Submitted URL: http://gg.gg/ci121gh5
Effective URL: https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s3=CFR7FH8ApvDwBvxCqU...
Submission: On May 29 via manual from US

Summary

This website contacted 4 IPs in 4 countries across 8 domains to perform 5 HTTP transactions. The main IP is 188.72.236.136, located in Netherlands and belongs to WEBZILLA, NL. The main domain is 6kdfjgkbjfgh.monster.
TLS certificate: Issued by R3 on May 12th 2021. Valid for: 3 months.
This is the only time 6kdfjgkbjfgh.monster was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 185.15.209.141 52000 (MIRHOSTING)
1 3 185.27.134.139 34119 (WILDCARD-...)
1 1 69.61.56.73 22653 (GLOBALCOM...)
1 192.0.78.27 2635 (AUTOMATTIC)
1 1 2a05:d014:286... 16509 (AMAZON-02)
1 188.72.236.136 35415 (WEBZILLA)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
5 4
Apex Domain
Subdomains
Transfer
3 rf.gd
filedownload7887.rf.gd
32 KB
1 globoekv.info
globoekv.info
1 fernomic.info
fernomic.info
616 B
1 6kdfjgkbjfgh.monster
6kdfjgkbjfgh.monster
8 KB
1 wintermute.icu
wintermute.icu
820 B
1 href.li
href.li
485 B
1 downloadio.club
downloadio.club
432 B
1 gg.gg
gg.gg
1 KB
5 8
Domain Requested by
3 filedownload7887.rf.gd 1 redirects filedownload7887.rf.gd
1 globoekv.info 6kdfjgkbjfgh.monster
1 fernomic.info 1 redirects
1 6kdfjgkbjfgh.monster href.li
1 wintermute.icu 1 redirects
1 href.li filedownload7887.rf.gd
1 downloadio.club 1 redirects
1 gg.gg 1 redirects
5 8

This site contains links to these domains. Also see Links.

Domain
fernomic.info
Subject Issuer Validity Valid
tls.automattic.com
R3
2021-04-16 -
2021-07-15
3 months crt.sh
6kdfjgkbjfgh.monster
R3
2021-05-12 -
2021-08-10
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-05-11 -
2022-05-10
a year crt.sh

This page contains 1 frames:

Frame: https://globoekv.info/0d6fd64920fe40fbf5866fd2b6b18dbe/download.php
Frame ID: EFF06A61831230DBB2452AE9EA80A94C
Requests: 5 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://gg.gg/ci121gh5 HTTP 301
    http://filedownload7887.rf.gd/file.php?fn=setup Page URL
  2. http://filedownload7887.rf.gd/file.php?fn=setup&i=1 HTTP 302
    http://downloadio.club/go.php?a_aid=5e91834133f76&chan=&fn=setup HTTP 302
    https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e... Page URL
  3. https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&key... HTTP 302
    https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

5
Requests

60 %
HTTPS

38 %
IPv6

8
Domains

8
Subdomains

4
IPs

4
Countries

40 kB
Transfer

39 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://gg.gg/ci121gh5 HTTP 301
    http://filedownload7887.rf.gd/file.php?fn=setup Page URL
  2. http://filedownload7887.rf.gd/file.php?fn=setup&i=1 HTTP 302
    http://downloadio.club/go.php?a_aid=5e91834133f76&chan=&fn=setup HTTP 302
    https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup Page URL
  3. https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup HTTP 302
    https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s3=CFR7FH8ApvDwBvxCqUnWoZ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://gg.gg/ci121gh5 HTTP 301
  • http://filedownload7887.rf.gd/file.php?fn=setup
Request Chain 2
  • http://filedownload7887.rf.gd/file.php?fn=setup&i=1 HTTP 302
  • http://downloadio.club/go.php?a_aid=5e91834133f76&chan=&fn=setup HTTP 302
  • https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup
Request Chain 3
  • https://fernomic.info/315078/AM3YsWDGzgQAvhwCAE5MFwASAHedi8oA/setup.exe HTTP 307
  • https://globoekv.info/0d6fd64920fe40fbf5866fd2b6b18dbe/download.php

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
file.php
filedownload7887.rf.gd/
Redirect Chain
  • http://gg.gg/ci121gh5
  • http://filedownload7887.rf.gd/file.php?fn=setup
850 B
842 B
Document
General
Full URL
http://filedownload7887.rf.gd/file.php?fn=setup
Protocol
HTTP/1.1
Server
185.27.134.139 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
7a019680acab4685b8f37a9f3462813d33b8f902239b3948babb7a004770a0c6

Request headers

Host
filedownload7887.rf.gd
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx
Date
Sat, 29 May 2021 06:01:47 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control
no-cache
Content-Encoding
gzip

Redirect headers

Date
Sat, 29 May 2021 06:01:47 GMT
Server
Apache/2.2.22 (@RELEASE@)
X-Powered-By
PHP/5.3.3
Set-Cookie
ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22ddefb74e01be178140cbcd4c41b6f699%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A11%3A%22159.48.55.4%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A114%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1622268107%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Db75e26448f6b4bd299570e3a03366d7e; expires=Sat, 29-May-2021 08:01:47 GMT; path=/ gg_token=40ec6d6b584c49fdb1fde33023a5bde360b1d8cbef35e7.08813833; expires=Fri, 27-Aug-2021 06:01:47 GMT; path=/; domain=.gg.gg
Expires
Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified
Sat, 29 May 2021 06:01:47 GMT
Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma
no-cache
Location
http://filedownload7887.rf.gd/file.php?fn=setup
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
aes.js
filedownload7887.rf.gd/
30 KB
31 KB
Script
General
Full URL
http://filedownload7887.rf.gd/aes.js
Requested by
Host: filedownload7887.rf.gd
URL: http://filedownload7887.rf.gd/file.php?fn=setup
Protocol
HTTP/1.1
Server
185.27.134.139 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
Software
nginx /
Resource Hash
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
filedownload7887.rf.gd
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
*/*
Referer
http://filedownload7887.rf.gd/file.php?fn=setup
Connection
keep-alive
Cache-Control
no-cache
Referer
http://filedownload7887.rf.gd/file.php?fn=setup
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 29 May 2021 06:01:47 GMT
Last-Modified
Sat, 08 Aug 2015 08:12:26 GMT
Server
nginx
ETag
"55c5b9ea-79e6"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31206
/
href.li/
Redirect Chain
  • http://filedownload7887.rf.gd/file.php?fn=setup&i=1
  • http://downloadio.club/go.php?a_aid=5e91834133f76&chan=&fn=setup
  • https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup
802 B
485 B
Document
General
Full URL
https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup
Requested by
Host: filedownload7887.rf.gd
URL: http://filedownload7887.rf.gd/file.php?fn=setup
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.27 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
6b9344140d622386cbfa3ff5d604d315ea695ac4e43f07875662ff6c97698fc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
href.li
:scheme
https
:path
/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://filedownload7887.rf.gd/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://filedownload7887.rf.gd/file.php?fn=setup

Response headers

server
nginx
date
Sat, 29 May 2021 06:01:48 GMT
content-type
text/html; charset=utf-8
strict-transport-security
max-age=31536000
vary
Accept-Encoding
content-encoding
gzip
x-ac
3.ams _dfw

Redirect headers

Date
Sat, 29 May 2021 14:31:57 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Cache-Control
no-cache, must-revalidate
Pragma
no-cache
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Location
https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
Primary Request 5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae
6kdfjgkbjfgh.monster/
Redirect Chain
  • https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup
  • https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s3=CFR7FH8ApvDwBvxCqUnWoZ
7 KB
8 KB
Document
General
Full URL
https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s3=CFR7FH8ApvDwBvxCqUnWoZ
Requested by
Host: href.li
URL: https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.72.236.136 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
1f2-12-d2456-136.webazilla.com
Software
nginx/1.18.0 /
Resource Hash
97bd66d1c384f15278e1f1d0e17070f1b746b7050b64de685bcc2faa1006b675

Request headers

:method
GET
:authority
6kdfjgkbjfgh.monster
:scheme
https
:path
/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s3=CFR7FH8ApvDwBvxCqUnWoZ
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup

Response headers

server
nginx/1.18.0
date
Sat, 29 May 2021 06:01:49 GMT
content-type
text/html; charset=utf-8
set-cookie
bd_context=ySCUKvh+IHMl533WK5/6FdyITnDXE/tQlZYld287eY6kmAEU8EL0uNeRyIgJ2prB/UTgpNCNQflqKV5qukzu4u3vtAnkQr/kPTtAqZs63GbBKtKSjgysCDX0awtnBWO12Momj+UZgG88UY3/BRJ3G7HaF1qNch8BxgWMFT9OLh+voAqi7d92nb55W/cxh+2DZr0pahXcOCEH/PUzs3oXSVcG/DNcTEE7pBHKIIXR5ENnXu9bLMwKcXCogfnZPL1S0qkvvZEf6hxVUJxJ+aAWxWZbCXDP3LtQYl8NMzKsuoLM/hPjh7cbgmesMa6h4ZvgKRRgDH9dm8yM; Expires=Sun, 29 May 2022 06:01:50 GMT

Redirect headers

Server
nginx
Date
Sat, 29 May 2021 06:01:48 GMT
Content-Type
text/html; charset=utf-8
Content-Length
326
Connection
keep-alive
Access-Control-Allow-Origin
*
Set-Cookie
bemob-uniq-visit:94f9766d-73c2-48ae-af26-34c697949119=1; Domain=wintermute.icu; Path=/; Expires=Sun, 30 May 2021 06:01:48 GMT; HttpOnly; Secure; SameSite=None bemob-click-id=CFR7FH8ApvDwBvxCqUnWoZ; Domain=wintermute.icu; Path=/; Expires=Sun, 30 May 2021 06:01:48 GMT; HttpOnly; Secure; SameSite=None
Location
https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s3=CFR7FH8ApvDwBvxCqUnWoZ
Vary
Accept
X-Response-Time
5.689ms
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=0; includeSubDomains
download.php
globoekv.info/0d6fd64920fe40fbf5866fd2b6b18dbe/
Redirect Chain
  • https://fernomic.info/315078/AM3YsWDGzgQAvhwCAE5MFwASAHedi8oA/setup.exe
  • https://globoekv.info/0d6fd64920fe40fbf5866fd2b6b18dbe/download.php
0
0
Document
General
Full URL
https://globoekv.info/0d6fd64920fe40fbf5866fd2b6b18dbe/download.php
Requested by
Host: 6kdfjgkbjfgh.monster
URL: https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s3=CFR7FH8ApvDwBvxCqUnWoZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:5139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
globoekv.info
:scheme
https
:path
/0d6fd64920fe40fbf5866fd2b6b18dbe/download.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://6kdfjgkbjfgh.monster/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s3=CFR7FH8ApvDwBvxCqUnWoZ

Response headers

date
Sat, 29 May 2021 06:01:57 GMT
content-type
applicaiton/zip
content-disposition
attachment; filename=setup-AM3YsWDGzgQAvhwCAE5MFwASAHedi8oA.zip
cf-cache-status
DYNAMIC
cf-request-id
0a584ffa1a0000d6d11a3c3000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NruIQfbUis%2BYfFBhQUz6AdT5RFDl%2Bf5n9Js2zfyXNXWcLcI61nwgzLy7kReQZ3sBN9m9Le4TpMCdqImCP2BBKhnzJzsd7QNlcBAUCDHNjKJdPVhjsKea9vnDjHQ%2FxdLHeF0AQHdW%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
656d82a35a16d6d1-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Sat, 29 May 2021 06:01:49 GMT
content-type
text/html; charset=utf-8
content-length
103
location
https://globoekv.info/0d6fd64920fe40fbf5866fd2b6b18dbe/download.php
cf-cache-status
DYNAMIC
cf-request-id
0a584ff9e50000c2c7dc0bc000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=iPOgc9p%2B%2B31U48RvZp3U29v%2BguJv0W%2BgNr07SGGmBTJTi8AapJRIHjAYIznYuL%2B%2BdOtN%2FEKAR1n3UFM%2Fakuus%2BBcbfmIIsgqD6AOOZyDuP4jLcP7KH7x9lhF5EY8B%2BrDu2nQPvBlqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
656d82a30ff6c2c7-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies