urlscan.io logo urlscan.io
SecurityTrails logo

green.rwe-twe.com Open in urlscan Pro
108.178.23.115  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://url3.site/ssc/?jo=6977702
Effective URL: https://green.rwe-twe.com/proc.php?6533567225ad56f8319985a8fa3ca0670c4c71aa
Submission: On September 27 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 8 HTTP transactions. The main IP is 108.178.23.115, located in Chicago, United States and belongs to SINGLEHOP-LLC, US. The main domain is green.rwe-twe.com.
TLS certificate: Issued by R3 on September 25th 2023. Valid for: 3 months.
This is the only time green.rwe-twe.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 66.29.132.160 22612 (NAMECHEAP...)
1 185.66.201.42 201702 (SKHOSTING-EU)
1 2a00:1450:400... 15169 (GOOGLE)
1 185.66.201.8 201702 (SKHOSTING-EU)
2 108.178.23.115 32475 (SINGLEHOP...)
8 6
2    66.29.132.160 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server341-4.web-hosting.com
url3.site
1    185.66.201.42 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: affilist.com
qoaaa.com
1    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    185.66.201.8 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.201.8.skhosting.eu
q-w-c.click
2    108.178.23.115 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
green.rwe-twe.com
Apex Domain
Subdomains		 Transfer
2 rwe-twe.com
green.rwe-twe.com
3 KB
2 url3.site
url3.site
817 B
1 q-w-c.click
q-w-c.click
355 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 96
21 KB
1 qoaaa.com
qoaaa.com — Cisco Umbrella Rank: 504875
1007 B
0 qozf.sbs Failed
v7183.qozf.sbs Failed
8 6
Domain Requested by
2 green.rwe-twe.com q-w-c.click
green.rwe-twe.com
2 url3.site 1 redirects
1 q-w-c.click qoaaa.com
1 www.google-analytics.com qoaaa.com
www.google-analytics.com
1 qoaaa.com url3.site
0 v7183.qozf.sbs Failed green.rwe-twe.com
8 6

This site contains no links.

Subject Issuer Validity Valid
url3.site
Sectigo RSA Domain Validation Secure Server CA		 2023-08-01 -
2024-08-01		 a year crt.sh
qoaaa.com
R3		 2023-08-02 -
2023-10-31		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
q-w-c.click
R3		 2023-09-26 -
2023-12-25		 3 months crt.sh
green.rwe-twe.com
R3		 2023-09-25 -
2023-12-24		 3 months crt.sh

This page contains 1 frames:

Frame: https://v7183.qozf.sbs/go.php?ad=dpmly88mjyqsa7zl6x30&sid=M7283498049874165905&pub=21977&pid=21977-a2927fc0&c=0&app=unknown&br=Chrome&os=[[os]]&d=Google+Chrome&ca=DE+WiFi&a=0
Frame ID: FE924351D5B733FA5F648CAC363381AB
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Click "Allow" To Continue

Page URL History Show full URLs

  1. http://url3.site/ssc/?jo=6977702 HTTP 301
    https://url3.site/ssc/?jo=6977702 Page URL
  2. https://qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/?placementName=default Page URL
  3. https://q-w-c.click/go.php?go=https%3A%2F%2Fgreen.rwe-twe.com%2F%3Futm_medium%3D1c8a39bdc24f9bf0... Page URL
  4. https://green.rwe-twe.com/?utm_medium=1c8a39bdc24f9bf01a896823c2517f52e2f1f505&utm_campaign=smart2&1=2... Page URL
  5. https://green.rwe-twe.com/proc.php?6533567225ad56f8319985a8fa3ca0670c4c71aa Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

8
Requests

75 %
HTTPS

20 %
IPv6

6
Domains

6
Subdomains

6
IPs

3
Countries

26 kB
Transfer

62 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://url3.site/ssc/?jo=6977702 HTTP 301
    https://url3.site/ssc/?jo=6977702 Page URL
  2. https://qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/?placementName=default Page URL
  3. https://q-w-c.click/go.php?go=https%3A%2F%2Fgreen.rwe-twe.com%2F%3Futm_medium%3D1c8a39bdc24f9bf01a896823c2517f52e2f1f505%26utm_campaign%3Dsmart2%261%3D29780095%26cid%3D90affC1695821539aff2a4352c777091a273a555%26np%3D1&do=19c66a9a6e2ee7f53a67c776d218a399 Page URL
  4. https://green.rwe-twe.com/?utm_medium=1c8a39bdc24f9bf01a896823c2517f52e2f1f505&utm_campaign=smart2&1=29780095&cid=90affC1695821539aff2a4352c777091a273a555&np=1 Page URL
  5. https://green.rwe-twe.com/proc.php?6533567225ad56f8319985a8fa3ca0670c4c71aa Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://url3.site/ssc/?jo=6977702 HTTP 301
  • https://url3.site/ssc/?jo=6977702

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
url3.site/ssc/
Redirect Chain
  • http://url3.site/ssc/?jo=6977702
  • https://url3.site/ssc/?jo=6977702
864 B
573 B 		Document
General
Check archive.org
Download Go to
Full URL
https://url3.site/ssc/?jo=6977702
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.29.132.160 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server341-4.web-hosting.com
Software
LiteSpeed / PHP/8.0.30
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-length
404
content-type
text/html; charset=UTF-8
date
Wed, 27 Sep 2023 13:32:18 GMT
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/8.0.30
x-turbo-charged-by
LiteSpeed

Redirect headers

content-length
707
content-type
text/html
date
Wed, 27 Sep 2023 13:32:18 GMT
keep-alive
timeout=5, max=100
location
https://url3.site/ssc/?jo=6977702
server
LiteSpeed
x-turbo-charged-by
LiteSpeed
/
qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/ 		1 KB
1007 B 		Document
General
Check archive.org
Download Go to
Full URL
https://qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/?placementName=default
Requested by
Host: url3.site
URL: https://url3.site/ssc/?jo=6977702
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.66.201.42 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
affilist.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://url3.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 27 Sep 2023 13:32:19 GMT
expires
Sun, 01 Jan 2014 00:00:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
x-robots-tag
noindex,nofollow
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: qoaaa.com
URL: https://qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/?placementName=default
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qoaaa.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 27 Sep 2023 11:44:21 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
6478
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 27 Sep 2023 13:44:21 GMT
go.php
q-w-c.click/ 		649 B
355 B 		Document
General
Check archive.org
Download Go to
Full URL
https://q-w-c.click/go.php?go=https%3A%2F%2Fgreen.rwe-twe.com%2F%3Futm_medium%3D1c8a39bdc24f9bf01a896823c2517f52e2f1f505%26utm_campaign%3Dsmart2%261%3D29780095%26cid%3D90affC1695821539aff2a4352c777091a273a555%26np%3D1&do=19c66a9a6e2ee7f53a67c776d218a399
Requested by
Host: qoaaa.com
URL: https://qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/?placementName=default
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.66.201.8 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.201.8.skhosting.eu
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://qoaaa.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 27 Sep 2023 13:32:19 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
collect
www.google-analytics.com/j/ 		0
0
/
green.rwe-twe.com/ 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://green.rwe-twe.com/?utm_medium=1c8a39bdc24f9bf01a896823c2517f52e2f1f505&utm_campaign=smart2&1=29780095&cid=90affC1695821539aff2a4352c777091a273a555&np=1
Requested by
Host: q-w-c.click
URL: https://q-w-c.click/go.php?go=https%3A%2F%2Fgreen.rwe-twe.com%2F%3Futm_medium%3D1c8a39bdc24f9bf01a896823c2517f52e2f1f505%26utm_campaign%3Dsmart2%261%3D29780095%26cid%3D90affC1695821539aff2a4352c777091a273a555%26np%3D1&do=19c66a9a6e2ee7f53a67c776d218a399
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.178.23.115 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
72c3cae9c2bc920514f62648dc5b0e34d1df429c7d2971a8fd3b6a51a984b3c4

Request headers

Referer
https://q-w-c.click/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 27 Sep 2023 13:32:19 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
Primary Request proc.php
green.rwe-twe.com/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://green.rwe-twe.com/proc.php?6533567225ad56f8319985a8fa3ca0670c4c71aa
Requested by
Host: green.rwe-twe.com
URL: https://green.rwe-twe.com/?utm_medium=1c8a39bdc24f9bf01a896823c2517f52e2f1f505&utm_campaign=smart2&1=29780095&cid=90affC1695821539aff2a4352c777091a273a555&np=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.178.23.115 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Referer
https://green.rwe-twe.com/?utm_medium=1c8a39bdc24f9bf01a896823c2517f52e2f1f505&utm_campaign=smart2&1=29780095&cid=90affC1695821539aff2a4352c777091a273a555&np=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 27 Sep 2023 13:32:24 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://v7183.qozf.sbs/go.php?ad=dpmly88mjyqsa7zl6x30&sid=M7283498049874165905&pub=21977&pid=21977-a2927fc0&c=0&app=unknown&br=Chrome&os=[[os]]&d=Google+Chrome&ca=DE+WiFi&a=0
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
go.php
v7183.qozf.sbs/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google-analytics.com
URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2086191253&t=pageview&_s=1&dl=https%3A%2F%2Fqoaaa.com%2F7bcdeb18c7204bbf7d66%2Fdbd8ebb4a8%2F%3FplacementName%3Ddefault&dr=https%3A%2F%2Furl3.site%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=783670605&gjid=671272182&cid=1230714134.1695821539&tid=UA-68398243-1&_gid=2117254612.1695821539&_r=1&_slc=1&z=151278601
Domain
v7183.qozf.sbs
URL
https://v7183.qozf.sbs/go.php?ad=dpmly88mjyqsa7zl6x30&sid=M7283498049874165905&pub=21977&pid=21977-a2927fc0&c=0&app=unknown&br=Chrome&os=[[os]]&d=Google+Chrome&ca=DE+WiFi&a=0

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture string| pm_appKey function| pm_denyAction string| pm_tag function| pm_allowAction

6 Cookies

Domain/Path Name / Value
qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8 Name: shown1
Value: 0
qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8 Name: total_impressions
Value: 1
qoaaa.com/ Name: used_ad2938216
Value: 1
.qoaaa.com/ Name: _ga
Value: GA1.2.1230714134.1695821539
.qoaaa.com/ Name: _gid
Value: GA1.2.2117254612.1695821539
.qoaaa.com/ Name: _gat
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

green.rwe-twe.com
q-w-c.click
qoaaa.com
url3.site
v7183.qozf.sbs
www.google-analytics.com
v7183.qozf.sbs
www.google-analytics.com
108.178.23.115
185.66.201.42
185.66.201.8
2a00:1450:4001:800::200e
66.29.132.160
72c3cae9c2bc920514f62648dc5b0e34d1df429c7d2971a8fd3b6a51a984b3c4