davawiepsz.lunchdisclose.top Open in urlscan Pro
104.21.44.174 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://davawiepsz.lunchdisclose.top/
Effective URL:
https://davawiepsz.lunchdisclose.top/
Submission: On December 12 via api (December 12th 2024, 2:42:59 pm UTC) from AU — Scanned from AU

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 10 domains to perform 17 HTTP transactions. The main IP is 104.21.44.174, located in and belongs to CLOUDFLARENET, US. The main domain is davawiepsz.lunchdisclose.top.
TLS certificate: Issued by WE1 on November 11th 2024. Valid for: 3 months.

This is the only time davawiepsz.lunchdisclose.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	104.21.44.174 104.21.44.174	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.193.170 142.250.193.170	15169 (GOOGLE) (GOOGLE)
1	142.250.195.200 142.250.195.200	15169 (GOOGLE) (GOOGLE)
1	104.18.187.31 104.18.187.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.150.132 172.67.150.132	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	199.232.196.193 199.232.196.193	54113 (FASTLY) (FASTLY)
2	104.21.112.1 104.21.112.1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.204.14 142.250.204.14	15169 (GOOGLE) (GOOGLE)
3	104.21.67.29 104.21.67.29	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	10

3 104.21.44.174 (None, )

ASN13335 (CLOUDFLARENET, US)

davawiepsz.lunchdisclose.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.193.170 (United States)

ASN15169 (GOOGLE, US)
PTR: maa05s26-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.195.200 (United States)

ASN15169 (GOOGLE, US)
PTR: maa03s42-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.187.31 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.150.132 (United States)

ASN13335 (CLOUDFLARENET, US)

quarkstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.196.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.21.112.1 (None, )

ASN13335 (CLOUDFLARENET, US)

563cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.204.14 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.21.67.29 (None, )

ASN13335 (CLOUDFLARENET, US)

plausible.com.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	plausible.com.cn plausible.com.cn	3 KB
3	lunchdisclose.top davawiepsz.lunchdisclose.top	23 KB
2	563cdn.com 563cdn.com	19 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36
1	imgur.com i.imgur.com — Cisco Umbrella Rank: 8961	12 KB
1	quarkstatic.com quarkstatic.com	62 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	2 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	108 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 415	33 KB
0	baidu.com Failed hm.baidu.com Failed
17	10

	Domain	Requested by
3	plausible.com.cn	davawiepsz.lunchdisclose.top plausible.com.cn
3	davawiepsz.lunchdisclose.top	davawiepsz.lunchdisclose.top
2	563cdn.com	davawiepsz.lunchdisclose.top
1	www.google-analytics.com	www.googletagmanager.com
1	i.imgur.com	davawiepsz.lunchdisclose.top
1	quarkstatic.com	davawiepsz.lunchdisclose.top
1	cdn.jsdelivr.net	davawiepsz.lunchdisclose.top
1	www.googletagmanager.com	davawiepsz.lunchdisclose.top
1	ajax.googleapis.com	davawiepsz.lunchdisclose.top
0	hm.baidu.com Failed	davawiepsz.lunchdisclose.top
17	10

This site contains no links.

Subject Issuer	Validity	Valid
lunchdisclose.top WE1	`2024-11-11` - `2025-02-09`	3 months	crt.sh
upload.video.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.google-analytics.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
e5f174a2.sni.cloudflaressl.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-15` - `2025-02-14`	a year	crt.sh
563cdn.com WE1	`2024-10-28` - `2025-01-26`	3 months	crt.sh
plausible.com.cn WE1	`2024-10-24` - `2025-01-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://davawiepsz.lunchdisclose.top/
Frame ID: 5E11EAAA4AB6F543674F6ABAB0E4482B
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Celebrating Christmas, enjoy 45GB of free internet available on all networks!

Page URL History Show full URLs

http://davawiepsz.lunchdisclose.top/ HTTP 307
https://davawiepsz.lunchdisclose.top/ Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

17
Requests

82 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

10
IPs

2
Countries

262 kB
Transfer

586 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://davawiepsz.lunchdisclose.top/ HTTP 307
https://davawiepsz.lunchdisclose.top/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
davawiepsz.lunchdisclose.top/
Redirect Chain

http://davawiepsz.lunchdisclose.top/
https://davawiepsz.lunchdisclose.top/

71 KB
18 KB

639ms
606ms

Document
text/html

104.21.44.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://davawiepsz.lunchdisclose.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.44.174 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 521ec6a3b6ec1ab4f826c26a4dcf117417a11213f457b85dab406d2a8a118b13

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8f0e7b1d59d05f25-SYD
content-encoding: zstd
content-type: text/html; charset=UTF-8
date: Thu, 12 Dec 2024 14:42:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gWO4rldF9sMFzdHdaWw3WPf4Hea6G37wJAFGkJHey8owSypQggasSCCSXsk2fJQLCDxB12EwZrD70RpJBWpnxrvC329uG7ufHai7BW%2F9W%2F%2Bo%2FdRIL%2F3%2Fo9xtE50EM3kN7hXZmre6XFJfqHk7Kvy%2F"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=5078&min_rtt=1903&rtt_var=2046&sent=14&recv=12&lost=0&retrans=0&sent_bytes=4272&recv_bytes=5792&delivery_rate=928&cwnd=12000&unsent_bytes=0&cid=945e11ba90c9fc27&ts=631&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding

Redirect headers

Location: https://davawiepsz.lunchdisclose.top/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 200 2.png
davawiepsz.lunchdisclose.top/js/ 3 KB
4 KB 58ms
58ms Image
image/png 104.21.44.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://davawiepsz.lunchdisclose.top/js/2.png
Requested by: Host: davawiepsz.lunchdisclose.top
URL: https://davawiepsz.lunchdisclose.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.44.174 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6b8d669fa3e6500ce5d4a3c1c0b289c609c7b1ed760885c844abc66670ca7f8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"67286add-ba3"
age: 278440
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ntkg9bgnmxZroogCefJJm%2F2C6Xuaq8gJf4Tpf20md1NJOoxlHESQfiSBi1uvyJh7epEI7Vpum9lrLiHb9WQ79QLr15fJXrCuPghbz5B1aM4HHFqo550pzUyxUxOG077q%2B41r6VEf3Y2%2BTTb4mQ0z"}],"group":"cf-nel","max_age":604800}
expires: Wed, 08 Jan 2025 09:21:46 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2793&min_rtt=976&rtt_var=1941&sent=35&recv=24&lost=0&retrans=0&sent_bytes=23040&recv_bytes=8659&delivery_rate=225536&cwnd=12000&unsent_bytes=0&cid=945e11ba90c9fc27&ts=986&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 12 Dec 2024 14:42:26 GMT
content-type: image/png
last-modified: Mon, 04 Nov 2024 06:34:05 GMT
vary: Accept-Encoding
priority: u=3,i
cache-control: max-age=2592000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f0e7b22fcc35f25-SYD
server: cloudflare

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ 94 KB
33 KB 563ms
257ms Script
text/javascript 142.250.193.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js

Requested by

Host: davawiepsz.lunchdisclose.top
URL: https://davawiepsz.lunchdisclose.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.193.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

maa05s26-in-f10.1e100.net

Software

sffe /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

content-encoding: gzip
age: 29093
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options: nosniff
expires: Fri, 12 Dec 2025 06:37:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 12 Dec 2024 06:37:33 GMT
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33434
x-xss-protection: 0
server: sffe

GET
H3 200 single.php Show response
davawiepsz.lunchdisclose.top/ 3 KB
2 KB 324ms
322ms Script
text/javascript 104.21.44.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://davawiepsz.lunchdisclose.top/single.php?
Requested by: Host: davawiepsz.lunchdisclose.top
URL: https://davawiepsz.lunchdisclose.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.44.174 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56474e0729a4c532ab092b1e76d3d02d114725cdcf2cb30608dadd1e538f8e6b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1EVPOcALpx1qybPaKF1A%2FuttlBVzxzUt45q7olNumw3bZUHyefvcAuOxZAnaucNEKJ1%2Bzv3DhRm%2FdNzhT6IG8M5NVj5DJkfBvDtrWbcS11rmNz9dEgFGz0zS9wGM9l2G4h8VxQsSw8QZXiL92zMD"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f0e7b230cca5f25-SYD
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2519&min_rtt=976&rtt_var=1566&sent=39&recv=26&lost=0&retrans=0&sent_bytes=26827&recv_bytes=8745&delivery_rate=68890&cwnd=12000&unsent_bytes=0&cid=945e11ba90c9fc27&ts=1255&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 12 Dec 2024 14:42:26 GMT
content-type: text/javascript;charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=2,i=?0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 323 KB
108 KB 618ms
314ms Script
application/javascript 142.250.195.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-TXHPZ38NQJ

Requested by

Host: davawiepsz.lunchdisclose.top
URL: https://davawiepsz.lunchdisclose.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.195.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

maa03s42-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

7ae397df4e0a2d1d01ff8945e9093e74f16b0c37987d6c1d6c185765b94bfec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 12 Dec 2024 14:42:26 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 12 Dec 2024 14:42:26 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 109799
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 lazyload.min.js Show response
cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/ 2 KB
2 KB 38ms
15ms Script
application/javascript 104.18.187.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.min.js

Requested by

Host: davawiepsz.lunchdisclose.top
URL: https://davawiepsz.lunchdisclose.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.187.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b3baa10ac55f4eece0c7e666eaddd51872b8ce9273671626bcccec8f86ead78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

access-control-expose-headers: *
content-encoding: br
cf-cache-status: HIT
etag: W/"8a2-ngY/Y9MDkyf1oyGHRNHDqclx9cM"
age: 1198550
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dDXVJaFIdFsmiuMT9veUbAsSIdXcEGaTQ88%2FSKVvX9hJYcNMOjVn6H90RGVKyY9M3dxsxlhMsbW%2B21yMpoJuRL6t3qcmo%2FGceKFiHeMKxoVxq45wcmajnQFIHLoeZorjDWk%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443"; ma=86400
x-cache: HIT, HIT
date: Thu, 12 Dec 2024 14:42:26 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220036-FRA, cache-lga21943-LGA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f0e7b232abf5729-SYD
accept-ranges: bytes
access-control-allow-origin: *
content-length: 981
server: cloudflare
x-jsd-version: 2.0.0-rc.2

GET
H2 200 idy4g.jpg
quarkstatic.com/images/ 61 KB
62 KB 171ms
53ms Image
image/jpeg 172.67.150.132
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://quarkstatic.com/images/idy4g.jpg
Requested by: Host: davawiepsz.lunchdisclose.top
URL: https://davawiepsz.lunchdisclose.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.150.132 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89da7622d6919327ad6fe42b6e517fd9cb53890a6a2bfe68c25eefd9de43243a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

cf-cache-status: HIT
etag: "d5346163945885d5b076cc1f2c8c1e9c"
age: 7098
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3qPw800TdGnBlGbF%2B0TiKYxGkiGHTL6%2B3iRhn5x8TECb%2F1SiqmT8U2inytHQFSLixQkUuV%2Ft%2F%2BQ73Mt2EKx2PoC%2F0nT%2BaiZ2NbG4AGBPQXcCAR5HArJbPtfI8F%2FcJvSblO8%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1265&min_rtt=983&rtt_var=613&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3982&recv_bytes=2243&delivery_rate=3800524&cwnd=254&unsent_bytes=0&cid=caa0aa101638cd54&ts=100&x=0"
date: Thu, 12 Dec 2024 14:42:27 GMT
content-type: image/jpeg
last-modified: Mon, 04 Nov 2024 06:21:37 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f0e7b28aea8a956-SYD
accept-ranges: bytes
content-length: 62910
server: cloudflare

GET
H2 200 989SPRg.jpeg
i.imgur.com/ 12 KB
12 KB 570ms
275ms Image
image/jpeg 199.232.196.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/989SPRg.jpeg

Requested by

Host: davawiepsz.lunchdisclose.top
URL: https://davawiepsz.lunchdisclose.top/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

cd4ee7f8bf3b75267ba8c5aa5959d7bd5107234f94bf24d4c2b1e664f3876759

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

etag: "8c02a299f5d402b14f775c19b6e5280b"
age: 2009466
access-control-allow-methods: GET, OPTIONS
x-content-type-options: nosniff
x-cache: Miss from cloudfront, HIT, HIT
x-amz-cf-id: y54RFEYlo6btSd05P3tIZwhi5yYPUfzQKrAsY-uGv0fSw2oTGOeD0g==
date: Thu, 12 Dec 2024 14:42:27 GMT
content-type: image/jpeg
last-modified: Mon, 21 Oct 2024 08:52:12 GMT
x-cache-hits: 18, 0
x-served-by: cache-iad-kjyo7100028-IAD, cache-bfi-krnt7300097-BFI
strict-transport-security: max-age=300
cache-control: public, max-age=31536000
x-timer: S1734014548.641856,VS0,VE1
accept-ranges: bytes
access-control-allow-origin: *
content-length: 11788
x-amz-cf-pop: IAD89-P1
server: cat factory 1.0
x-amz-server-side-encryption: AES256

GET
H2 200 043275da874a0f94c8bccbac355568b4.png
563cdn.com/images/ 13 KB
14 KB 168ms
51ms Image
image/png 104.21.112.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://563cdn.com/images/043275da874a0f94c8bccbac355568b4.png
Requested by: Host: davawiepsz.lunchdisclose.top
URL: https://davawiepsz.lunchdisclose.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.112.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab275fa6f77eda89d1c4416cbb7f825c7e44d923cf0fe29ed2e7dd3def44105b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

cf-cache-status: HIT
etag: "4d015e033bfcbe328b3babc8e1d29c62"
age: 2900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6rcH%2F1hhpnAm3eSwKxOktl%2F4rhGf2DY%2F6YTnCl6FitrwapRPtDJDK5qAaezXGP7mUuaUcnzgWr%2FH3OpdoPAP8CC8JlpwSB8zSVxAZULXkXf3DshjlemOtE7BQ5Ux"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=535&min_rtt=508&rtt_var=85&sent=13&recv=12&lost=0&retrans=0&sent_bytes=8819&recv_bytes=2332&delivery_rate=7463917&cwnd=254&unsent_bytes=0&cid=36d1852374994400&ts=153&x=0"
date: Thu, 12 Dec 2024 14:42:27 GMT
content-type: image/png
last-modified: Mon, 18 Mar 2024 07:51:07 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f0e7b289acddfaf-SYD
accept-ranges: bytes
content-length: 13806
server: cloudflare

GET
H2 200 be705226d05559a02b8143a1c47772bf.jpg
563cdn.com/images/ 4 KB
5 KB 167ms
51ms Image
image/jpeg 104.21.112.1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://563cdn.com/images/be705226d05559a02b8143a1c47772bf.jpg
Requested by: Host: davawiepsz.lunchdisclose.top
URL: https://davawiepsz.lunchdisclose.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.112.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5bb76c4c1672c8cc57df9693c2a44b4b9c8a28bdd97069230b88a936889baaa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

cf-cache-status: HIT
etag: "1b1451a8700232aeb27996df777f61d0"
age: 3455
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K7B1qFMMLqMBTO5KfX%2Fj5K1UzvYDjc%2BgjUdtiIFE6zHXkQjLyAhDqFQJbXGQbUMjixHV1IocY7Dc%2FshRKrCL7PZ%2FNEIr7MA%2BenHG8hLkEAT1mM2%2BN5oXwRTLXAn0"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=535&min_rtt=508&rtt_var=85&sent=8&recv=12&lost=0&retrans=0&sent_bytes=4001&recv_bytes=2332&delivery_rate=7463917&cwnd=254&unsent_bytes=0&cid=36d1852374994400&ts=153&x=0"
date: Thu, 12 Dec 2024 14:42:27 GMT
content-type: image/jpeg
last-modified: Mon, 18 Mar 2024 07:45:58 GMT
vary: Accept-Encoding
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f0e7b289acbdfaf-SYD
accept-ranges: bytes
content-length: 4048
server: cloudflare

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 320ms
106ms Fetch
text/plain 142.250.204.14
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-TXHPZ38NQJ&gtm=45je4cb0v9199215831za200&_p=1734014547126&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&cid=276129550.1734014547&ul=en-au&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1734014547&sct=1&seg=0&dl=https%3A%2F%2Fdavawiepsz.lunchdisclose.top%2F&dt=Celebrating%20Christmas%2C%20enjoy%2045GB%20of%20free%20internet%20available%20on%20all%20networks!&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1998
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TXHPZ38NQJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.204.14 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: syd09s25-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://davawiepsz.lunchdisclose.top
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 12 Dec 2024 14:42:27 GMT
content-type: text/plain
server: Golfe2

GET hm.js
hm.baidu.com/ 0
0

GET
H3 200 script.js Show response
plausible.com.cn/js/ 1 KB
1 KB 77ms
10ms Script
application/javascript 104.21.67.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://plausible.com.cn/js/script.js

Requested by

Host: davawiepsz.lunchdisclose.top
URL: https://davawiepsz.lunchdisclose.top/single.php?

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.67.29 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3409ac09af396e35fd67c5e024386d36c52138b7541e6a4644c31a94a2d33a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 30603
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3D3R8VdICsuymW40RgeO4bu%2FJKG7BKpcmTq%2FirB0ymvqD%2FL3G9tRo%2BqZKHgQVw1qjJvsCffEAop2lWqM7xg7bKRBz2tzFZu3l5QZarQIfKNnShHWWopTBfAWqzAWIYr%2FgIZs"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1843&min_rtt=1661&rtt_var=658&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4231&recv_bytes=5586&delivery_rate=244113&cwnd=12000&unsent_bytes=0&cid=0b7b3ac899294b20&ts=15&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 12 Dec 2024 14:42:27 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 12 Dec 2024 06:12:24 GMT
priority: u=3,i=?0
cache-control: public, max-age=86400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f0e7b2b1aafe7dd-SYD
access-control-allow-origin: *
server: cloudflare

GET hm.js
hm.baidu.com/ 0
0

POST
H3 202 event Show response
plausible.com.cn/api/ 2 B
688 B 326ms
315ms XHR
text/plain 104.21.67.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.com.cn/api/event
Requested by: Host: plausible.com.cn
URL: https://plausible.com.cn/js/script.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.67.29 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

x-request-id: GBB1C07BUkePEBQhnZOB
access-control-expose-headers
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B1uzGF1jWRNvptmDqShFxE7vP5uNORp7RJ92EAPkLkPFDDP1KCh9YF882dQcTbvZDsIA5VqJOkgtFpEqdVt5Giq5HO67vu5vuCS84Q4lbiKm5LZZpdt46HnzYyE9GzBVpLBE"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1943&min_rtt=1343&rtt_var=1001&sent=13&recv=13&lost=0&retrans=0&sent_bytes=3010&recv_bytes=6078&delivery_rate=1035&cwnd=12000&unsent_bytes=0&cid=e8eaebcad134f3d2&ts=324&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 12 Dec 2024 14:42:28 GMT
content-type: text/plain; charset=utf-8
priority: u=1,i
cache-control: max-age=0, private, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8f0e7b2b4dcaa937-SYD
access-control-allow-origin: *
content-length: 2
server: cloudflare

POST
H3 202 event Show response
plausible.com.cn/api/ 2 B
726 B 325ms
320ms XHR
text/plain 104.21.67.29
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.com.cn/api/event
Requested by: Host: plausible.com.cn
URL: https://plausible.com.cn/js/script.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.67.29 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://davawiepsz.lunchdisclose.top/

Response headers

x-request-id: GBB1C06sGLoRUBohAsvD
access-control-expose-headers
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2oNDGsrLNK9PDdH8FbeExsZwLroH5jRFV5SBrFIgUqrDwOFjp5yxFNuOAlSmCgRv3CvqYrcm8un8grzRHoPp4DUTs7UcEJ4%2BSUKVyFg7Wn7ONyCRABMDV70%2FyxMVDZoaAHhp"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1943&min_rtt=1343&rtt_var=1001&sent=12&recv=13&lost=0&retrans=0&sent_bytes=2261&recv_bytes=6078&delivery_rate=1035&cwnd=12000&unsent_bytes=0&cid=e8eaebcad134f3d2&ts=323&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 12 Dec 2024 14:42:28 GMT
content-type: text/plain; charset=utf-8
priority: u=1,i
cache-control: max-age=0, private, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8f0e7b2b4dc8a937-SYD
access-control-allow-origin: *
content-length: 2
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hm.baidu.com
URL: https://hm.baidu.com/hm.js?2a3da284a4e4224e64e508415414d4b0

Domain: hm.baidu.com
URL: https://hm.baidu.com/hm.js?b3e211753853b8bec23c7cc3247cde91

Domain: hm.baidu.com
URL: https://hm.baidu.com/hm.js?a5c983f496f8ab8d8aab9f2efb76e9cd

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
davawiepsz.lunchdisclose.top/	1970-01-21 01:40:18	Name: pics Value: %5B%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FXWGHso9.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F6065bf2559d743ba166f2ed6fdff49f8.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2F989SPRg.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F043275da874a0f94c8bccbac355568b4.png%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fbe705226d05559a02b8143a1c47772bf.jpg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2Fae5615520252588fb6236131903d037b.jpg%22%2C%22https%3A%5C%2F%5C%2Fi.imgur.com%5C%2FURYXQCa.jpeg%22%2C%22https%3A%5C%2F%5C%2F563cdn.com%5C%2Fimages%5C%2F36f308b9157bf7acfaf5c09b742b5852.jpg%22%5D
davawiepsz.lunchdisclose.top/	1970-01-21 01:40:18	Name: comments Value: %5B%22First%20I%20thought%20its%20fake%20but%20I%20received%20the%20free%2045GB%20within%2015%20min.%20Thank%20you%2C%20for%20this%20gift.%22%2C%22This%20is%20real%20guys%20just%20follow%20instructions.%20If%20you%20make%20a%20mistake%20you%27ll%20get%20only%2020GB.%20Thanks%20for%20the%20gift.%22%2C%22I%20am%20disappointed%2C%20I%20got%2035GB%20only%21%22%2C%22This%20is%20the%20best%20gift%20I%20got%20this%20month.%22%5D
davawiepsz.lunchdisclose.top/	1970-01-21 01:40:18	Name: names Value: %5B%22Mehmet%22%2C%22Zeynep%22%2C%22Ali%22%2C%22Mustafa%22%2C%22Ahmet%22%2C%22Ay%5Cu015fe%22%2C%22Elif%22%2C%22Fatma%22%5D
davawiepsz.lunchdisclose.top/	1970-01-21 01:44:33	Name: loclang Value: en
davawiepsz.lunchdisclose.top/	1970-01-21 01:40:18	Name: reg Value: 1
.lunchdisclose.top/	1970-01-21 11:16:14	Name: _ga_TXHPZ38NQJ Value: GS1.1.1734014547.1.0.1734014547.0.0.0
.lunchdisclose.top/	1970-01-21 11:16:14	Name: _ga Value: GA1.1.276129550.1734014547

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://davawiepsz.lunchdisclose.top/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

563cdn.com
ajax.googleapis.com
cdn.jsdelivr.net
davawiepsz.lunchdisclose.top
hm.baidu.com
i.imgur.com
plausible.com.cn
quarkstatic.com
www.google-analytics.com
www.googletagmanager.com
hm.baidu.com
104.18.187.31
104.21.112.1
104.21.44.174
104.21.67.29
142.250.193.170
142.250.195.200
142.250.204.14
172.67.150.132
199.232.196.193
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
521ec6a3b6ec1ab4f826c26a4dcf117417a11213f457b85dab406d2a8a118b13
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
56474e0729a4c532ab092b1e76d3d02d114725cdcf2cb30608dadd1e538f8e6b
5b3baa10ac55f4eece0c7e666eaddd51872b8ce9273671626bcccec8f86ead78
7ae397df4e0a2d1d01ff8945e9093e74f16b0c37987d6c1d6c185765b94bfec6
89da7622d6919327ad6fe42b6e517fd9cb53890a6a2bfe68c25eefd9de43243a
ab275fa6f77eda89d1c4416cbb7f825c7e44d923cf0fe29ed2e7dd3def44105b
c5bb76c4c1672c8cc57df9693c2a44b4b9c8a28bdd97069230b88a936889baaa
cd4ee7f8bf3b75267ba8c5aa5959d7bd5107234f94bf24d4c2b1e664f3876759
e3409ac09af396e35fd67c5e024386d36c52138b7541e6a4644c31a94a2d33a4
f6b8d669fa3e6500ce5d4a3c1c0b289c609c7b1ed760885c844abc66670ca7f8

davawiepsz.lunchdisclose.top Open in urlscan Pro 104.21.44.174 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

82 %HTTPS

0 %IPv6

10 Domains

10 Subdomains

10 IPs

2 Countries

262 kBTransfer

586 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

7 Cookies

1 Console Messages

Indicators

davawiepsz.lunchdisclose.top Open in urlscan Pro
104.21.44.174 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

82 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

10
IPs

2
Countries

262 kB
Transfer

586 kB
Size

7
Cookies

17 HTTP transactions
0 data transactions