax.googlescdn.com/gtag/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googlescdn.com/gtag/js
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6812:3818 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c0578f890fafff082ee4894d6a863bd6818124927b47f5ab70ac2ce84140bbb

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zp2J7BnxGeDsyqSbUi2s3OP%2BFGeCunn3Abuwi7jCSL4gyxMcyjvVtXICQQdONtPxQxpEh9VAgea1q%2Fk8BHjJyvzcPj3jgvyeVyZAOvIVuv6ONdEY6FvLM5auWg8Sj7l0"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
cache-control
public, no-cache
z-server
10.132.0.2
cf-ray
6083a4f8a8664a9d-FRA
cf-request-id
0746256f6700004a9d0d980000000001
bnr_xload.php
uprimp.com/ Frame 46A3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://uprimp.com/bnr_xload.php?section=General&pub=518855&format=300x50&ga=g&xt=160907842993061&xtt=7590493
Requested by
Host: uprimp.com
URL: https://uprimp.com/bnr.php?section=General&pub=518855&format=300x50&ga=g
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.66.200.220 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.200.220.skhosting.eu
Software
nginx /
Resource Hash

Request headers

:method
GET
:authority
uprimp.com
:scheme
https
:path
/bnr_xload.php?section=General&pub=518855&format=300x50&ga=g&xt=160907842993061&xtt=7590493
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1

Response headers

server
nginx
date
Sun, 27 Dec 2020 14:13:49 GMT
content-type
text/html; charset=UTF-8
expires
Sun, 27 Dec 2020 14:13:49 GMT
last-modified
Sun, 27 Dec 2020 14:13:49 GMT
cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
pragma
no-cache
x-robots-tag
noindex, nofollow, noarchive, nosnippet
dojo.js
ajax.googlescdn.com/ajax/libs/dojo/1.13.1/dojo/ 		0
318 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googlescdn.com/ajax/libs/dojo/1.13.1/dojo/dojo.js?1609079
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6812:3818 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 27 Dec 2020 14:13:49 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vxMoZ0HPh0af9OX2yYQEGEbrZhPnQ5F5nysf%2B22O7xu5y3uPnGgPFnU2J7WpXUdn9mBWAPls0SAnAIDe7rpuDyVa8lwiqD7FieKleFZIrZEOXZj20ZBazVsMaS5iKwEP"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
max-age=14400
z-server
10.132.0.2
cf-ray
6083a4f9094d4a9d-FRA
cf-request-id
0746256fa300004a9deab1b000000001
hm.js
hm.baidu.com/ 		39 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?77cf62cb0bedfd734ae1c3a386def55c
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
f6ed133e5eac4f5ee435b694e7da0d3936c9034424e2c74a4c80efad014f5ac6
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 27 Dec 2020 14:13:50 GMT
Content-Encoding
gzip
Server
apache
Etag
32a9ef5d3bbf24ac5e56c46e2f6dae55
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
14045
collect
www.google-analytics.com/g/ 		0
75 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-GPBVHMC0B7&gtm=2oebu0&_p=121454908&sr=1600x1200&ul=en-us&cid=2047126830.1609078430&_s=1&dl=https%3A%2F%2Fewo-whatsapp.xyz%2Fad%2Fl.php%3Fl%3Den%26x%3D1&dr=https%3A%2F%2Fltowuwy.top%2Fad%2F%3Fl%3Did%26x%3D1&dt=%F0%9F%92%95Year-end%20carnival%F0%9F%8C%90&sid=1609078429&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GPBVHMC0B7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 27 Dec 2020 14:13:49 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ewo-whatsapp.xyz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=2030969356&si=77cf62cb0bedfd734ae1c3a386def55c&su=https%3A%2F%2Fltowuwy.top%2Fad%2F%3Fl%3Did%26x%3D1&v=1.2.80&lv=1&sn=63111&r=0&ww=1600&ct=!!&u=https%3A%2F%2Fewo-whatsapp.xyz%2Fad%2Fl.php%3Fl%3Den%26x%3D1%231609078430116&tt=%F0%9F%92%95Year-end%20carnival%F0%9F%8C%90
Requested by
Host: ewo-whatsapp.xyz
URL: https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 27 Dec 2020 14:13:51 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43
collect
www.google-analytics.com/g/ 		0
339 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-GPBVHMC0B7&gtm=2oebu0&_p=121454908&sr=1600x1200&ul=en-us&cid=2047126830.1609078430&_s=2&dl=https%3A%2F%2Fewo-whatsapp.xyz%2Fad%2Fl.php%3Fl%3Den%26x%3D1&dr=https%3A%2F%2Fltowuwy.top%2Fad%2F%3Fl%3Did%26x%3D1&dt=%F0%9F%92%95Year-end%20carnival%F0%9F%8C%90&sid=1609078429&sct=1&seg=0&en=timing_complete&_et=6&ep.name=load&epn.value=247&ep.event_category=JS%20Dependencies
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-GPBVHMC0B7
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ewo-whatsapp.xyz/ad/l.php?l=en&x=1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 27 Dec 2020 14:13:54 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://ewo-whatsapp.xyz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

88 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery string| tranDomain string| daoliang_url string| alertTip string| alertTip2 string| alertTip3 string| alertTip4 string| like_str string| unlike_str string| shareBtn string| ogDescription string| tipnstr string| share_detail string| returnUrl object| returnUrls string| theme object| _zaq function| _report function| _record object| google_tag_manager object| dataLayer number| qs function| lasthtml function| dapp object| _0x5386 function| _0x2db6 function| _0x1aed99 object| t object| _hmt function| incrementValue1 function| gtag object| google_tag_data object| gaGlobal function| random string| redirectURL string| WhatsApp_share_message string| Share_link string| appName number| timer_start number| total object| STRONG boolean| inShare string| hiddenProperty string| visibilityChangeEvent function| onVisibilityChange function| incrementValue_i function| fn1_i function| incrementValue_a function| fn1_a object| zeit number| sec number| add object| zeit2 number| minute number| timer1 number| resttimer number| timer function| updateTimer number| myTimer function| stopFunction function| jp function| fh function| set_Cookie function| get_Cookie number| timeSincePageLoad string| u boolean| isAndroid boolean| isiOS function| tipn function| ads function| hh function| onYouTubeIframeAPIReady object| fd object| _za object| r boolean| _bdhm_loaded_77cf62cb0bedfd734ae1c3a386def55c object| mini_tangram_log_cyx3tt

5 Cookies

Domain/Path Name / Value
.ewo-whatsapp.xyz/ Name: Hm_lvt_77cf62cb0bedfd734ae1c3a386def55c
Value: 1609078431
.ewo-whatsapp.xyz/ Name: _ga_GPBVHMC0B7
Value: GS1.1.1609078429.1.0.1609078429.0
.ewo-whatsapp.xyz/ Name: Hm_lpvt_77cf62cb0bedfd734ae1c3a386def55c
Value: 1609078431
.ewo-whatsapp.xyz/ Name: _ga
Value: GA1.1.2047126830.1609078430
.ewo-whatsapp.xyz/ Name: __cfduid
Value: d1390f62576bbcaa94591e474e5175a591609078429

1 Console Messages

Source Level URL
Text
console-api log URL: https://lb.href.style/ad/adidas.js?8888112311(Line 41)
Message:
247

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
ajax.googleapis.com
ajax.googlescdn.com
encrypted-tbn0.gstatic.com
ewo-whatsapp.xyz
hm.baidu.com
i.imgur.com
lb.href.style
ltowuwy.top
uprimp.com
www.google-analytics.com
www.googletagmanager.com
103.235.46.191
151.101.12.193
185.66.200.220
2606:4700:3032::6812:3818
2606:4700:3035::6818:6daf
2606:4700:3036::681c:102b
2606:4700:3037::ac43:c421
2a00:1450:4001:808::2001
2a00:1450:4001:808::2008
2a00:1450:4001:809::200e
2a00:1450:4001:820::200a
2a00:1450:4001:820::200e
1c0578f890fafff082ee4894d6a863bd6818124927b47f5ab70ac2ce84140bbb
25cd093ab8fb3c22c583193d839dc41e601db3ca60318565e70fe08bd558ecf9
59368d4dc5b045d7b8b0b8b9d84962556d803ab9fb7a58483bd90d12cdb009a3
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
62347ea947399d485373491b46da5463873758e016c8d9f861a6375e2f6a225b
63ae306b0ecc11b34ddb01b5e6b4472704391560a2f5ef483819ac9301b95f75
71296727e81ba33fd6d10f984f18b23ea8d28b3db8d2668d53390fd5f8716426
8dad5a450ce7dda3d0454a289345ff7d9dc4b4dc95ec4a2408f8f693528e2892
a567d45342507f8fac03ed4e517606f2a8c51537c54c5f11a94c785bc4d7cb0e
af536edc872886836c5caa7df0ee38bcc42a3a15124aaf113688e11c95672896
b7305eddc86d8712838ab6fbf40eda1e55c33b6647f9f1f23ebf61ba8f1bda6b
bb125dc7a7266fcfcdc852da31d2fd6a94966e07dcd06f75e8aedfc8312a1c2d
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d3948d1e943e42d0b1f282856a144b7fa06161bdeaeaa3616828b36d6e63d4ec
d5e90bc51c9e8f8b42a43689354cc05f088b092f6b857bf3cdb16246973c3fef
e2ef2d03532e76f643bb5ba3fe2ec629a0ac01ce01031cf9f7af8fba3cb30c4e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d9790279f053a39e37f7fb04bdebda41f4f78d2fbf0b988cadf0d9e97dc8b9
ed8ba732b1743bab4214e766fe868a5e329374321a6a551f40720b3f12b2b0ce
f6ed133e5eac4f5ee435b694e7da0d3936c9034424e2c74a4c80efad014f5ac6