shipping.ewacode.work Open in urlscan Pro
2606:4700:3035::6815:283e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://shipping.ewacode.work/welcome
Effective URL:
https://shipping.ewacode.work/welcome
Submission: On January 01 via api (January 1st 2024, 12:57:00 pm UTC) from US — Scanned from US

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 1 countries across 6 domains to perform 23 HTTP transactions. The main IP is 2606:4700:3035::6815:283e, located in United States and belongs to CLOUDFLARENET, US. The main domain is shipping.ewacode.work.
TLS certificate: Issued by GTS CA 1P5 on November 17th 2023. Valid for: 3 months.

This is the only time shipping.ewacode.work was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 5	2606:4700:303... 2606:4700:3033::ac43:b20b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700:303... 2606:4700:3035::6815:283e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4006:822::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3032::6815:101c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	140.82.113.6 140.82.113.6	36459 (GITHUB) (GITHUB)
2	2607:f8b0:400... 2607:f8b0:4006:81d::2003	15169 (GOOGLE) (GOOGLE)
23	8

5 2606:4700:3033::ac43:b20b (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

shipping.ewacode.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3035::6815:283e (United States)

ASN13335 (CLOUDFLARENET, US)

shipping.ewacode.work	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:822::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3032::6815:101c (United States)

ASN13335 (CLOUDFLARENET, US)

ghbtns.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 140.82.113.6 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-113-6-iad.github.com

api.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81d::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	ewacode.work 2 redirects shipping.ewacode.work	180 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
3	ghbtns.com ghbtns.com — Cisco Umbrella Rank: 104040	8 KB
2	gstatic.com fonts.gstatic.com	70 KB
2	github.com api.github.com — Cisco Umbrella Rank: 4512	6 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	82 KB
23	6

	Domain	Requested by
12	shipping.ewacode.work	2 redirects shipping.ewacode.work
4	fonts.googleapis.com	shipping.ewacode.work
3	ghbtns.com	shipping.ewacode.work
2	fonts.gstatic.com	fonts.googleapis.com
2	api.github.com	ghbtns.com
2	cdnjs.cloudflare.com	shipping.ewacode.work cdnjs.cloudflare.com
23	6

This site contains no links.

Subject Issuer	Validity	Valid
ewacode.work GTS CA 1P5	`2023-11-17` - `2024-02-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
ghbtns.com GTS CA 1P5	`2023-12-28` - `2024-03-27`	3 months	crt.sh
*.github.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-16` - `2024-03-15`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://shipping.ewacode.work/welcome
Frame ID: 1B52542275E3AE7C084AB70FB5C251DC
Requests: 18 HTTP requests in this frame

Frame: https://ghbtns.com/github-btn.html?user=yTakkar&type=follow&count=false&size=large
Frame ID: 906BCCDE95BD9260652C08C67C71D0DB
Requests: 2 HTTP requests in this frame

Frame: https://ghbtns.com/github-btn.html?user=yTakkar&repo=Instagram-Clone&type=fork&count=true&size=large
Frame ID: 39B010580A79B9CDA9B4A850DF430B3E
Requests: 3 HTTP requests in this frame

Frame: https://ghbtns.com/github-btn.html?user=yTakkar&repo=Instagram-Clone&type=star&count=true&size=large
Frame ID: 5EE73CD685673E03F0A000999DB9F1B5
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Instagram

Page URL History Show full URLs

http://shipping.ewacode.work/welcome Page URL
http://shipping.ewacode.work/cdn-cgi/phish-bypass?atok=VUsud4K8PYlerSjV.rtAxJfXVmPpcBgzM4.gzd4MfNw-170411... HTTP 301
http://shipping.ewacode.work/welcome HTTP 301
https://shipping.ewacode.work/welcome Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

87 %
HTTPS

86 %
IPv6

6
Domains

6
Subdomains

8
IPs

1
Countries

348 kB
Transfer

660 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://shipping.ewacode.work/welcome Page URL
http://shipping.ewacode.work/cdn-cgi/phish-bypass?atok=VUsud4K8PYlerSjV.rtAxJfXVmPpcBgzM4.gzd4MfNw-1704113810-0-%2Fwelcome HTTP 301
http://shipping.ewacode.work/welcome HTTP 301
https://shipping.ewacode.work/welcome Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK welcome Show response
shipping.ewacode.work/ 4 KB
2 KB 105ms
41ms Document
text/html 2606:4700:3033::ac43:b20b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://shipping.ewacode.work/welcome

Protocol

HTTP/1.1

Server

2606:4700:3033::ac43:b20b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6aa51b17e2dbda1c96a14dba44841b7f99ce6b9fe01dadaf12439e56aafbb93d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

CF-RAY: 83eaecb64bd18da8-MIA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 01 Jan 2024 12:56:50 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6HvRfpg%2Bykpc64t6ISJs983Xwr3SI9LDLXnDEEgBrzKy%2FFDQf8OPM3RcT1CXDIA52AdArJERsig2bPdyD6RZG0xtTxnJsxWPAwUMGOXqAAPAuYaGbdIIUsh2Xm0A5%2FZPY2ToRkOYi0xBGvrbU2JeTMQXzoM%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK cf.errors.css
shipping.ewacode.work/cdn-cgi/styles/ 24 KB
5 KB 40ms
40ms Stylesheet
text/css 2606:4700:3033::ac43:b20b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://shipping.ewacode.work/cdn-cgi/styles/cf.errors.css

Requested by

Host: shipping.ewacode.work
URL: http://shipping.ewacode.work/welcome

Protocol

HTTP/1.1

Server

2606:4700:3033::ac43:b20b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: http://shipping.ewacode.work/welcome
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 12:56:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 19 Dec 2023 14:09:38 GMT
Server: cloudflare
ETag: W/"6581a422-5e44"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 83eaecb6fc488da8-MIA
Expires: Mon, 01 Jan 2024 14:56:51 GMT

GET
H/1.1 200
OK icon-exclamation.png
shipping.ewacode.work/cdn-cgi/images/ 452 B
889 B 34ms
34ms Image
image/png 2606:4700:3033::ac43:b20b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://shipping.ewacode.work/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: shipping.ewacode.work
URL: http://shipping.ewacode.work/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Server

2606:4700:3033::ac43:b20b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: http://shipping.ewacode.work/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 01 Jan 2024 12:56:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 19 Dec 2023 14:09:38 GMT
Server: cloudflare
ETag: "6581a422-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 83eaecb73c888da8-MIA
Content-Length: 452
Expires: Mon, 01 Jan 2024 14:56:51 GMT

GET
H2

200

Primary Request welcome Show response
shipping.ewacode.work/
Redirect Chain

http://shipping.ewacode.work/cdn-cgi/phish-bypass?atok=VUsud4K8PYlerSjV.rtAxJfXVmPpcBgzM4.gzd4MfNw-1704113810-0-%2Fwelcome
http://shipping.ewacode.work/welcome
https://shipping.ewacode.work/welcome

6 KB
3 KB

730ms
656ms

Document
text/html

2606:4700:3035::6815:283e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:283e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.33

Resource Hash

3379de026bb738a0409accff2da59963d0cd75801ebf7a33cd1f5ccd70f6b091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://shipping.ewacode.work/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 83eaeccfbf1f8dc1-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 01 Jan 2024 12:56:55 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZS3jggdF3AVMoVBUdMkmHklAgJM52HIerX9gDYtLWCi0VCmvwjldsmvg9281NUVyXV6qPhrg9cZxVLtWebQK7IWACkmHAlDIh2%2FgIxYavbfRKtXwnm1ubZEUvQON1m9TU3Mx1LrS94iHh%2BvDQTO1MoY%2FQCc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-powered-by: PHP/7.4.33
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block

Redirect headers

CF-RAY: 83eaeccf0ff08da8-MIA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Mon, 01 Jan 2024 12:56:54 GMT
Expires: Mon, 01 Jan 2024 13:56:54 GMT
Location: https://shipping.ewacode.work/welcome
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NuCxAoqY8OkDkAbJ1D0viMUPl%2BFpC3xWQjK2MjZknucrWJ%2FlmZ8K1VuM%2Fe%2B0McnU49mc7GAlPScLFJ4EXh5HXjP8p1z8xDMlJYvN03i13zJhw%2Fdst8VlNz9yXK%2BtUgu7UtoIwry3OvF3ICy6qT2nD5RV99I%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 16 KB
2 KB 214ms
79ms Stylesheet
text/css 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

729d143021117867cf4fdf31b3f321ad8455bdf338a4883299fcf7bb93db58bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 01 Jan 2024 12:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 01 Jan 2024 12:23:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 01 Jan 2024 12:56:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
643 B 226ms
91ms Stylesheet
text/css 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

289d25d68f730e581e0a16b8bee8f63a061717973f8ac8c29ccf2ba8fed15adf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 01 Jan 2024 12:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 01 Jan 2024 11:33:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 01 Jan 2024 12:56:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 390 B
377 B 227ms
93ms Stylesheet
text/css 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Satisfy

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

74410ad57ecfdf8c7d5de1459b50aedcca8296e65a45d1be01fd9835117e743a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 01 Jan 2024 12:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 01 Jan 2024 12:56:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 01 Jan 2024 12:56:55 GMT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 106ms
37ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 12:56:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1540624
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JOggnIXhSuq0EsbQtXBc8TMS%2BT%2FOUC4KHEEr1vjUaBXtct%2BtKtDlsIItuBcCKrhgLfQRJNiHWfeR%2BRobF2bbjgan9c1KPDFpra8mznjnNpk7Ii20b6fAi1j9ZcLHyOEBughovbs0ITuQJBjMl5kMo9L1"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 83eaecd44e7fdb29-MIA
expires: Sat, 21 Dec 2024 12:56:55 GMT

GET
H2 200 icon
fonts.googleapis.com/ 569 B
775 B 212ms
78ms Stylesheet
text/css 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 01 Jan 2024 12:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 01 Jan 2024 12:56:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 01 Jan 2024 12:56:55 GMT

GET
H2 200 master.css
shipping.ewacode.work/public/css/ 142 KB
25 KB 76ms
75ms Stylesheet
text/css 2606:4700:3035::6815:283e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shipping.ewacode.work/public/css/master.css

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:283e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6505a3dd35b7e95a5227412778b90e8c6faed44b5ccabd7ac2dfc67f479a06f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/welcome
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 12:56:55 GMT
x-server-powered-by: Engintron
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 38939
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE
last-modified: Mon, 27 Dec 2021 11:49:38 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sz4tyqK4DKbSUvS10KhYQyjicQzG9qslWvmGW6sykSKtV4ZhylCeDT%2FCE8crrqM7IYBizn%2B9b0pGb%2FUBYyrd9afBllaCvqQgTdsugGhBtgDMaEFyKE0lf%2Bnbx48rzppD%2F2MZqVu2ew3cwNR6hD4cIhj8cZQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=2592000
cf-ray: 83eaecd3da5e8dc1-MIA
expires: Wed, 31 Jan 2024 02:07:56 GMT

GET
H2 200 glyph-instagram.jpg
shipping.ewacode.work/images/needs/ 1 KB
1 KB 75ms
74ms Image
image/jpeg 2606:4700:3035::6815:283e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shipping.ewacode.work/images/needs/glyph-instagram.jpg

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:283e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f80cde2c26511d7269baf579727b1f327442c2634891c1376660ab3531ce5466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/welcome
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 12:56:55 GMT
x-server-powered-by: Engintron
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 38939
alt-svc: h3=":443"; ma=86400
content-length: 1140
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE
last-modified: Mon, 27 Dec 2021 11:49:38 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QhsT4aMX4k9jNbhQqmDhwQF269MsXt2DuOHVXTWj098Qlar7Rj8Y%2BomeGqICmQeEESf1MfGRoIsB%2Bbp9gQj0qNHoOOhYaYmdqFXvuErOxlcvDohLobU50HvLhasRhcgXnI%2FqEyiSVh26PtCZDABjWOCRrAs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 83eaecd3da5f8dc1-MIA
expires: Fri, 01 Mar 2024 02:07:56 GMT

GET
H2 200 dbx_29.png
shipping.ewacode.work/images/needs/ 94 KB
95 KB 41ms
40ms Image
image/png 2606:4700:3035::6815:283e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://shipping.ewacode.work/images/needs/dbx_29.png

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:283e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c7d871cd8d18d36b2a21076144273f1a0390ebfc6bfff9c09a4d5a5b6cb9c07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/welcome
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 12:56:55 GMT
x-server-powered-by: Engintron
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 38939
alt-svc: h3=":443"; ma=86400
content-length: 96405
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE
last-modified: Mon, 27 Dec 2021 11:49:38 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MtkGm5pW8FhS3qdiDvzlaFcr2EaFsdq%2B9dhDKdM%2BCqi%2BZF0pJuGm1HhxygZVHdI3ByTtvksHLEL%2FiFBROcnBaYPTtfhMFVApNf1eKylJnNn%2F3Ec3qpaRSu7xdMM25eYBu3yzNk%2B4dQLB0C%2BDsibtHXiyzBI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 83eaecd3da608dc1-MIA
expires: Fri, 01 Mar 2024 02:07:56 GMT

GET
H2 200 jquery-3.1.1.min.js Show response
shipping.ewacode.work/public/js/ 85 KB
31 KB 61ms
59ms Script
application/javascript 2606:4700:3035::6815:283e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shipping.ewacode.work/public/js/jquery-3.1.1.min.js

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:283e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/welcome
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 12:56:55 GMT
x-server-powered-by: Engintron
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 38939
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE
last-modified: Mon, 27 Dec 2021 11:49:38 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HejjyvhfxIKVXFPmwauEmXETM7U9%2BTd3KBNUTwmLBdF8X1aEEv5SQvzbz0Vy29zbaHJu5OdVWLs4jseN83Pvr9nR9E5%2FDHpRVSpJ6s1pznG743ONNjNlZmRYxi0BU3pXbOAzLTc%2BXUGIPGckFSfHj3bHEbs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 83eaecd3fa6e8dc1-MIA
expires: Wed, 31 Jan 2024 02:07:56 GMT

GET
H2 200 modules.js Show response
shipping.ewacode.work/public/js/ 70 KB
14 KB 61ms
60ms Script
application/javascript 2606:4700:3035::6815:283e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shipping.ewacode.work/public/js/modules.js

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:283e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d543bf1231cc57ae34696dffd445a8386a89a30b706d57b95d03e9c397bc5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/welcome
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 12:56:55 GMT
x-server-powered-by: Engintron
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 38939
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE
last-modified: Mon, 27 Dec 2021 11:49:38 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uhxYIxvCZeq8PiWgWpCpa3d3D643xXoaln7Cjf3D68IyzU3I62sOstCXzaFWkoqE98iAzfbeMUn1AJ3WzTXpYOuR815UnOkmTI1arvf77gDXmoV87PR97djX5j%2BU%2FBuQWOX8t%2B8j%2FbL2iCgUgJENwTN6ikI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 83eaecd3fa708dc1-MIA
expires: Wed, 31 Jan 2024 02:07:56 GMT

GET
H2 200 login_fn.js Show response
shipping.ewacode.work/public/js/ 8 KB
2 KB 59ms
59ms Script
application/javascript 2606:4700:3035::6815:283e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shipping.ewacode.work/public/js/login_fn.js

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:283e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84b7174e9a9105ab1e27c293cb7e50967737d7818b7b5b50a59ab4cc041e5405

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://shipping.ewacode.work/welcome
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 12:56:55 GMT
x-server-powered-by: Engintron
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 38939
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-nginx-upstream-cache-status: STALE
last-modified: Mon, 27 Dec 2021 11:49:38 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GNOs55fJb7cMC96G1KJIuT5PgRxoXWIttlzAbgNRw%2BJFQhyeHuR8Zt2MCYK6hxjyA5tTg5eXg%2F1kA%2Fw7xlUYb9eiTAQp4Vp%2BUIhcro2ZL2D54IykJM1MUoQfG6vmHZt579PMiTLnwBsXYVDGDvVByNOnxLY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=2592000
cf-ray: 83eaecd3fa718dc1-MIA
expires: Wed, 31 Jan 2024 02:07:56 GMT

GET
H2 200 github-btn.html Show response
ghbtns.com/ Frame 906B 6 KB
2 KB 139ms
44ms Document
text/html 2606:4700:3032::6815:101c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ghbtns.com/github-btn.html?user=yTakkar&type=follow&count=false&size=large

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:101c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea62216563585ae3e3be70cc867beeae7a2c3657515be64c74595a9a75374fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shipping.ewacode.work/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
age: 4037
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1800
cf-cache-status: HIT
cf-ray: 83eaecd49ebc257d-MIA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 12:56:55 GMT
expires: Tue, 05 Dec 2023 08:19:24 GMT
last-modified: Mon, 12 Dec 2022 06:48:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sGZS%2F10GGDk2etitIgYpCICmXigarU5Ib60DB4ACBkyYZnZWQuDEfAvboIynpyZJohQTbKEHox5ORE%2BM6jpU08%2BO3sK24WbIL%2F3vJGY%2B4EKHg20sLaklawQVwjODhHAu8jzfqAg7Ys3J"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-content-type-options: nosniff
x-fastly-request-id: 66410f433b608502b1ae68ac78da231055235d9f
x-github-request-id: F3F6:54DF:41F2C8:57565A:656EDAB3
x-proxy-cache: MISS
x-served-by: cache-iad-kiad7000152-IAD
x-timer: S1702508131.901323,VS0,VE1

GET
H2 200 github-btn.html Show response
ghbtns.com/ Frame 39B0 6 KB
3 KB 136ms
42ms Document
text/html 2606:4700:3032::6815:101c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ghbtns.com/github-btn.html?user=yTakkar&repo=Instagram-Clone&type=fork&count=true&size=large

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:101c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea62216563585ae3e3be70cc867beeae7a2c3657515be64c74595a9a75374fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shipping.ewacode.work/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
age: 4037
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1800
cf-cache-status: HIT
cf-ray: 83eaecd49eba257d-MIA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 12:56:55 GMT
expires: Tue, 05 Dec 2023 08:19:24 GMT
last-modified: Mon, 12 Dec 2022 06:48:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5pGs2BPU2wg1SqhKE1%2BZ2noEsIubIgoaqwKtm7s13FWmaGFYROGo9QlxJXfp8tg4%2FfnH%2FgbtbiZzzeGJw78tBrd%2BlwBFplftqM%2FrwK2IqGiNsS3uCKeNn91M6C0lYY4UYUqtKhudnQMJ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-content-type-options: nosniff
x-fastly-request-id: 82f8fa166ae770897c82fa3814e03ddbfa9635d3
x-github-request-id: F3F6:54DF:41F2C8:57565A:656EDAB3
x-proxy-cache: MISS
x-served-by: cache-iad-kiad7000024-IAD
x-timer: S1702514165.693385,VS0,VE1

GET
H2 200 github-btn.html Show response
ghbtns.com/ Frame 5EE7 6 KB
2 KB 138ms
45ms Document
text/html 2606:4700:3032::6815:101c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ghbtns.com/github-btn.html?user=yTakkar&repo=Instagram-Clone&type=star&count=true&size=large

Requested by

Host: shipping.ewacode.work
URL: https://shipping.ewacode.work/welcome

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:101c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea62216563585ae3e3be70cc867beeae7a2c3657515be64c74595a9a75374fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://shipping.ewacode.work/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
age: 4037
alt-svc: h3=":443"; ma=86400
cache-control: max-age=1800
cf-cache-status: HIT
cf-ray: 83eaecd49eb6257d-MIA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 01 Jan 2024 12:56:55 GMT
expires: Tue, 05 Dec 2023 08:19:24 GMT
last-modified: Mon, 12 Dec 2022 06:48:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFFY%2FygoiL2wgJiaMY8g%2B7%2BHgaDtSnyOQq2szCuBneYpvv53uFBOA5AW%2FeRMlTXqfSWHLWUbGwiOBHvNoAcfzCD2JIyeJ1c%2BTRqaV5LQMc6tXctG6DjifZBOHzwGjK5W06JKSDWLU4q8"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-content-type-options: nosniff
x-fastly-request-id: 67fd52ea5aa588952771d67ef0fdb4b3eb7ea012
x-github-request-id: F3F6:54DF:41F2C8:57565A:656EDAB3
x-proxy-cache: MISS
x-served-by: cache-iad-kiad7000089-IAD
x-timer: S1702510154.064532,VS0,VE1

GET
H2 200 Instagram-Clone Show response
api.github.com/repos/yTakkar/ Frame 39B0 6 KB
3 KB 251ms
116ms Script
application/javascript 140.82.113.6
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://api.github.com/repos/yTakkar/Instagram-Clone?callback=callback

Requested by

Host: ghbtns.com
URL: https://ghbtns.com/github-btn.html?user=yTakkar&repo=Instagram-Clone&type=fork&count=true&size=large

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.113.6 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-113-6-iad.github.com

Software

GitHub.com /

Resource Hash

5a77b538d3bd92cadf1ba3ef418eb3796468f2669ccc99bf5f4400e66010bbd0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ghbtns.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 12:56:56 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'
content-encoding: gzip
x-ratelimit-used: 1
x-github-api-version-selected: 2022-11-28
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Dec 2023 17:29:36 GMT
server: GitHub.com
x-github-request-id: C2A2:701C:815B7EB:10DFC0E6:6592B697
etag: W/"73e679d42b80b9bfb98e4aa54dc95f2d937d1b211719b44d5432bee0d83d0b53"
vary: Accept, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
cache-control: public, max-age=60, s-maxage=60
x-ratelimit-resource: core
x-ratelimit-reset: 1704117415
x-ratelimit-limit: 60
accept-ranges: bytes
x-ratelimit-remaining: 59

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 76ms
39ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://shipping.ewacode.work
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 12:56:55 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 451901
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 77160
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=14TAzZeoicc1xImRtg1%2F4hW38rhl%2BkoBDpzMXgd7DqDA0yNH%2BJCiv8Yqp21YtQURYiWgg%2F9SV5iF7Di%2B9hJGc5RUO%2FZha0MlMmxCKx9%2FNJzWBl2mbFwAI%2BaB4ke2ZLHRP9vnUwQdr7ypruGcdZahZkV3"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 83eaecd53bacda2f-MIA
expires: Sat, 21 Dec 2024 12:56:55 GMT

GET
DATA 200
OK truncated
/ Frame 39B0 594 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d12cca00a99b01c0733bcf54b10d6e58973732bb7d46ac38df36464e8fa4cc2a

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Instagram-Clone Show response
api.github.com/repos/yTakkar/ Frame 5EE7 6 KB
3 KB 232ms
124ms Script
application/javascript 140.82.113.6
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://api.github.com/repos/yTakkar/Instagram-Clone?callback=callback

Requested by

Host: ghbtns.com
URL: https://ghbtns.com/github-btn.html?user=yTakkar&repo=Instagram-Clone&type=star&count=true&size=large

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.113.6 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-113-6-iad.github.com

Software

GitHub.com /

Resource Hash

c91344457d16f174f07ac7254517a5cbef5ce598e4b7da9dc857f1ac57ddd3ad

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ghbtns.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 12:56:56 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'
content-encoding: gzip
x-ratelimit-used: 2
x-github-api-version-selected: 2022-11-28
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Wed, 27 Dec 2023 17:29:36 GMT
server: GitHub.com
x-github-request-id: C2A2:701C:815B7EB:10DFC0E7:6592B697
etag: W/"73e679d42b80b9bfb98e4aa54dc95f2d937d1b211719b44d5432bee0d83d0b53"
vary: Accept, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
cache-control: public, max-age=60, s-maxage=60
x-ratelimit-resource: core
x-ratelimit-reset: 1704117415
x-ratelimit-limit: 60
accept-ranges: bytes
x-ratelimit-remaining: 58

GET
DATA 200
OK truncated
/ Frame 906B 594 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d12cca00a99b01c0733bcf54b10d6e58973732bb7d46ac38df36464e8fa4cc2a

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 5EE7 594 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d12cca00a99b01c0733bcf54b10d6e58973732bb7d46ac38df36464e8fa4cc2a

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 201ms
64ms Font
font/woff2 2607:f8b0:4006:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://shipping.ewacode.work
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 07:51:34 GMT
x-content-type-options: nosniff
age: 450322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 Dec 2024 07:51:34 GMT

GET
H2 200 rP2Hp2yn6lkG50LoCZOIHQ.woff2
fonts.gstatic.com/s/satisfy/v21/ 22 KB
22 KB 289ms
159ms Font
font/woff2 2607:f8b0:4006:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/satisfy/v21/rP2Hp2yn6lkG50LoCZOIHQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Satisfy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a02009d2f95d79b62b95c6de12d6614bdb36bffa6d4e756db81ec1c51c5acc34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://shipping.ewacode.work
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 13:13:59 GMT
x-content-type-options: nosniff
age: 517377
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22652
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:43:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 25 Dec 2024 13:13:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.shipping.ewacode.work/	1970-01-20 17:23:20	Name: __cf_mw_byp Value: VUsud4K8PYlerSjV.rtAxJfXVmPpcBgzM4.gzd4MfNw-1704113810-0-/welcome
			shipping.ewacode.work/	1969-12-31 23:59:59	Name: PHPSESSID Value: cada3d5598cec5c9d5d016e47dba55a6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.github.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
ghbtns.com
shipping.ewacode.work
140.82.113.6
2606:4700:3032::6815:101c
2606:4700:3033::ac43:b20b
2606:4700:3035::6815:283e
2606:4700::6811:180e
2607:f8b0:4006:81d::2003
2607:f8b0:4006:822::200a
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
289d25d68f730e581e0a16b8bee8f63a061717973f8ac8c29ccf2ba8fed15adf
3379de026bb738a0409accff2da59963d0cd75801ebf7a33cd1f5ccd70f6b091
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
5a77b538d3bd92cadf1ba3ef418eb3796468f2669ccc99bf5f4400e66010bbd0
6aa51b17e2dbda1c96a14dba44841b7f99ce6b9fe01dadaf12439e56aafbb93d
729d143021117867cf4fdf31b3f321ad8455bdf338a4883299fcf7bb93db58bc
74410ad57ecfdf8c7d5de1459b50aedcca8296e65a45d1be01fd9835117e743a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d543bf1231cc57ae34696dffd445a8386a89a30b706d57b95d03e9c397bc5c7
84b7174e9a9105ab1e27c293cb7e50967737d7818b7b5b50a59ab4cc041e5405
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8c7d871cd8d18d36b2a21076144273f1a0390ebfc6bfff9c09a4d5a5b6cb9c07
a02009d2f95d79b62b95c6de12d6614bdb36bffa6d4e756db81ec1c51c5acc34
b6505a3dd35b7e95a5227412778b90e8c6faed44b5ccabd7ac2dfc67f479a06f
c91344457d16f174f07ac7254517a5cbef5ce598e4b7da9dc857f1ac57ddd3ad
d12cca00a99b01c0733bcf54b10d6e58973732bb7d46ac38df36464e8fa4cc2a
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
ea62216563585ae3e3be70cc867beeae7a2c3657515be64c74595a9a75374fc4
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f80cde2c26511d7269baf579727b1f327442c2634891c1376660ab3531ce5466

shipping.ewacode.work Open in urlscan Pro 2606:4700:3035::6815:283e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

87 %HTTPS

86 %IPv6

6 Domains

6 Subdomains

8 IPs

1 Countries

348 kBTransfer

660 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

shipping.ewacode.work Open in urlscan Pro
2606:4700:3035::6815:283e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

87 %
HTTPS

86 %
IPv6

6
Domains

6
Subdomains

8
IPs

1
Countries

348 kB
Transfer

660 kB
Size

2
Cookies

23 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!