urlscan.io logo urlscan.io
SecurityTrails logo

green.rwe-twe.com Open in urlscan Pro
108.178.23.115  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://url3.site/ssc/?jo=5619578
Effective URL: https://green.rwe-twe.com/proc.php?112708977240f2b6915e67e1c3ab9e29ddb6eb89
Submission: On October 01 via manual from JO — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 6 HTTP transactions. The main IP is 108.178.23.115, located in United States and belongs to SINGLEHOP-LLC, US. The main domain is green.rwe-twe.com.
TLS certificate: Issued by R3 on September 25th 2023. Valid for: 3 months.
This is the only time green.rwe-twe.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 66.29.132.160 22612 (NAMECHEAP...)
1 185.66.201.42 201702 (SKHOSTING-EU)
1 185.66.201.8 201702 (SKHOSTING-EU)
2 108.178.23.115 32475 (SINGLEHOP...)
6 5
Apex Domain
Subdomains		 Transfer
2 rwe-twe.com
green.rwe-twe.com
3 KB
1 t-q-c.click
t-q-c.click
358 B
1 qoaaa.com
qoaaa.com — Cisco Umbrella Rank: 504875
794 B
1 url3.site
url3.site
573 B
0 qozf.sbs Failed
v7183.qozf.sbs Failed
6 5
Domain Requested by
2 green.rwe-twe.com t-q-c.click
green.rwe-twe.com
1 t-q-c.click qoaaa.com
1 qoaaa.com url3.site
1 url3.site
0 v7183.qozf.sbs Failed green.rwe-twe.com
6 5

This site contains no links.

Subject Issuer Validity Valid
url3.site
Sectigo RSA Domain Validation Secure Server CA		 2023-08-01 -
2024-08-01		 a year crt.sh
qoaaa.com
R3		 2023-08-02 -
2023-10-31		 3 months crt.sh
t-q-c.click
R3		 2023-09-26 -
2023-12-25		 3 months crt.sh
green.rwe-twe.com
R3		 2023-09-25 -
2023-12-24		 3 months crt.sh

This page contains 1 frames:

Frame: https://v7183.qozf.sbs/go.php?ad=dpmly88mjyqsa7zl6x30&sid=M7284917527975559241&pub=21977&pid=21977-a2927fc0&c=0&app=unknown&br=Chrome&os=[[os]]&d=Google+Chrome&ca=DE+WiFi&a=0
Frame ID: AB917ADBABA16E808AEBA8D958275227
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Click "Allow" To Continue

Page URL History Show full URLs

  1. https://url3.site/ssc/?jo=5619578 Page URL
  2. https://qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/?placementName=default Page URL
  3. https://t-q-c.click/go.php?go=https%3A%2F%2Fgreen.rwe-twe.com%2F%3Futm_medium%3D1c8a39bdc24f9bf0... Page URL
  4. https://green.rwe-twe.com/?utm_medium=1c8a39bdc24f9bf01a896823c2517f52e2f1f505&utm_campaign=smart2&1=2... Page URL
  5. https://green.rwe-twe.com/proc.php?112708977240f2b6915e67e1c3ab9e29ddb6eb89 Page URL

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

5 kB
Transfer

9 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://url3.site/ssc/?jo=5619578 Page URL
  2. https://qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/?placementName=default Page URL
  3. https://t-q-c.click/go.php?go=https%3A%2F%2Fgreen.rwe-twe.com%2F%3Futm_medium%3D1c8a39bdc24f9bf01a896823c2517f52e2f1f505%26utm_campaign%3Dsmart2%261%3D29780095%26cid%3D90affC1696152036affd2aa800670987a752a897%26np%3D2&do=4ea253dd842c42ebd0361ee10a36ef10 Page URL
  4. https://green.rwe-twe.com/?utm_medium=1c8a39bdc24f9bf01a896823c2517f52e2f1f505&utm_campaign=smart2&1=29780095&cid=90affC1696152036affd2aa800670987a752a897&np=2 Page URL
  5. https://green.rwe-twe.com/proc.php?112708977240f2b6915e67e1c3ab9e29ddb6eb89 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
url3.site/ssc/ 		864 B
573 B 		Document
General
Check archive.org
Download Go to
Full URL
https://url3.site/ssc/?jo=5619578
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
66.29.132.160 Charlotte, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server341-4.web-hosting.com
Software
LiteSpeed / PHP/8.0.30
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-length
404
content-type
text/html; charset=UTF-8
date
Sun, 01 Oct 2023 09:20:36 GMT
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/8.0.30
x-turbo-charged-by
LiteSpeed
/
qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/ 		710 B
794 B 		Document
General
Check archive.org
Download Go to
Full URL
https://qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/?placementName=default
Requested by
Host: url3.site
URL: https://url3.site/ssc/?jo=5619578
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.66.201.42 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
affilist.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://url3.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding
br
content-type
text/html; charset=utf-8
date
Sun, 01 Oct 2023 09:20:36 GMT
expires
Sun, 01 Jan 2014 00:00:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
x-robots-tag
noindex,nofollow
go.php
t-q-c.click/ 		649 B
358 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t-q-c.click/go.php?go=https%3A%2F%2Fgreen.rwe-twe.com%2F%3Futm_medium%3D1c8a39bdc24f9bf01a896823c2517f52e2f1f505%26utm_campaign%3Dsmart2%261%3D29780095%26cid%3D90affC1696152036affd2aa800670987a752a897%26np%3D2&do=4ea253dd842c42ebd0361ee10a36ef10
Requested by
Host: qoaaa.com
URL: https://qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8/?placementName=default
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.66.201.8 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.201.8.skhosting.eu
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://qoaaa.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 01 Oct 2023 09:20:37 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
/
green.rwe-twe.com/ 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://green.rwe-twe.com/?utm_medium=1c8a39bdc24f9bf01a896823c2517f52e2f1f505&utm_campaign=smart2&1=29780095&cid=90affC1696152036affd2aa800670987a752a897&np=2
Requested by
Host: t-q-c.click
URL: https://t-q-c.click/go.php?go=https%3A%2F%2Fgreen.rwe-twe.com%2F%3Futm_medium%3D1c8a39bdc24f9bf01a896823c2517f52e2f1f505%26utm_campaign%3Dsmart2%261%3D29780095%26cid%3D90affC1696152036affd2aa800670987a752a897%26np%3D2&do=4ea253dd842c42ebd0361ee10a36ef10
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.178.23.115 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
17af14b0e3984f9b3aba36ff1fa8105f4b32c8a4c28facdd257d2bb98b391c5a

Request headers

Referer
https://t-q-c.click/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sun, 01 Oct 2023 09:20:37 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
Primary Request proc.php
green.rwe-twe.com/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://green.rwe-twe.com/proc.php?112708977240f2b6915e67e1c3ab9e29ddb6eb89
Requested by
Host: green.rwe-twe.com
URL: https://green.rwe-twe.com/?utm_medium=1c8a39bdc24f9bf01a896823c2517f52e2f1f505&utm_campaign=smart2&1=29780095&cid=90affC1696152036affd2aa800670987a752a897&np=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.178.23.115 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Referer
https://green.rwe-twe.com/?utm_medium=1c8a39bdc24f9bf01a896823c2517f52e2f1f505&utm_campaign=smart2&1=29780095&cid=90affC1696152036affd2aa800670987a752a897&np=2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 01 Oct 2023 09:20:41 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://v7183.qozf.sbs/go.php?ad=dpmly88mjyqsa7zl6x30&sid=M7284917527975559241&pub=21977&pid=21977-a2927fc0&c=0&app=unknown&br=Chrome&os=[[os]]&d=Google+Chrome&ca=DE+WiFi&a=0
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
go.php
v7183.qozf.sbs/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
v7183.qozf.sbs
URL
https://v7183.qozf.sbs/go.php?ad=dpmly88mjyqsa7zl6x30&sid=M7284917527975559241&pub=21977&pid=21977-a2927fc0&c=0&app=unknown&br=Chrome&os=[[os]]&d=Google+Chrome&ca=DE+WiFi&a=0

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture string| pm_appKey function| pm_denyAction string| pm_tag function| pm_allowAction

3 Cookies

Domain/Path Name / Value
qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8 Name: shown1
Value: 0
qoaaa.com/7bcdeb18c7204bbf7d66/dbd8ebb4a8 Name: total_impressions
Value: 1
qoaaa.com/ Name: used_ad2938030
Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

green.rwe-twe.com
qoaaa.com
t-q-c.click
url3.site
v7183.qozf.sbs
v7183.qozf.sbs
108.178.23.115
185.66.201.42
185.66.201.8
66.29.132.160
17af14b0e3984f9b3aba36ff1fa8105f4b32c8a4c28facdd257d2bb98b391c5a