Submitted URL: https://robyt.shop/cahayapoker-368.html
Effective URL: https://skibbynud.com/?cat=2&groupds=111&clientId=254&productId=1718&tracking=M7326514221812809815&publisher_id=1314&a...
Submission Tags: @phish_report
Submission: On January 21 via api from FI — Scanned from NL

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 5 HTTP transactions. The main IP is 185.32.28.133, located in Spain and belongs to AS_ADAM Adam Datacenter, ES. The main domain is skibbynud.com.
TLS certificate: Issued by R3 on December 28th 2023. Valid for: 3 months.
This is the only time skibbynud.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2 185.155.186.25 203639 (TEKNOLOGY)
1 108.178.23.115 32475 (SINGLEHOP...)
2 185.32.28.133 15699 (AS_ADAM A...)
5 5
Apex Domain
Subdomains
Transfer
2 skibbynud.com
skibbynud.com
33 KB
2 rajiggshe.live
2137.rajiggshe.live
4 KB
1 greatlifebargains2024.com
get.greatlifebargains2024.com — Cisco Umbrella Rank: 549470
3 KB
1 smart-gadgets.shop
smart-gadgets.shop
14 KB
1 robyt.shop
robyt.shop
1 KB
5 5
Domain Requested by
2 skibbynud.com get.greatlifebargains2024.com
skibbynud.com
2 2137.rajiggshe.live 1 redirects smart-gadgets.shop
1 get.greatlifebargains2024.com 2137.rajiggshe.live
1 smart-gadgets.shop
1 robyt.shop 1 redirects
5 5

This site contains links to these domains. Also see Links.

Domain
d.ramoscriko.com
Subject Issuer Validity Valid
smart-gadgets.shop
E1
2024-01-16 -
2024-04-15
3 months crt.sh
rajiggshe.live
R3
2024-01-20 -
2024-04-19
3 months crt.sh
get.greatlifebargains2024.com
R3
2023-12-06 -
2024-03-05
3 months crt.sh
skibbynud.com
R3
2023-12-28 -
2024-03-27
3 months crt.sh

This page contains 1 frames:

Primary Page: https://skibbynud.com/?cat=2&groupds=111&clientId=254&productId=1718&tracking=M7326514221812809815&publisher_id=1314&advert=NLWIFI
Frame ID: DDBC052C75792DA285CD5F67E2387B02
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

FILE READY

Page URL History Show full URLs

  1. https://robyt.shop/cahayapoker-368.html HTTP 302
    https://smart-gadgets.shop/?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6 Page URL
  2. https://2137.rajiggshe.live/lkfoplgq/article2137.doc?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6&f=1&... Page URL
  3. https://2137.rajiggshe.live/web/?sid=t8~c1bjtup2z2dsner0nldgjd3p HTTP 302
    https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=79a6... Page URL
  4. https://skibbynud.com/?cat=2&groupds=111&clientId=254&productId=1718&tracking=M7326514221812809815... Page URL

Page Statistics

5
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

53 kB
Transfer

96 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://robyt.shop/cahayapoker-368.html HTTP 302
    https://smart-gadgets.shop/?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6 Page URL
  2. https://2137.rajiggshe.live/lkfoplgq/article2137.doc?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6&f=1&sid=t8~c1bjtup2z2dsner0nldgjd3p&fp=Op5hjqVlw82BCM9aVOTgWg%3D%3D Page URL
  3. https://2137.rajiggshe.live/web/?sid=t8~c1bjtup2z2dsner0nldgjd3p HTTP 302
    https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=79a60a15-5a05-435f-81a8-850cd3e65c4e Page URL
  4. https://skibbynud.com/?cat=2&groupds=111&clientId=254&productId=1718&tracking=M7326514221812809815&publisher_id=1314&advert=NLWIFI Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://robyt.shop/cahayapoker-368.html HTTP 302
  • https://smart-gadgets.shop/?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6
Request Chain 2
  • https://2137.rajiggshe.live/web/?sid=t8~c1bjtup2z2dsner0nldgjd3p HTTP 302
  • https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=79a60a15-5a05-435f-81a8-850cd3e65c4e

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
smart-gadgets.shop/
Redirect Chain
  • https://robyt.shop/cahayapoker-368.html
  • https://smart-gadgets.shop/?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6
37 KB
14 KB
Document
General
Full URL
https://smart-gadgets.shop/?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b57ce35298ed13025cbe867e7193800e885be99a95f26be24dfc0fb9c3b68da1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private
cf-cache-status
DYNAMIC
cf-ray
848f434c0d940a5c-AMS
content-encoding
br
content-type
text/html
date
Sun, 21 Jan 2024 11:37:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cg5B5dtgLLDGaJLaYQns0VjId7%2FIgy%2F7VbVQF91kos7FEV9TwCVGi%2BMXye5ll8FztwHR0pv82f6CGTUJdMZECB7tgpKuYMkmqTR1z0DU%2Br6lKvdmxpm8gsPsMdcWLZ9QDhrztpzE0g6tqKUymLGpxuo%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
848f4345bd260a59-AMS
content-type
text/html; charset=UTF-8
date
Sun, 21 Jan 2024 11:37:02 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://smart-gadgets.shop/?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RvQ5eIvWoCNNYnoOElJRywL4nYGLEO7WhCvF6rcQ2%2F85FS82icLLOU81w%2F2JeXYLDpBQfehSnMjgUD%2BRNuNSW9uI07uy3B5eb7g%2Fns2pmf6ROs0fj%2FI%2F%2BSIZJntR6QCpMrGe007Z0ieR"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
article2137.doc
2137.rajiggshe.live/lkfoplgq/
4 KB
4 KB
Document
General
Full URL
https://2137.rajiggshe.live/lkfoplgq/article2137.doc?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6&f=1&sid=t8~c1bjtup2z2dsner0nldgjd3p&fp=Op5hjqVlw82BCM9aVOTgWg%3D%3D
Requested by
Host: smart-gadgets.shop
URL: https://smart-gadgets.shop/?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
185.155.186.25 , Switzerland, ASN203639 (TEKNOLOGY, CH),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Referer
https://smart-gadgets.shop/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Connection
keep-alive
Content-Length
3666
Content-Type
text/html
Date
Sun, 21 Jan 2024 11:37:02 GMT
Server
openresty
cache-control
private
/
get.greatlifebargains2024.com/
Redirect Chain
  • https://2137.rajiggshe.live/web/?sid=t8~c1bjtup2z2dsner0nldgjd3p
  • https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=79a60a15-5a05-435f-81a8-850cd3e65c4e
5 KB
3 KB
Document
General
Full URL
https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=79a60a15-5a05-435f-81a8-850cd3e65c4e
Requested by
Host: 2137.rajiggshe.live
URL: https://2137.rajiggshe.live/lkfoplgq/article2137.doc?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6&f=1&sid=t8~c1bjtup2z2dsner0nldgjd3p&fp=Op5hjqVlw82BCM9aVOTgWg%3D%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.178.23.115 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.3.1
Resource Hash
3eab0823060a7118ee93add4e0dcbbe644e2876633d963474fe880c40ae45225

Request headers

Referer
https://2137.rajiggshe.live/lkfoplgq/article2137.doc?u=tqck80z&o=zdqr96x&t=IndoD&cid=2g27c8s2ci8ju6&f=1&sid=t8~c1bjtup2z2dsner0nldgjd3p&fp=Op5hjqVlw82BCM9aVOTgWg%3D%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sun, 21 Jan 2024 11:37:02 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.3.1

Redirect headers

Connection
keep-alive
Content-Length
271
Content-Type
text/html; charset=utf-8
Date
Sun, 21 Jan 2024 11:37:02 GMT
Server
openresty
cache-control
private
location
https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=79a60a15-5a05-435f-81a8-850cd3e65c4e
referrer-policy
no-referrer
Primary Request /
skibbynud.com/
31 KB
32 KB
Document
General
Full URL
https://skibbynud.com/?cat=2&groupds=111&clientId=254&productId=1718&tracking=M7326514221812809815&publisher_id=1314&advert=NLWIFI
Requested by
Host: get.greatlifebargains2024.com
URL: https://get.greatlifebargains2024.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=79a60a15-5a05-435f-81a8-850cd3e65c4e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.32.28.133 , Spain, ASN15699 (AS_ADAM Adam Datacenter, ES),
Reverse DNS
Software
nginx /
Resource Hash
65afe03f561ac26ff30bf482ac7e354819c5e258c722c6681d5194d0ac89cc2f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://get.greatlifebargains2024.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Access-Control-Allow-Origin
*
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Sun, 21 Jan 2024 11:36:58 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d9ede2a0a6705be536a7468e05148324bdb2c5c50f95cd1081495e41dd22b827

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
image/png
truncated
/
6 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4a4e41568d676ec1737802b54a0710e582866aac9130322d12c3fb5783604da

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
image/png
truncated
/
10 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bcabe37d744d7aeae6cea696ea996f7c09205a967f37fe9b654e4b16f057de09

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Content-Type
image/png
backlink_back_button.js
skibbynud.com/assets/js/
632 B
982 B
Script
General
Full URL
https://skibbynud.com/assets/js/backlink_back_button.js
Requested by
Host: skibbynud.com
URL: https://skibbynud.com/?cat=2&groupds=111&clientId=254&productId=1718&tracking=M7326514221812809815&publisher_id=1314&advert=NLWIFI
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.32.28.133 , Spain, ASN15699 (AS_ADAM Adam Datacenter, ES),
Reverse DNS
Software
nginx /
Resource Hash
b1b1b5affe702bae9e97deabbdb3f19bcf8f12a1ddd410ff189c61c3bc159c06
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://skibbynud.com/?cat=2&groupds=111&clientId=254&productId=1718&tracking=M7326514221812809815&publisher_id=1314&advert=NLWIFI
User-Agent
Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Mobile Safari/537.36

Response headers

Date
Sun, 21 Jan 2024 11:36:58 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Mon, 28 Nov 2022 14:36:49 GMT
Server
nginx
ETag
"6384c781-278"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
632

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| backLinkURL

11 Cookies

Domain/Path Name / Value
robyt.shop/ Name: PHPSESSID
Value: 9o6aktavn86p0v9f9v1sj2qvka
.robyt.shop/ Name: _subid
Value: 2g27c8s2ci8ju6
.robyt.shop/ Name: 9fb19
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE5NFwiOjE3MDU4MzcwMjF9LFwiY2FtcGFpZ25zXCI6e1wiMThcIjoxNzA1ODM3MDIxfSxcInRpbWVcIjoxNzA1ODM3MDIxfSJ9.q1wERby-hcfstrHOSM28l6drwh6uWJK3mGgKNH6w7Ug
.robyt.shop/ Name: _token
Value: uuid_2g27c8s2ci8ju6_2g27c8s2ci8ju665ad01ddc7d099.01425289
smart-gadgets.shop/ Name: sid
Value: t8~c1bjtup2z2dsner0nldgjd3p
smart-gadgets.shop/ Name: p1
Value: https://rajiggshe.live/lkfoplgq/
smart-gadgets.shop/ Name: s1
Value: 03tpn0o6o314jkyn
2137.rajiggshe.live/ Name: IsNotUniqueMainNew
Value: true
2137.rajiggshe.live/ Name: cookie1
Value: true
skibbynud.com/ Name: redirect_user_data
Value: %7B%22country%22%3A%22NL%22%2C%22city%22%3Anull%2C%22isp%22%3A%22i3d.net%22%2C%22netspeed%22%3A%22%22%7D
skibbynud.com/ Name: _tracker_ikangoo
Value: a%3A5%3A%7Bs%3A4%3A%22_key%22%3Bs%3A7%3A%22IKPANEL%22%3Bs%3A6%3A%22_subid%22%3Bs%3A16%3A%225002173169250791%22%3Bs%3A8%3A%22_country%22%3Bs%3A2%3A%22NL%22%3Bs%3A4%3A%22_isp%22%3Bs%3A7%3A%22i3d.net%22%3Bs%3A5%3A%22_time%22%3Bi%3A1705837018%3B%7D