urlscan.io logo urlscan.io
SecurityTrails logo

whats-chat.online Open in urlscan Pro
116.202.48.54  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://secureconv-dl.com/?a=25744&c=182015&s2=c87daff9994058448f0555bfd6f1546f-7568-0712
Effective URL: https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
Submission Tags: falconsandbox
Submission: On December 30 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 6 domains to perform 9 HTTP transactions. The main IP is 116.202.48.54, located in Germany and belongs to HETZNER-AS, DE. The main domain is whats-chat.online.
TLS certificate: Issued by R3 on December 16th 2020. Valid for: 3 months.
This is the only time whats-chat.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 2a05:d018:483... 16509 (AMAZON-02)
1 2a05:d018:483... 16509 (AMAZON-02)
1 3 108.163.203.126 32475 (SINGLEHOP...)
1 1 95.211.26.199 60781 (LEASEWEB-...)
4 116.202.48.54 24940 (HETZNER-AS)
1 67.212.173.74 32475 (SINGLEHOP...)
9 5
2    2a05:d018:483:6120:ce39:155b:1e0d:c9a8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
secureconv-dl.com
1    2a05:d018:483:6120:813f:12dd:7e10:98e6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
gdmconvtrck.com
3    108.163.203.126 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
now.bestflowingstuff.co
1    95.211.26.199 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
safe-click.pw
4    116.202.48.54 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.54.48.202.116.clients.your-server.de
whats-chat.online
1    67.212.173.74 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
new.message.surf
Domain Requested by
4 whats-chat.online now.bestflowingstuff.co
whats-chat.online
3 now.bestflowingstuff.co 1 redirects gdmconvtrck.com
now.bestflowingstuff.co
2 secureconv-dl.com 1 redirects
1 new.message.surf whats-chat.online
1 safe-click.pw 1 redirects
1 gdmconvtrck.com secureconv-dl.com
9 6

This site contains links to these domains. Also see Links.

Domain
click.vodzulu.club
Subject Issuer Validity Valid
now.bestflowingstuff.co
Let's Encrypt Authority X3		 2020-10-28 -
2021-01-26		 3 months crt.sh
whats-chat.online
R3		 2020-12-16 -
2021-03-16		 3 months crt.sh
new.message.surf
Let's Encrypt Authority X3		 2020-11-27 -
2021-02-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
Frame ID: 46C27A57F4CA275C77B833F770BE5207
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://secureconv-dl.com/?a=25744&c=182015&s2=c87daff9994058448f0555bfd6f1546f-7568-0712 Page URL
  2. http://secureconv-dl.com/?a=25744&c=110642&oc=27570&sr=t&so=60305&sc=10447044&rc=3_60305&s2=c87daff99... HTTP 302
    https://now.bestflowingstuff.co/?utm_medium=5cdf3f2e9bdd0f598699b1eebac2dca497745ad9&utm_campaign=mainstream... Page URL
  3. https://now.bestflowingstuff.co/?utm_term=6912035897630261582&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
  4. https://now.bestflowingstuff.co/proc.php?47a0b715b0a8a0d245d75615ed78b762a748f6c7 HTTP 302
    https://safe-click.pw/i/32739?cpc=0&cid=M6912035897630261582&pid=951&var10={var10}&creat=[[creativ... HTTP 302
    https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

9
Requests

78 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

5
IPs

4
Countries

46 kB
Transfer

55 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://secureconv-dl.com/?a=25744&c=182015&s2=c87daff9994058448f0555bfd6f1546f-7568-0712 Page URL
  2. http://secureconv-dl.com/?a=25744&c=110642&oc=27570&sr=t&so=60305&sc=10447044&rc=3_60305&s2=c87daff9994058448f0555bfd6f1546f-7568-0712&vt=1609333766904&h=8598b90e161d94363eb8ba07c27477ddd9c5c2d6&req=http%3A%2F%2Fsecureconv-dl.com%2F%3Fa%3D25744%26c%3D182015%26s2%3Dc87daff9994058448f0555bfd6f1546f-7568-0712&mt=13&us=fb0fc1acb8694b3b93df071bef7ddcf1 HTTP 302
    https://now.bestflowingstuff.co/?utm_medium=5cdf3f2e9bdd0f598699b1eebac2dca497745ad9&utm_campaign=mainstream&1=25744&cid=334890494cff430699117cceea1cfe835862 Page URL
  3. https://now.bestflowingstuff.co/?utm_term=6912035897630261582&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e Page URL
  4. https://now.bestflowingstuff.co/proc.php?47a0b715b0a8a0d245d75615ed78b762a748f6c7 HTTP 302
    https://safe-click.pw/i/32739?cpc=0&cid=M6912035897630261582&pid=951&var10={var10}&creat=[[creative_id]]&p=951-6893a55c&app=unknown HTTP 302
    https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://secureconv-dl.com/?a=25744&c=110642&oc=27570&sr=t&so=60305&sc=10447044&rc=3_60305&s2=c87daff9994058448f0555bfd6f1546f-7568-0712&vt=1609333766904&h=8598b90e161d94363eb8ba07c27477ddd9c5c2d6&req=http%3A%2F%2Fsecureconv-dl.com%2F%3Fa%3D25744%26c%3D182015%26s2%3Dc87daff9994058448f0555bfd6f1546f-7568-0712&mt=13&us=fb0fc1acb8694b3b93df071bef7ddcf1 HTTP 302
  • https://now.bestflowingstuff.co/?utm_medium=5cdf3f2e9bdd0f598699b1eebac2dca497745ad9&utm_campaign=mainstream&1=25744&cid=334890494cff430699117cceea1cfe835862

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
secureconv-dl.com/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://secureconv-dl.com/?a=25744&c=182015&s2=c87daff9994058448f0555bfd6f1546f-7568-0712
Protocol
HTTP/1.1
Server
2a05:d018:483:6120:ce39:155b:1e0d:c9a8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b144aeae7443ec9e9dc31f352187d1d9862d3176e498844c1025c2340f3136c3

Request headers

Host
secureconv-dl.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 30 Dec 2020 13:09:27 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Server
nginx
Vary
Accept-Encoding
Cache-Control
no-cache, must-revalidate
Pragma
no-cache
Expires
Sat, 1 May 2020 12:00:00 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
Content-Encoding
gzip
user
gdmconvtrck.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://gdmconvtrck.com/user?a=25744&c=110642
Requested by
Host: secureconv-dl.com
URL: http://secureconv-dl.com/?a=25744&c=182015&s2=c87daff9994058448f0555bfd6f1546f-7568-0712
Protocol
HTTP/1.1
Server
2a05:d018:483:6120:813f:12dd:7e10:98e6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
8b040c6e1e5e4f2b7478d557db5c112864edabc020864afd1bc15f4521891ed9

Request headers

Referer
http://secureconv-dl.com/?a=25744&c=182015&s2=c87daff9994058448f0555bfd6f1546f-7568-0712
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 30 Dec 2020 13:09:27 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
Content-Type
text/javascript;charset=utf-8
Access-Control-Allow-Origin
*, *
Cache-Control
no-cache, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
Expires
Sat, 1 May 2020 12:00:00 GMT
/
now.bestflowingstuff.co/
Redirect Chain
  • http://secureconv-dl.com/?a=25744&c=110642&oc=27570&sr=t&so=60305&sc=10447044&rc=3_60305&s2=c87daff9994058448f0555bfd6f1546f-7568-0712&vt=1609333766904&h=8598b90e161d94363eb8ba07c27477ddd9c5c2d6&re...
  • https://now.bestflowingstuff.co/?utm_medium=5cdf3f2e9bdd0f598699b1eebac2dca497745ad9&utm_campaign=mainstream&1=25744&cid=334890494cff430699117cceea1cfe835862
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://now.bestflowingstuff.co/?utm_medium=5cdf3f2e9bdd0f598699b1eebac2dca497745ad9&utm_campaign=mainstream&1=25744&cid=334890494cff430699117cceea1cfe835862
Requested by
Host: gdmconvtrck.com
URL: http://gdmconvtrck.com/user?a=25744&c=110642
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.163.203.126 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
423f809bb5ff353710f1c945c31d3cd936c376c5c7f428b200d1aa0d3c2b972d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
now.bestflowingstuff.co
:scheme
https
:path
/?utm_medium=5cdf3f2e9bdd0f598699b1eebac2dca497745ad9&utm_campaign=mainstream&1=25744&cid=334890494cff430699117cceea1cfe835862
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://secureconv-dl.com/?a=25744&c=182015&s2=c87daff9994058448f0555bfd6f1546f-7568-0712
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://secureconv-dl.com/?a=25744&c=182015&s2=c87daff9994058448f0555bfd6f1546f-7568-0712

Response headers

server
nginx
date
Wed, 30 Dec 2020 13:09:27 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=4b65d9dc099848696354b2abfdaa771b; expires=Thu, 30-Dec-2021 13:09:27 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip

Redirect headers

Date
Wed, 30 Dec 2020 13:09:27 GMT
Content-Type
text/html;charset=ISO-8859-1
Transfer-Encoding
chunked
Connection
keep-alive
Server
nginx
Set-Cookie
gdm_uid_v2_1_001=07PA9Kwp0Rnwrj0h71K8hi3A94jZmF9VmMiyKkvVfrSqUS/OTFIPQ9/I/huWxIUL; Expires=Tue, 30-Mar-2021 13:09:27 GMT; Path=/; Secure; SameSite=None gdm_click_adv_freq_v2_1_001=9aM1XGpWxsbm63MOQbJksKZUfGGopmFDezq6E4AGq+kp0HEW7SyHFQ6SerpATRgt; Expires=Tue, 30-Mar-2021 13:09:27 GMT; Path=/; Secure; SameSite=None gdm_sid_v1_3_001=axuMyaqWfNBBj32u7bBWsNVrN3sh7XltZxdelvmAaFQRI+tulwMGI3syhfMgcwNSPWMSxlKJIlg1BhNaHp3G6OQl7hyM2k5i4tCS97MyPgvvk4r8TV2vX3ep7uw4Ter/VlYPhnZV188NwUvF22wruXYLYFJtOFCKdF/GC3kmuE5JHMAsFEBxujVNtpAXC6aIvmFqpyaMlkfoD9pIr+CFZuXQ2dKbupiL4FN9wErhpJ+ajsuoppWOqtdvK1z1Wq7S9EPkfOVUw2Evy+q5GtMbQiEbcy5Y7k8z4XXtKEH9YfBtqVhJ9LlPI2Q/wWL5Lodtb8xqW6cGRhEERPUPn3pQgjwoxFLxwDWuR2F2bzcJS/Kvv/XIm9CPPnuwvGlNOyJx1Zy/juK5VI7wx3XzpVpHv5JTOopyETlqYsd264pLq20h7xIF77+Ood14P9qJnZ1bRgbmgKE54GmBoH53sxls7oiqWZyp0obLtGYacCB7LTKJV2ne3ELkEKKWPTRAKd1bK2I/hI5/lYy1pCh3ImzGCApM8s8qr0oPjMaRAprZ88UHkPPXmGonL4hV8sqqCDGftoAkRUEPUStrxBqJ4SMGzsqDQ9Xc9q8dJYxu2q7pTXu8JEZ+qq6SdCowiYLt2wIOOT74GBTU2aMmAMjIQ5FoIccozGVQeoR94z6IkG+CkNSzhKhUQbjNJPiY7Z/KyHNfh+8Ki33N/lTCTq8Q6HpzBhpw0g6jiXAbAhkleAt+wZSmcR0VK/S/G7EaJcamRZFLu0KVwkYKuAp+Zk7pjJYHM7gKi46jCRxTzmycCmhAeBytqaHaoEOHRBAcyDmnC5+iUFk+wkv/K/lm/W1zLeww8jCXrEHnD4erlwKxvu4Bcs6030WNVtM5g1gGA3M4YDqt3sVBGOl+vK/71gP/aN4rtm3JvVc2OmvL6bIxdo8Q5gEYSKNqhNtb2VyYZboA3DGpz5hI8zOwFQuxW/BrJvOB8WLxFU6MbU+Pzb8v+R4+x+/V5vFRLQlQqktdP2SPdGH44C/FPLqyKHQwNoY+tw+T3coW7I7ixr2X1PPrwoWYi1ERQw6SQ9A7ZX8DNHRCav6uGNYIjGGpM3gsnz24gQggssjnqzdtFro6MSnFj0yvUno=; Expires=Tue, 30-Mar-2021 13:09:27 GMT; Path=/ gdm_suid_v2_1_001=07PA9Kwp0Rnwrj0h71K8hi3A94jZmF9VmMiyKkvVfrSqUS/OTFIPQ9/I/huWxIUL; Expires=Tue, 30-Mar-2021 13:09:27 GMT; Path=/; Secure; SameSite=None gdm_suid_v1_1_001=07PA9Kwp0Rnwrj0h71K8hi3A94jZmF9VmMiyKkvVfrSqUS/OTFIPQ9/I/huWxIUL; Expires=Tue, 30-Mar-2021 13:09:27 GMT; Path=/ gdm_uid_v1_1_001=07PA9Kwp0Rnwrj0h71K8hi3A94jZmF9VmMiyKkvVfrSqUS/OTFIPQ9/I/huWxIUL; Expires=Tue, 30-Mar-2021 13:09:27 GMT; Path=/ gdm_sid_v2_3_001=axuMyaqWfNBBj32u7bBWsNVrN3sh7XltZxdelvmAaFQRI+tulwMGI3syhfMgcwNSPWMSxlKJIlg1BhNaHp3G6OQl7hyM2k5i4tCS97MyPgvvk4r8TV2vX3ep7uw4Ter/VlYPhnZV188NwUvF22wruXYLYFJtOFCKdF/GC3kmuE5JHMAsFEBxujVNtpAXC6aIvmFqpyaMlkfoD9pIr+CFZuXQ2dKbupiL4FN9wErhpJ+ajsuoppWOqtdvK1z1Wq7S9EPkfOVUw2Evy+q5GtMbQiEbcy5Y7k8z4XXtKEH9YfBtqVhJ9LlPI2Q/wWL5Lodtb8xqW6cGRhEERPUPn3pQgjwoxFLxwDWuR2F2bzcJS/Kvv/XIm9CPPnuwvGlNOyJx1Zy/juK5VI7wx3XzpVpHv5JTOopyETlqYsd264pLq20h7xIF77+Ood14P9qJnZ1bRgbmgKE54GmBoH53sxls7oiqWZyp0obLtGYacCB7LTKJV2ne3ELkEKKWPTRAKd1bK2I/hI5/lYy1pCh3ImzGCApM8s8qr0oPjMaRAprZ88UHkPPXmGonL4hV8sqqCDGftoAkRUEPUStrxBqJ4SMGzsqDQ9Xc9q8dJYxu2q7pTXu8JEZ+qq6SdCowiYLt2wIOOT74GBTU2aMmAMjIQ5FoIccozGVQeoR94z6IkG+CkNSzhKhUQbjNJPiY7Z/KyHNfh+8Ki33N/lTCTq8Q6HpzBhpw0g6jiXAbAhkleAt+wZSmcR0VK/S/G7EaJcamRZFLu0KVwkYKuAp+Zk7pjJYHM7gKi46jCRxTzmycCmhAeBytqaHaoEOHRBAcyDmnC5+iUFk+wkv/K/lm/W1zLeww8jCXrEHnD4erlwKxvu4Bcs6030WNVtM5g1gGA3M4YDqt3sVBGOl+vK/71gP/aN4rtm3JvVc2OmvL6bIxdo8Q5gEYSKNqhNtb2VyYZboA3DGpz5hI8zOwFQuxW/BrJvOB8WLxFU6MbU+Pzb8v+R4+x+/V5vFRLQlQqktdP2SPdGH44C/FPLqyKHQwNoY+tw+T3coW7I7ixr2X1PPrwoWYi1ERQw6SQ9A7ZX8DNHRCav6uGNYIjGGpM3gsnz24gQggssjnqzdtFro6MSnFj0yvUno=; Expires=Tue, 30-Mar-2021 13:09:27 GMT; Path=/; Secure; SameSite=None gdm_click_adv_freq_v1_1_001=9aM1XGpWxsbm63MOQbJksKZUfGGopmFDezq6E4AGq+kp0HEW7SyHFQ6SerpATRgt; Expires=Tue, 30-Mar-2021 13:09:27 GMT; Path=/
Location
https://now.bestflowingstuff.co/?utm_medium=5cdf3f2e9bdd0f598699b1eebac2dca497745ad9&utm_campaign=mainstream&1=25744&cid=334890494cff430699117cceea1cfe835862
Content-Language
en-US
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
/
now.bestflowingstuff.co/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://now.bestflowingstuff.co/?utm_term=6912035897630261582&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
Requested by
Host: now.bestflowingstuff.co
URL: https://now.bestflowingstuff.co/?utm_medium=5cdf3f2e9bdd0f598699b1eebac2dca497745ad9&utm_campaign=mainstream&1=25744&cid=334890494cff430699117cceea1cfe835862
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.163.203.126 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
e13583cd997b14e297f06d1c6234b78be599c55189fa01aab32ea20b16acc286
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
now.bestflowingstuff.co
:scheme
https
:path
/?utm_term=6912035897630261582&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://now.bestflowingstuff.co/?utm_medium=5cdf3f2e9bdd0f598699b1eebac2dca497745ad9&utm_campaign=mainstream&1=25744&cid=334890494cff430699117cceea1cfe835862
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
u=4b65d9dc099848696354b2abfdaa771b
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://now.bestflowingstuff.co/?utm_medium=5cdf3f2e9bdd0f598699b1eebac2dca497745ad9&utm_campaign=mainstream&1=25744&cid=334890494cff430699117cceea1cfe835862

Response headers

server
nginx
date
Wed, 30 Dec 2020 13:09:28 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
Primary Request click.php
whats-chat.online/
Redirect Chain
  • https://now.bestflowingstuff.co/proc.php?47a0b715b0a8a0d245d75615ed78b762a748f6c7
  • https://safe-click.pw/i/32739?cpc=0&cid=M6912035897630261582&pid=951&var10={var10}&creat=[[creative_id]]&p=951-6893a55c&app=unknown
  • https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
Requested by
Host: now.bestflowingstuff.co
URL: https://now.bestflowingstuff.co/?utm_term=6912035897630261582&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
116.202.48.54 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.54.48.202.116.clients.your-server.de
Software
nginx/1.16.1 /
Resource Hash
29f300d14ef2f0d1d709229453bf1e721f3a78faed7a3ae9352df024b5f1ef4e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
whats-chat.online
:scheme
https
:path
/click.php?key=z8ry8aqpiuyzg2ytzxie
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://now.bestflowingstuff.co/?utm_term=6912035897630261582&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://now.bestflowingstuff.co/?utm_term=6912035897630261582&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e#

Response headers

server
nginx/1.16.1
date
Wed, 30 Dec 2020 13:09:28 GMT
content-type
text/html; charset=utf-8
set-cookie
uclick=lp9zxs2t8n; expires=Thu, 31-Dec-2020 13:09:28 GMT; Max-Age=86400; path=/; SameSite=None; Secure; uclickhash=lp9zxs2t8n-lp9zxs2t8n-ntp2-0-ocik-7ve86o-7ve8dz-835e6b; expires=Thu, 31-Dec-2020 13:09:28 GMT; Max-Age=86400; path=/; SameSite=None; Secure;
strict-transport-security
max-age=31536000
content-encoding
gzip

Redirect headers

Server
nginx
Date
Wed, 30 Dec 2020 13:09:28 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=20
Set-Cookie
TRK_TRG=eJwlzLEKwjAQgOHYolakwoEPkMXRYkSxs0InB%2BngGkpylBuahFwK9u0tOvzLN%2FxCiGy%2FhowClPW5Uqe5ulLqAnmPHrKmhW3EnrzTxluEZdMeb1fYGErTX4pZXl0khpw4wOGNbmR5H5kcMsuHH4bRkenS%2FGD5pIESWtg5TJoDov1dSiiIdYj%2BM60WXxbxK5E%3D; expires=Thu, 31-Dec-2020 13:09:28 GMT; Max-Age=86400; path=/ TRK_TRU2=eJxjYGBgEuEQZC5NNBVUMDdMSzM1SU1KSUkyTDWwNEhLSjM0N06xNEs1MjYxSrYQZE0qSsxL4RVkzc1PSc3hFeRKKsovL04tis9MYWMU5IfxylKLijPz83gcQg4wgIAga34xSAm7IBeQAZdVcV8nUvXQQ5A7JbUsMzk1vqSyIJWNEQAB7ymP; expires=Thu, 31-Dec-2020 13:09:28 GMT; Max-Age=86400; path=/ trk_cpa_pixel=3f90a030-4aa0-11eb-828c-2335a97454eb; expires=Sun, 28-Feb-2021 13:09:28 GMT; Max-Age=5184000; path=/
Location
https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
Content-Encoding
gzip
Vary
Accept-Encoding
main.css
whats-chat.online/landers/fake_pinsub/index_files/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://whats-chat.online/landers/fake_pinsub/index_files/main.css
Requested by
Host: whats-chat.online
URL: https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
116.202.48.54 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.54.48.202.116.clients.your-server.de
Software
nginx/1.16.1 /
Resource Hash
a4539b78433671c2db5a4b4a65fbd07d8c0708cb69dff8397ae04ac049375131
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 30 Dec 2020 13:09:28 GMT
last-modified
Thu, 19 Nov 2020 21:27:59 GMT
server
nginx/1.16.1
etag
"5fb6e35f-c4e"
strict-transport-security
max-age=31536000
content-type
text/css
accept-ranges
bytes
content-length
3150
pub.min.js
new.message.surf/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://new.message.surf/js/pub.min.js
Requested by
Host: whats-chat.online
URL: https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.212.173.74 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
b0a79f2bd09a605d906f23c84884ecaf4cf9fee5f0286040e9a0f889d6790ca0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Referer
https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 30 Dec 2020 13:09:29 GMT
content-encoding
gzip
last-modified
Sat, 30 May 2020 23:48:22 GMT
server
nginx
etag
"5ed2f0c6-602"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
strict-transport-security
max-age=31536000; includeSubdomains;
content-length
1538
expires
Thu, 31 Dec 2020 13:09:29 GMT
loader.gif
whats-chat.online/landers/fake_pinsub/index_files/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whats-chat.online/landers/fake_pinsub/index_files/loader.gif
Requested by
Host: whats-chat.online
URL: https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
116.202.48.54 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.54.48.202.116.clients.your-server.de
Software
nginx/1.16.1 /
Resource Hash
62dcd08effb37fa0382550907dfdb41616d85d413c664910c345e60133119b5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 30 Dec 2020 13:09:28 GMT
last-modified
Thu, 19 Nov 2020 21:27:59 GMT
server
nginx/1.16.1
etag
"5fb6e35f-6c19"
strict-transport-security
max-age=31536000
content-type
image/gif
accept-ranges
bytes
content-length
27673
Next-Button-128.png
whats-chat.online/landers/fake_pinsub/index_files/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://whats-chat.online/landers/fake_pinsub/index_files/Next-Button-128.png
Requested by
Host: whats-chat.online
URL: https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
116.202.48.54 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.54.48.202.116.clients.your-server.de
Software
nginx/1.16.1 /
Resource Hash
26b756eefebb6bad8e47ed0f17a3a96bcd3c901c78fd5059016a8776252473b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://whats-chat.online/click.php?key=z8ry8aqpiuyzg2ytzxie
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 30 Dec 2020 13:09:28 GMT
last-modified
Thu, 19 Nov 2020 21:27:59 GMT
server
nginx/1.16.1
etag
"5fb6e35f-1354"
strict-transport-security
max-age=31536000
content-type
image/png
accept-ranges
bytes
content-length
4948

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| pm_pid

2 Cookies

Domain/Path Name / Value
whats-chat.online/ Name: uclickhash
Value: lp9zxs2t8n-lp9zxs2t8n-ntp2-0-ocik-7ve86o-7ve8dz-835e6b
whats-chat.online/ Name: uclick
Value: lp9zxs2t8n