urlscan.io logo urlscan.io
SecurityTrails logo

bitterblackwatter.ga Open in urlscan Pro
178.128.241.54  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://area-re.it/
Effective URL: https://bitterblackwatter.ga/?p=hbqwczrvmq5gi3bpguytsmy&sub1=sinister2&sub2=blockey
Submission: On January 25 via manual from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 6 domains to perform 7 HTTP transactions. The main IP is 178.128.241.54, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is bitterblackwatter.ga.
TLS certificate: Issued by R3 on January 24th 2021. Valid for: 3 months.
This is the only time bitterblackwatter.ga was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 217.194.3.49 12637 (SEEWEB We...)
1 1 95.181.172.55 50673 (SERVERIUS-AS)
3 45.9.148.32 49447 (NICEIT)
1 178.128.241.54 14061 (DIGITALOC...)
7 3
Domain Requested by
2 slow.helpmart.ga main.travelfornamewalking.ga
slow.helpmart.ga
2 area-re.it 2 redirects
1 bitterblackwatter.ga slow.helpmart.ga
1 main.travelfornamewalking.ga
1 irc.lovegreenpencils.ga 1 redirects
0 enrilov.info Failed main.travelfornamewalking.ga
7 6

This site contains no links.

Subject Issuer Validity Valid
main.travelfornamewalking.ga
R3		 2021-01-04 -
2021-04-04		 3 months crt.sh
slow.helpmart.ga
R3		 2020-12-10 -
2021-03-10		 3 months crt.sh
bitterblackwatter.ga
R3		 2021-01-24 -
2021-04-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bitterblackwatter.ga/?p=hbqwczrvmq5gi3bpguytsmy&sub1=sinister2&sub2=blockey
Frame ID: 8199EAD12C1B3FB4C09085BF6806ABAC
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://area-re.it/ HTTP 301
    https://area-re.it/ HTTP 302
    https://irc.lovegreenpencils.ga/ryery?id=584&rs=2 HTTP 302
    https://main.travelfornamewalking.ga/det.php?v=34637&id=584&rs=2 Page URL
  2. https://slow.helpmart.ga/font.html Page URL
  3. https://bitterblackwatter.ga/?p=hbqwczrvmq5gi3bpguytsmy&sub1=sinister2&sub2=blockey Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

7
Requests

57 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

3
IPs

3
Countries

15 kB
Transfer

17 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://area-re.it/ HTTP 301
    https://area-re.it/ HTTP 302
    https://irc.lovegreenpencils.ga/ryery?id=584&rs=2 HTTP 302
    https://main.travelfornamewalking.ga/det.php?v=34637&id=584&rs=2 Page URL
  2. https://slow.helpmart.ga/font.html Page URL
  3. https://bitterblackwatter.ga/?p=hbqwczrvmq5gi3bpguytsmy&sub1=sinister2&sub2=blockey Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://area-re.it/ HTTP 301
  • https://area-re.it/ HTTP 302
  • https://irc.lovegreenpencils.ga/ryery?id=584&rs=2 HTTP 302
  • https://main.travelfornamewalking.ga/det.php?v=34637&id=584&rs=2

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
det.php
main.travelfornamewalking.ga/
Redirect Chain
  • http://area-re.it/
  • https://area-re.it/
  • https://irc.lovegreenpencils.ga/ryery?id=584&rs=2
  • https://main.travelfornamewalking.ga/det.php?v=34637&id=584&rs=2
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://main.travelfornamewalking.ga/det.php?v=34637&id=584&rs=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.9.148.32 , Netherlands, ASN49447 (NICEIT, DM),
Reverse DNS
Software
nginx /
Resource Hash
286bed515e6d42decb3f92c654e3a339b0f680e288666679065264bf47720e0c

Request headers

:method
GET
:authority
main.travelfornamewalking.ga
:scheme
https
:path
/det.php?v=34637&id=584&rs=2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server
nginx
date
Mon, 25 Jan 2021 08:58:44 GMT
content-type
text/html;charset=UTF-8
vary
Accept-Encoding
content-encoding
gzip

Redirect headers

Server
nginx
Date
Mon, 25 Jan 2021 08:58:45 GMT
Content-Type
text/html; charset=iso-8859-1
Content-Length
256
Connection
keep-alive
Keep-Alive
timeout=60
Location
https://main.travelfornamewalking.ga/det.php?v=34637&id=584&rs=2
script.js
enrilov.info/ 		0
0
web.php
slow.helpmart.ga/ 		233 B
324 B 		Script
General
Check archive.org
Download Go to
Full URL
https://slow.helpmart.ga/web.php?s=23522&sid=11&uis=114&default_keyword=Loading...&&v=34637&id=584&rs=2&frm5fd632f090722=script5fd632f090723&_cid=0405fd3f-4e1e-1f5a-dd89-b8d5840971a9&1611565125452
Requested by
Host: main.travelfornamewalking.ga
URL: https://main.travelfornamewalking.ga/det.php?v=34637&id=584&rs=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.9.148.32 , Netherlands, ASN49447 (NICEIT, DM),
Reverse DNS
Software
nginx /
Resource Hash
37330efbf173f92dccfdcd203eaf7ad3f97858086fe82d937ca0298bb59ea3dc

Request headers

Referer
https://main.travelfornamewalking.ga/det.php?v=34637&id=584&rs=2
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 08:58:44 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
font.html
slow.helpmart.ga/ 		0
0
font.html
slow.helpmart.ga/ 		2 KB
854 B 		Document
General
Check archive.org
Download Go to
Full URL
https://slow.helpmart.ga/font.html
Requested by
Host: slow.helpmart.ga
URL: https://slow.helpmart.ga/web.php?s=23522&sid=11&uis=114&default_keyword=Loading...&&v=34637&id=584&rs=2&frm5fd632f090722=script5fd632f090723&_cid=0405fd3f-4e1e-1f5a-dd89-b8d5840971a9&1611565125452
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.9.148.32 , Netherlands, ASN49447 (NICEIT, DM),
Reverse DNS
Software
nginx /
Resource Hash
33f182988538ec90f86cfd0331c3eefd54e63942c51c00cba4ce96c245e6ae17

Request headers

:method
GET
:authority
slow.helpmart.ga
:scheme
https
:path
/font.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://main.travelfornamewalking.ga/det.php?v=34637&id=584&rs=2
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://main.travelfornamewalking.ga/det.php?v=34637&id=584&rs=2

Response headers

server
nginx
date
Mon, 25 Jan 2021 08:58:44 GMT
content-type
text/html
last-modified
Mon, 25 Jan 2021 00:03:50 GMT
vary
Accept-Encoding
etag
W/"600e0ae6-711"
content-encoding
gzip
/
bitterblackwatter.ga/ 		0
0
Primary Request /
bitterblackwatter.ga/ 		12 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bitterblackwatter.ga/?p=hbqwczrvmq5gi3bpguytsmy&sub1=sinister2&sub2=blockey
Requested by
Host: slow.helpmart.ga
URL: https://slow.helpmart.ga/font.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.241.54 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
a474516361648a338998d7f3afe454864d3d63b1b969ec13b1c5900242cbcead
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
bitterblackwatter.ga
:scheme
https
:path
/?p=hbqwczrvmq5gi3bpguytsmy&sub1=sinister2&sub2=blockey
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://slow.helpmart.ga/font.html
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://slow.helpmart.ga/font.html

Response headers

server
nginx
date
Mon, 25 Jan 2021 08:58:45 GMT
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
set-cookie
uuid=5d909eb3-6b25-41df-9d80-6293dcc01d58; expires=Wed, 24-Feb-2021 08:58:45 GMT; Max-Age=2592000; path=/; domain=bitterblackwatter.ga
strict-transport-security
max-age=31536000
content-security-policy
img-src https: data:; upgrade-insecure-requests
truncated
/ 		748 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a5308b7decd6fc2d5e8438fb037c4a822125135db832c05437d754655ff2fc23

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
enrilov.info
URL
https://enrilov.info/script.js?sid=918613
Domain
slow.helpmart.ga
URL
https://slow.helpmart.ga/font.html
Domain
bitterblackwatter.ga
URL
https://bitterblackwatter.ga/?p=hbqwczrvmq5gi3bpguytsmy&sub1=sinister2&sub2=blockey

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated boolean| guardEnabled boolean| isChrome function| compareVersion function| getLanguage object| rootElement boolean| canStart function| disableHistory function| disableIncognito function| denied function| getWorkerRegistration function| SubS function| CheckS function| urlB64ToUint8Array

1 Cookies

Domain/Path Name / Value
.bitterblackwatter.ga/ Name: uuid
Value: 5d909eb3-6b25-41df-9d80-6293dcc01d58