![](/screenshots/488c97f0-008a-4aff-8594-8f23c97ca102.png)
waterx.download
Open in
urlscan Pro
149.50.219.191
Public Scan
Submission: On February 04 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on January 29th 2024. Valid for: 3 months.
This is the only time waterx.download was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 149.50.219.191 149.50.219.191 | 212238 (CDNEXT) (CDNEXT) | |
1 | 172.217.18.8 172.217.18.8 | 15169 (GOOGLE) (GOOGLE) | |
3 | 18.66.121.73 18.66.121.73 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 216.239.34.36 216.239.34.36 | () () | |
6 | 188.114.96.3 188.114.96.3 | () () | |
3 | 18.65.39.66 18.65.39.66 | () () | |
1 | 157.240.253.35 157.240.253.35 | () () | |
23 | 8 |
ASN212238 (CDNEXT, GB)
PTR: unn-149-50-219-191.datapacket.com
waterx.download |
ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f8.1e100.net
www.googletagmanager.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-121-73.fra60.r.cloudfront.net
d1lnjzqqshwcwg.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
waterx.download
waterx.download |
3 MB |
4 |
pogothere.xyz
pogothere.xyz |
202 KB |
3 |
angelsaidthe.info
angelsaidthe.info |
3 KB |
3 |
cloudfront.net
d1lnjzqqshwcwg.cloudfront.net |
108 KB |
2 |
hoatebilaterdea.info
hoatebilaterdea.info |
803 B |
1 |
facebook.com
www.facebook.com |
|
1 |
google-analytics.com
region1.google-analytics.com |
254 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37 |
92 KB |
0 |
google.com
Failed
accounts.google.com Failed |
|
0 |
nexuspipe.com
Failed
fonts.nexuspipe.com Failed |
|
23 | 10 |
Domain | Requested by | |
---|---|---|
5 | waterx.download |
waterx.download
|
4 | pogothere.xyz |
d1lnjzqqshwcwg.cloudfront.net
|
3 | angelsaidthe.info |
d1lnjzqqshwcwg.cloudfront.net
|
3 | d1lnjzqqshwcwg.cloudfront.net |
waterx.download
angelsaidthe.info |
2 | hoatebilaterdea.info |
waterx.download
|
1 | www.facebook.com |
waterx.download
|
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | www.googletagmanager.com |
waterx.download
|
0 | accounts.google.com Failed |
waterx.download
|
0 | fonts.nexuspipe.com Failed |
waterx.download
|
23 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
waterx.download R3 |
2024-01-29 - 2024-04-28 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
pogothere.xyz GTS CA 1P5 |
2024-01-27 - 2024-04-26 |
3 months | crt.sh |
angelsaidthe.info Amazon RSA 2048 M03 |
2024-01-31 - 2025-02-28 |
a year | crt.sh |
hoatebilaterdea.info GTS CA 1P5 |
2024-01-31 - 2024-04-30 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2023-11-13 - 2024-02-11 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://waterx.download/
Frame ID: 0D2DA69784865A598882F454FD08BFF5
Requests: 21 HTTP requests in this frame
Frame:
https://angelsaidthe.info/ZUJVZ24EIDYKUQR/N0EbFy5oQlwjZ2chClQuOw0UFDMmDxkGNTJJDQktIAMIFy07E0ALJyFCXCMGDFceKyNnIi8vERgpNg0hPyw4PxsDPx5VGhM1KCwGYSIqHQxmJhkONRwOPyMHOQBZBwY+NSwzd2EGGQYDETRfEhYENiAuGhcGPBILICtfPxQHM1pcABQXCy44PiotEgc8KC8CBhIwGVEBORAhLxY2JCo0eicGKA4sAwo8XBY5KTo8KDokKhIhOSgGDQcAPwEPCmU1PAAsLQU6VAwjAQcJBwA/AVMDMl44Ay89PidVGGEBPCsaA1UgChUDIi0qKHhXJicABBEiEgMcIVxcZ2chIjMQBAE5KxsDVzRRJAAqJSY4YQAsVRAHJDkNGAA2Vg8IMlIrMBo6FioCCxwtOTcNAFYjFQgHDCEhK2wIOTYmBgImHQQAMl9dJBNWOTEaIUJcJxc+NTwAKGEsLBILYS0rUBYfP1dAcBc/K1wTMyAdABoTLkgPMToJHlgMNzYvCwosXjY
Frame ID: F485FDF71997379BC07176449CE65D9C
Requests: 2 HTTP requests in this frame
Screenshot
![](/screenshots/488c97f0-008a-4aff-8594-8f23c97ca102.png)
Detected technologies
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
- https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp1OdDw0waiQbCaVLkofwLJJa6xtekxGJ9J1_Cn5RqOaXEspUY0XCoX19Eb3206l1QQ8fkb5Xw
- https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
- https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0lTQYPtWuhGasI0HXqpRPL5UWOrVfFq4wB2AFZf5xgxtlqCalMInKtGQOBuBeDxJPbJ468Bg
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
waterx.download/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
fonts.nexuspipe.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
waterx.download/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
278 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
d1lnjzqqshwcwg.cloudfront.net/ |
164 KB 54 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WaterXLogo.png
waterx.download/ |
46 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phantomforces.png
waterx.download/ |
807 KB 808 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bloxfruits.png
waterx.download/ |
2 MB 2 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 254 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asd100.bin
pogothere.xyz/ |
100 KB 100 KB |
Fetch
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
pogothere.xyz/ |
27 B 347 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utx
angelsaidthe.info/ |
0 537 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UkVGbk19eiUdcDF3NhsbOTUCOXxnKyVeGzQdATQ3ASkyDBQKdWAaJDZ4f1h9a3JzSD07IXtfayExJxo4IXh3SCQ8IylTayR4d0B+Zmt1WmNiYzNTfHQxNg8qb3RgHjkmKXtfemJydlh+Z3J0Wn5n
hoatebilaterdea.info/ |
0 264 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.php
www.facebook.com/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
InteractiveLogin
accounts.google.com/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
InteractiveLogin
accounts.google.com/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popunder.gif
hoatebilaterdea.info/ |
35 B 539 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
d1lnjzqqshwcwg.cloudfront.net/ |
164 KB 54 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asd100.bin
pogothere.xyz/ |
100 KB 100 KB |
Fetch
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
pogothere.xyz/ |
26 B 620 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utx
angelsaidthe.info/ |
0 536 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
K1wTMyAdABoTLkgPMToJHlgMNzYvCwosXjY
angelsaidthe.info/ZUJVZ24EIDYKUQR/N0EbFy5oQlwjZ2chClQuOw0UFDMmDxkGNTJJDQktIAMIFy07E0ALJyFCXCMGDFceKyNnIi8vERgpNg0hPyw4PxsDPx5VGhM1KCwGYSIqHQxmJhkONRwOPyMHOQBZBwY+NSwzd2EGGQYDETRfEhYENiAuGhcGPBILICt... Frame F485 |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LVRQfWNYV0Z4fUMKCz4gB0RRCWhZUQ8jJg5EUXoqDgIIJWROU1MpJRkODi9oWSdSeHxFUU18fF1WTXt+UkRRej4KBwI4JE5TJX9+XE9QfGseXFI
d1lnjzqqshwcwg.cloudfront.net/DY0pNa2EAJSMNXhcjKVZYVXp0XFRFID4EDxN3AwkwIiQFElg7bDkRBV54awcADS1wTQQNKXBaRwIuL1ZVRT49BApeKzkMCwEiOAgDGWw4ClwOJTcCDQ8raFknVmR9TlNTYjoCDwclOhhEUXojH0RRenxbT1NvfilEUXo6Ag... Frame F485 |
757 B 820 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- fonts.nexuspipe.com
- URL
- https://fonts.nexuspipe.com/
- Domain
- accounts.google.com
- URL
- https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp1OdDw0waiQbCaVLkofwLJJa6xtekxGJ9J1_Cn5RqOaXEspUY0XCoX19Eb3206l1QQ8fkb5Xw
- Domain
- accounts.google.com
- URL
- https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0lTQYPtWuhGasI0HXqpRPL5UWOrVfFq4wB2AFZf5xgxtlqCalMInKtGQOBuBeDxJPbJ468Bg
Verdicts & Comments Add Verdict or Comment
3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| google_tag_manager object| google_tag_data object| dataLayer0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
angelsaidthe.info
d1lnjzqqshwcwg.cloudfront.net
fonts.nexuspipe.com
hoatebilaterdea.info
pogothere.xyz
region1.google-analytics.com
waterx.download
www.facebook.com
www.googletagmanager.com
accounts.google.com
fonts.nexuspipe.com
149.50.219.191
157.240.253.35
172.217.18.8
18.65.39.66
18.66.121.73
188.114.96.3
216.239.34.36
172eb9ce1bb5a26fc5d378b212e41e9dec3b86aeb9b95eab9b5c38c4da4849fe
5446ec7846fa4b8bc1167d253aaa954293ae10d39de67de006767a7223a2716c
6810eff1dcf696177e23bbb0be7f62bc85aa5311e4a8d55f3f56f08e4a753aed
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9b844146c06bbbb58e1a2c4745ff1ba005a92f2efb0ff698fbb0646ff48828ce
abe781c82c448847e5e0434bf867f2816f22a3fc06f1a30c8d0814133d0b49c9
d4472d933f72c6f8b26bccd0575c7acd4f433660495288d6cc3047a70bc7a619
d7e71374005922e483b27df2e5f4400bd09c95ffebd2f9c6f8f2800798b4a7f1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6e6161e4011e5d966fafba5281f03672482962c99472c7b4dc6f91bf76b5ee8
eec1f55de290adb0b5d148ab4393b1726eb83e75d09a51df3226dccf28516f41
f5c5083ed71741cb979c96af8c3f0f5f5d145504f4961759050093258f37b9c1
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
fbe9682524cf0fa4cb72713bb64b3c1757214f9fcff40b137ac8fc773c7413ab