wintermute.top Open in urlscan Pro
162.216.242.206 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://wintermute.top/
Submission: On February 21 via api (February 21st 2024, 9:45:05 pm UTC) from FI — Scanned from FI

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 162.216.242.206, located in United States and belongs to DYNU, US. The main domain is wintermute.top.

This is the only time wintermute.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	162.216.242.206 162.216.242.206	398019 (DYNU) (DYNU)
5	180.158.14.81 180.158.14.81	4812 (CHINANET-...) (CHINANET-SH-AP China Telecom Group)
9	3

3 162.216.242.206 (United States)

ASN398019 (DYNU, US)
PTR: webredirect.dynu.com

wintermute.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 180.158.14.81 (Shanghai, China)

ASN4812 (CHINANET-SH-AP China Telecom Group, CN)

neuromancer.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	neuromancer.top neuromancer.top	15 KB
3	wintermute.top wintermute.top	3 KB
9	2

	Domain	Requested by
5	neuromancer.top	wintermute.top neuromancer.top
3	wintermute.top	wintermute.top
9	2

This site contains no links.

Subject Issuer	Validity	Valid
neuromancer.top Encryption Everywhere DV TLS CA - G1	`2023-06-19` - `2024-06-19`	a year	crt.sh

This page contains 6 frames:

Primary Page: http://wintermute.top/
Frame ID: A49366792E28146BBF0B97C6873D94D7
Requests: 1 HTTP requests in this frame

Frame: http://wintermute.top/emptypage
Frame ID: 0C79FE5798961627FFDF55ED29BFF820
Requests: 1 HTTP requests in this frame

Frame: https://neuromancer.top:11000/
Frame ID: 1011E36583C539EA3F1A1D924CA3C829
Requests: 2 HTTP requests in this frame

Frame: http://wintermute.top/emptypage
Frame ID: 798A23443E24E58C2D9443D47E053B1B
Requests: 1 HTTP requests in this frame

Frame: https://neuromancer.top:11000/emptypage
Frame ID: 9DF7EAD629CE7EE91C2BD5A769073D4F
Requests: 2 HTTP requests in this frame

Frame: https://neuromancer.top:11000/emptypage
Frame ID: AE8E89C0390EC196A91B6882E97EDCB6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Necromancer

Page Statistics

9
Requests

56 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

18 kB
Transfer

17 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response wintermute.top/	860 B 1 KB	1752ms 466ms	Document text/html	162.216.242.206 DYNU
General Check archive.org Show headers Download Go to Full URL http://wintermute.top/ Protocol HTTP/1.1 Server 162.216.242.206 , United States, ASN398019 (DYNU, US), Reverse DNS webredirect.dynu.com Software Dynu Web Server / Dynu Dynamic DNS Service Resource Hash `434a4338e6f666d70fb2ee85ce378a972a4eaee5cda19966163e0e406e530e27` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Content-Length 860 Content-Type text/html; charset=UTF-8 Date Wed, 21 Feb 2024 21:45:1 GMT Server Dynu Web Server X-Powered-By Dynu Dynamic DNS Service
GET H/1.1	200 OK	emptypage Show response wintermute.top/ Frame 0C79	898 B 1 KB	216ms 216ms	Document text/html	162.216.242.206 DYNU
General Check archive.org Show headers Download Go to Full URL http://wintermute.top/emptypage Requested by Host: wintermute.top URL: http://wintermute.top/ Protocol HTTP/1.1 Server 162.216.242.206 , United States, ASN398019 (DYNU, US), Reverse DNS webredirect.dynu.com Software Dynu Web Server / Dynu Dynamic DNS Service Resource Hash `9067c8f19185e4e1b7ca82ecc9016ec221192c304312d21086749dbef7e968c4` Request headers Referer http://wintermute.top/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Content-Length 898 Content-Type text/html; charset=UTF-8 Date Wed, 21 Feb 2024 21:45:1 GMT Server Dynu Web Server X-Powered-By Dynu Dynamic DNS Service
GET H2	404	/ Show response neuromancer.top/ Frame 1011	3 KB 3 KB	3911ms 485ms	Document text/html	180.158.14.81 CHINANET-SH-AP Ch...
General Check archive.org Show headers Download Go to Full URL https://neuromancer.top:11000/ Requested by Host: wintermute.top URL: http://wintermute.top/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 180.158.14.81 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN), Reverse DNS Software nginx / Resource Hash `b37c2d0d928551912e6b6119573d3d9e8fbe172d76e73dc5edadedaa8e01fa63` Request headers Referer http://wintermute.top/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers accept-ranges bytes content-length 2968 content-type text/html date Wed, 21 Feb 2024 21:45:05 GMT etag "b98-5bdb96c1d1d00" last-modified Wed, 17 Mar 2021 11:02:44 GMT server nginx
GET H/1.1	200 OK	emptypage Show response wintermute.top/ Frame 798A	898 B 1 KB	770ms 462ms	Document text/html	162.216.242.206 DYNU
General Check archive.org Show headers Download Go to Full URL http://wintermute.top/emptypage Requested by Host: wintermute.top URL: http://wintermute.top/emptypage Protocol HTTP/1.1 Server 162.216.242.206 , United States, ASN398019 (DYNU, US), Reverse DNS webredirect.dynu.com Software Dynu Web Server / Dynu Dynamic DNS Service Resource Hash `9067c8f19185e4e1b7ca82ecc9016ec221192c304312d21086749dbef7e968c4` Request headers Referer http://wintermute.top/emptypage Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers Content-Length 898 Content-Type text/html; charset=UTF-8 Date Wed, 21 Feb 2024 21:45:2 GMT Server Dynu Web Server X-Powered-By Dynu Dynamic DNS Service
GET H2	404	emptypage Show response neuromancer.top/ Frame 9DF7	3 KB 3 KB	3885ms 682ms	Document text/html	180.158.14.81 CHINANET-SH-AP Ch...
General Check archive.org Show headers Download Go to Full URL https://neuromancer.top:11000/emptypage Requested by Host: wintermute.top URL: http://wintermute.top/emptypage Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 180.158.14.81 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN), Reverse DNS Software nginx / Resource Hash `b37c2d0d928551912e6b6119573d3d9e8fbe172d76e73dc5edadedaa8e01fa63` Request headers Referer http://wintermute.top/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers accept-ranges bytes content-length 2968 content-type text/html date Wed, 21 Feb 2024 21:45:05 GMT etag "b98-5bdb96c1d1d00" last-modified Wed, 17 Mar 2021 11:02:44 GMT server nginx
GET H2	404	emptypage Show response neuromancer.top/ Frame AE8E	3 KB 3 KB	2907ms 484ms	Document text/html	180.158.14.81 CHINANET-SH-AP Ch...
General Check archive.org Show headers Download Go to Full URL https://neuromancer.top:11000/emptypage Requested by Host: wintermute.top URL: http://wintermute.top/emptypage Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 180.158.14.81 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN), Reverse DNS Software nginx / Resource Hash `b37c2d0d928551912e6b6119573d3d9e8fbe172d76e73dc5edadedaa8e01fa63` Request headers Referer http://wintermute.top/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language fi-FI,fi;q=0.9 Response headers accept-ranges bytes content-length 2968 content-type text/html date Wed, 21 Feb 2024 21:45:05 GMT etag "b98-5bdb96c1d1d00" last-modified Wed, 17 Mar 2021 11:02:44 GMT server nginx
GET H2	404	missing Show response neuromancer.top/ Frame AE8E	3 KB 3 KB	405ms 405ms	XHR text/html	180.158.14.81 CHINANET-SH-AP Ch...
General Check archive.org Show headers Download Go to Full URL https://neuromancer.top:11000/missing Requested by Host: neuromancer.top URL: https://neuromancer.top:11000/emptypage Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 180.158.14.81 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN), Reverse DNS Software nginx / Resource Hash `b37c2d0d928551912e6b6119573d3d9e8fbe172d76e73dc5edadedaa8e01fa63` Request headers accept-language fi-FI,fi;q=0.9 Referer https://neuromancer.top:11000/emptypage User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 21 Feb 2024 21:45:05 GMT last-modified Wed, 17 Mar 2021 11:02:44 GMT server nginx accept-ranges bytes etag "b98-5bdb96c1d1d00" content-length 2968 content-type text/html
GET H2	404	missing Show response neuromancer.top/ Frame 1011	3 KB 3 KB	378ms 378ms	XHR text/html	180.158.14.81 CHINANET-SH-AP Ch...
General Check archive.org Show headers Download Go to Full URL https://neuromancer.top:11000/missing Requested by Host: neuromancer.top URL: https://neuromancer.top:11000/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 180.158.14.81 Shanghai, China, ASN4812 (CHINANET-SH-AP China Telecom Group, CN), Reverse DNS Software nginx / Resource Hash `b37c2d0d928551912e6b6119573d3d9e8fbe172d76e73dc5edadedaa8e01fa63` Request headers accept-language fi-FI,fi;q=0.9 Referer https://neuromancer.top:11000/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 21 Feb 2024 21:45:05 GMT last-modified Wed, 17 Mar 2021 11:02:44 GMT server nginx accept-ranges bytes etag "b98-5bdb96c1d1d00" content-length 2968 content-type text/html
GET		missing neuromancer.top/ Frame 9DF7	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: neuromancer.top
URL: https://neuromancer.top:11000/missing

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://neuromancer.top:11000/emptypage Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://neuromancer.top:11000/ Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://neuromancer.top:11000/emptypage Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://neuromancer.top:11000/missing Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://neuromancer.top:11000/missing Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

neuromancer.top
wintermute.top
neuromancer.top
162.216.242.206
180.158.14.81
434a4338e6f666d70fb2ee85ce378a972a4eaee5cda19966163e0e406e530e27
9067c8f19185e4e1b7ca82ecc9016ec221192c304312d21086749dbef7e968c4
b37c2d0d928551912e6b6119573d3d9e8fbe172d76e73dc5edadedaa8e01fa63

wintermute.top Open in urlscan Pro 162.216.242.206 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

56 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

18 kBTransfer

17 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

wintermute.top Open in urlscan Pro
162.216.242.206 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

56 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

18 kB
Transfer

17 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions