umqx.wowoffersnow.com Open in urlscan Pro
45.147.195.5 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dirdigta.com/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/589t13
Effective URL:
https://umqx.wowoffersnow.com/t/8f0d93c8664e/2070aa62-8baa-11ee-80af-bbceb498b28d/20935738-8baa-11ee-807c-f119b88fbec5
Submission: On November 25 via api (November 25th 2023, 3:48:53 pm UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 8 domains to perform 16 HTTP transactions. The main IP is 45.147.195.5, located in and belongs to . The main domain is umqx.wowoffersnow.com.
TLS certificate: Issued by R3 on October 29th 2023. Valid for: 3 months.

This is the only time umqx.wowoffersnow.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	85.121.170.101 85.121.170.101	9009 (M247) (M247)
1 1	35.189.245.169 35.189.245.169	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	34.76.189.27 34.76.189.27	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	178.62.124.21 178.62.124.21	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 2	45.147.195.5 45.147.195.5	() ()
16	4

2 85.121.170.101 (Budapest, Hungary)

ASN9009 (M247, RO)

dirdigta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.189.245.169 (Brussels, Belgium) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 169.245.189.35.bc.googleusercontent.com

twice-best.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.76.189.27 (Brussels, Belgium) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 27.189.76.34.bc.googleusercontent.com

wavingtrackroute.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.62.124.21 (Slough, United Kingdom) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

hamealo.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.147.195.5 (None, ) 1 redirects

ASN- ()

umqx.quickredir.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
umqx.wowoffersnow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	hamealo.info 1 redirects hamealo.info	983 B
2	dirdigta.com dirdigta.com	1 KB
1	wowoffersnow.com umqx.wowoffersnow.com
1	quickredir.com 1 redirects umqx.quickredir.com	704 B
1	wavingtrackroute.com 1 redirects wavingtrackroute.com	756 B
1	twice-best.com 1 redirects twice-best.com	294 B
0	jquery.com Failed code.jquery.com Failed
0	googleapis.com Failed fonts.googleapis.com Failed ajax.googleapis.com Failed
16	8

	Domain	Requested by
2	hamealo.info	1 redirects dirdigta.com
2	dirdigta.com	dirdigta.com
1	umqx.wowoffersnow.com	umqx.wowoffersnow.com
1	umqx.quickredir.com	1 redirects
1	wavingtrackroute.com	1 redirects
1	twice-best.com	1 redirects
0	code.jquery.com Failed	umqx.wowoffersnow.com
0	ajax.googleapis.com Failed	umqx.wowoffersnow.com
0	fonts.googleapis.com Failed	umqx.wowoffersnow.com
16	9

This site contains no links.

Subject Issuer	Validity	Valid
hamealo.info R3	`2023-09-14` - `2023-12-13`	3 months	crt.sh
wowoffersnow.com R3	`2023-10-29` - `2024-01-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://umqx.wowoffersnow.com/t/8f0d93c8664e/2070aa62-8baa-11ee-80af-bbceb498b28d/20935738-8baa-11ee-807c-f119b88fbec5
Frame ID: CBC7DAE3D4C173DF102F3FA83951BBD3
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://dirdigta.com/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/589t13 Page URL
http://dirdigta.com/t/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/589t13 Page URL
https://twice-best.com/?a=3196&oc=18705&c=50675&m=3&s1=13&s2=889-20080&s3=297-78254-589 HTTP 302
https://wavingtrackroute.com/?a=3196&oc=18705&c=50675&m=3&s1=13&s2=889-20080&s3=297-78254-589&ckmguid=19c... HTTP 302
https://hamealo.info/ck2bl3k.php?key=des1x02ohohpr9sau7si&t1=339030712&t2=3196 HTTP 302
https://hamealo.info/nlp/index.php?kw=339030712&s1=9bdb68rktpmi491e&url_bnm_redirect=https://umqx... Page URL
https://umqx.quickredir.com/?kw=339030712&s1=9bdb68rktpmi491e HTTP 302
https://umqx.wowoffersnow.com/t/8f0d93c8664e/2070aa62-8baa-11ee-80af-bbceb498b28d/20935738-8baa-11ee-807c-... Page URL

Page Statistics

16
Requests

13 %
HTTPS

0 %
IPv6

8
Domains

9
Subdomains

4
IPs

3
Countries

2 kB
Transfer

16 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dirdigta.com/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/589t13 Page URL
http://dirdigta.com/t/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/589t13 Page URL
https://twice-best.com/?a=3196&oc=18705&c=50675&m=3&s1=13&s2=889-20080&s3=297-78254-589 HTTP 302
https://wavingtrackroute.com/?a=3196&oc=18705&c=50675&m=3&s1=13&s2=889-20080&s3=297-78254-589&ckmguid=19c6a8d3-6ab6-4f89-9916-84aa3d0f0861 HTTP 302
https://hamealo.info/ck2bl3k.php?key=des1x02ohohpr9sau7si&t1=339030712&t2=3196 HTTP 302
https://hamealo.info/nlp/index.php?kw=339030712&s1=9bdb68rktpmi491e&url_bnm_redirect=https://umqx.quickredir.com/ Page URL
https://umqx.quickredir.com/?kw=339030712&s1=9bdb68rktpmi491e HTTP 302
https://umqx.wowoffersnow.com/t/8f0d93c8664e/2070aa62-8baa-11ee-80af-bbceb498b28d/20935738-8baa-11ee-807c-f119b88fbec5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://twice-best.com/?a=3196&oc=18705&c=50675&m=3&s1=13&s2=889-20080&s3=297-78254-589 HTTP 302
https://wavingtrackroute.com/?a=3196&oc=18705&c=50675&m=3&s1=13&s2=889-20080&s3=297-78254-589&ckmguid=19c6a8d3-6ab6-4f89-9916-84aa3d0f0861 HTTP 302
https://hamealo.info/ck2bl3k.php?key=des1x02ohohpr9sau7si&t1=339030712&t2=3196 HTTP 302
https://hamealo.info/nlp/index.php?kw=339030712&s1=9bdb68rktpmi491e&url_bnm_redirect=https://umqx.quickredir.com/

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK 589t13 Show response
dirdigta.com/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/ 458 B
712 B 191ms
165ms Document
text/html 85.121.170.101
M247

General

Check archive.org

Show headers Download Go to

Full URL: http://dirdigta.com/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/589t13
Protocol: HTTP/1.1
Server: 85.121.170.101 Budapest, Hungary, ASN9009 (M247, RO),
Reverse DNS
Software: /
Resource Hash: 0f3a07f36d6bddee418f7d7548bc165b09817e10764a359d2773388cdec9ff8a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 458
Content-Type: text/html; charset=utf-8
Date: Sat, 25 Nov 2023 15:48:45 GMT
X-Address: gin_throttle_mw_3600000000_31.133.93.105
X-Ratelimit-Limit: 1000
X-Ratelimit-Remaining: 999
X-Ratelimit-Reset: 1700930925

GET
H/1.1 200
OK 589t13 Show response
dirdigta.com/t/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/ 300 B
554 B 235ms
234ms Document
text/html 85.121.170.101
M247

General

Check archive.org

Show headers Download Go to

Full URL: http://dirdigta.com/t/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/589t13
Requested by: Host: dirdigta.com
URL: http://dirdigta.com/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/589t13
Protocol: HTTP/1.1
Server: 85.121.170.101 Budapest, Hungary, ASN9009 (M247, RO),
Reverse DNS
Software: /
Resource Hash: 70ea13839872f5dd011856d7762aa6c421f62f03d159d9049da24e2eb9c21a0e

Request headers

Referer: http://dirdigta.com/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/589t13
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 300
Content-Type: text/html; charset=utf-8
Date: Sat, 25 Nov 2023 15:48:46 GMT
X-Address: gin_throttle_mw_3600000000_31.133.93.105
X-Ratelimit-Limit: 1000
X-Ratelimit-Remaining: 998
X-Ratelimit-Reset: 1700930925

GET
H/1.1

200
OK

index.php Show response
hamealo.info/nlp/
Redirect Chain

https://twice-best.com/?a=3196&oc=18705&c=50675&m=3&s1=13&s2=889-20080&s3=297-78254-589
https://wavingtrackroute.com/?a=3196&oc=18705&c=50675&m=3&s1=13&s2=889-20080&s3=297-78254-589&ckmguid=19c6a8d3-6ab6-4f89-9916-84aa3d0f0861
https://hamealo.info/ck2bl3k.php?key=des1x02ohohpr9sau7si&t1=339030712&t2=3196
https://hamealo.info/nlp/index.php?kw=339030712&s1=9bdb68rktpmi491e&url_bnm_redirect=https://umqx.quickredir.com/

106 B
372 B

60ms
60ms

Document
text/html

178.62.124.21
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://hamealo.info/nlp/index.php?kw=339030712&s1=9bdb68rktpmi491e&url_bnm_redirect=https://umqx.quickredir.com/

Requested by

Host: dirdigta.com
URL: http://dirdigta.com/t/4BWtdD20080Okkj889gukznlmifz297ATXYBSOXYSCNSJP78254/589t13

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

178.62.124.21 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.22.0 /

Resource Hash

a29441b2beb3976e338af9f8097f5926cd6e784f7b47bea4b694e79b70cffdcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://dirdigta.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sat, 25 Nov 2023 15:48:48 GMT
Server: nginx/1.22.0
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 25 Nov 2023 15:48:48 GMT
Location: https://hamealo.info/nlp/index.php?kw=339030712&s1=9bdb68rktpmi491e&url_bnm_redirect=https://umqx.quickredir.com/
Server: nginx/1.22.0
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked

GET
H2

200

Primary Request 20935738-8baa-11ee-807c-f119b88fbec5
umqx.wowoffersnow.com/t/8f0d93c8664e/2070aa62-8baa-11ee-80af-bbceb498b28d/
Redirect Chain

https://umqx.quickredir.com/?kw=339030712&s1=9bdb68rktpmi491e
https://umqx.wowoffersnow.com/t/8f0d93c8664e/2070aa62-8baa-11ee-80af-bbceb498b28d/20935738-8baa-11ee-807c-f119b88fbec5

15 KB
0

2943ms
1283ms

Document
text/html

45.147.195.5

General

Check archive.org

Show headers Download Go to

Full URL

https://umqx.wowoffersnow.com/t/8f0d93c8664e/2070aa62-8baa-11ee-80af-bbceb498b28d/20935738-8baa-11ee-807c-f119b88fbec5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

45.147.195.5 -, , ASN (),

Reverse DNS

Software

swoole-http-server /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://hamealo.info/nlp/index.php?kw=339030712&s1=9bdb68rktpmi491e&url_bnm_redirect=https://umqx.quickredir.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, private
content-encoding: br
content-length: 4725
content-type: text/html; charset=UTF-8
date: Sat, 25 Nov 2023 15:48:52 GMT
server: swoole-http-server
strict-transport-security: max-age=15768000
x-redir: true

Redirect headers

cache-control: no-cache, private
content-encoding: br
content-length: 281
content-type: text/html; charset=UTF-8
date: Sat, 25 Nov 2023 15:48:50 GMT
location: https://umqx.wowoffersnow.com/t/8f0d93c8664e/2070aa62-8baa-11ee-80af-bbceb498b28d/20935738-8baa-11ee-807c-f119b88fbec5
server: swoole-http-server
strict-transport-security: max-age=15768000
x-redir: true

GET css
fonts.googleapis.com/ 0
0

GET style.css
umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/css/ 0
0

GET jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ 0
0

GET app-3da586c4.css
umqx.wowoffersnow.com/build/assets/ 0
0

GET overlay.png
umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/ 0
0

GET overlay2.png
umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/ 0
0

GET euro_reel.fs8.png
umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/ 0
0

GET spin1.png
umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/ 0
0

GET spin2.png
umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/ 0
0

GET loader.gif
umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/ 0
0

GET jquery-1.11.3.min.js
code.jquery.com/ 0
0

GET livewire.js
umqx.wowoffersnow.com/livewire/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed%7COpen+Sans:400,700

Domain: umqx.wowoffersnow.com
URL: https://umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/css/style.css

Domain: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

Domain: umqx.wowoffersnow.com
URL: https://umqx.wowoffersnow.com/build/assets/app-3da586c4.css

Domain: umqx.wowoffersnow.com
URL: https://umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/overlay.png

Domain: umqx.wowoffersnow.com
URL: https://umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/overlay2.png

Domain: umqx.wowoffersnow.com
URL: https://umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/euro_reel.fs8.png

Domain: umqx.wowoffersnow.com
URL: https://umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/spin1.png

Domain: umqx.wowoffersnow.com
URL: https://umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/spin2.png

Domain: umqx.wowoffersnow.com
URL: https://umqx.wowoffersnow.com/templates/templates/spin-casino_MASTER/images/loader.gif

Domain: code.jquery.com
URL: https://code.jquery.com/jquery-1.11.3.min.js

Domain: umqx.wowoffersnow.com
URL: https://umqx.wowoffersnow.com/livewire/livewire.js?id=90730a3b0e7144480175

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.wavingtrackroute.com/	1969-12-31 23:59:59	Name: som Value: SeJcBH2oFFG20omSiWvkV1NX0DM6EUHe/mfWnGsAEwi+lHAX0FnUMQ==
.wavingtrackroute.com/	1970-01-21 02:04:47	Name: tm Value: q+WofWogoEu20omSiWvkV1NX0DM6EUHe/mfWnGsAEwi+lHAX0FnUMQ==
.wavingtrackroute.com/	1970-01-20 17:11:59	Name: c12659 Value: SeJcBH2oFFGyWSpjsVoTC0cBz5o2BbqXOBEZ/PJ96ujCzy7Fs41EUQ==
hamealo.info/	1970-01-20 16:30:13	Name: uclick Value: 8rktpmi4
hamealo.info/	1970-01-20 16:30:13	Name: uclickhash Value: 8rktpmi4-8rktpmi4-my-0-7vvr-1ndz-vc8n-ea45e9

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
code.jquery.com
dirdigta.com
fonts.googleapis.com
hamealo.info
twice-best.com
umqx.quickredir.com
umqx.wowoffersnow.com
wavingtrackroute.com
ajax.googleapis.com
code.jquery.com
fonts.googleapis.com
umqx.wowoffersnow.com
178.62.124.21
34.76.189.27
35.189.245.169
45.147.195.5
85.121.170.101
0f3a07f36d6bddee418f7d7548bc165b09817e10764a359d2773388cdec9ff8a
70ea13839872f5dd011856d7762aa6c421f62f03d159d9049da24e2eb9c21a0e
a29441b2beb3976e338af9f8097f5926cd6e784f7b47bea4b694e79b70cffdcb

umqx.wowoffersnow.com Open in urlscan Pro 45.147.195.5 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

16 Requests

13 %HTTPS

0 %IPv6

8 Domains

9 Subdomains

4 IPs

3 Countries

2 kBTransfer

16 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

5 Cookies

Indicators

umqx.wowoffersnow.com Open in urlscan Pro
45.147.195.5 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

13 %
HTTPS

0 %
IPv6

8
Domains

9
Subdomains

4
IPs

3
Countries

2 kB
Transfer

16 kB
Size

5
Cookies

16 HTTP transactions
0 data transactions