6kdfjgkbjfgh.monster
Open in
urlscan Pro
188.72.236.136
Public Scan
Effective URL: https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s3=CFR7FH8ApvDwBvxCqU...
Submission: On May 29 via manual from US
Summary
TLS certificate: Issued by R3 on May 12th 2021. Valid for: 3 months.
This is the only time 6kdfjgkbjfgh.monster was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 185.15.209.141 185.15.209.141 | 52000 (MIRHOSTING) (MIRHOSTING) | |
1 3 | 185.27.134.139 185.27.134.139 | 34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited) | |
1 1 | 69.61.56.73 69.61.56.73 | 22653 (GLOBALCOM...) (GLOBALCOMPASS) | |
1 | 192.0.78.27 192.0.78.27 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
1 1 | 2a05:d014:286... 2a05:d014:286:3502:280f:5c03:88aa:6d81 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 188.72.236.136 188.72.236.136 | 35415 (WEBZILLA) (WEBZILLA) | |
1 1 | 2606:4700:303... 2606:4700:3035::ac43:a3d7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3031::6815:5139 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 4 |
ASN52000 (MIRHOSTING, RU)
PTR: nbn.topsnursingschool.com
gg.gg |
ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
filedownload7887.rf.gd |
ASN16509 (AMAZON-02, US)
wintermute.icu |
ASN35415 (WEBZILLA, NL)
PTR: 1f2-12-d2456-136.webazilla.com
6kdfjgkbjfgh.monster |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
rf.gd
1 redirects
filedownload7887.rf.gd |
32 KB |
1 |
globoekv.info
globoekv.info |
|
1 |
fernomic.info
1 redirects
fernomic.info |
616 B |
1 |
6kdfjgkbjfgh.monster
6kdfjgkbjfgh.monster |
8 KB |
1 |
wintermute.icu
1 redirects
wintermute.icu |
820 B |
1 |
href.li
href.li |
485 B |
1 |
downloadio.club
1 redirects
downloadio.club |
432 B |
1 |
gg.gg
1 redirects
gg.gg |
1 KB |
5 | 8 |
Domain | Requested by | |
---|---|---|
3 | filedownload7887.rf.gd |
1 redirects
filedownload7887.rf.gd
|
1 | globoekv.info |
6kdfjgkbjfgh.monster
|
1 | fernomic.info | 1 redirects |
1 | 6kdfjgkbjfgh.monster |
href.li
|
1 | wintermute.icu | 1 redirects |
1 | href.li |
filedownload7887.rf.gd
|
1 | downloadio.club | 1 redirects |
1 | gg.gg | 1 redirects |
5 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
fernomic.info |
Subject Issuer | Validity | Valid | |
---|---|---|---|
tls.automattic.com R3 |
2021-04-16 - 2021-07-15 |
3 months | crt.sh |
6kdfjgkbjfgh.monster R3 |
2021-05-12 - 2021-08-10 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-05-11 - 2022-05-10 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://globoekv.info/0d6fd64920fe40fbf5866fd2b6b18dbe/download.php
Frame ID: EFF06A61831230DBB2452AE9EA80A94C
Requests: 5 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://gg.gg/ci121gh5
HTTP 301
http://filedownload7887.rf.gd/file.php?fn=setup Page URL
-
http://filedownload7887.rf.gd/file.php?fn=setup&i=1
HTTP 302
http://downloadio.club/go.php?a_aid=5e91834133f76&chan=&fn=setup HTTP 302
https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e... Page URL
-
https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&key...
HTTP 302
https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://gg.gg/ci121gh5
HTTP 301
http://filedownload7887.rf.gd/file.php?fn=setup Page URL
-
http://filedownload7887.rf.gd/file.php?fn=setup&i=1
HTTP 302
http://downloadio.club/go.php?a_aid=5e91834133f76&chan=&fn=setup HTTP 302
https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup Page URL
-
https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup
HTTP 302
https://6kdfjgkbjfgh.monster/5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae?q=setup&s1=5e91834133f76&s2=&s3=CFR7FH8ApvDwBvxCqUnWoZ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://gg.gg/ci121gh5 HTTP 301
- http://filedownload7887.rf.gd/file.php?fn=setup
- http://filedownload7887.rf.gd/file.php?fn=setup&i=1 HTTP 302
- http://downloadio.club/go.php?a_aid=5e91834133f76&chan=&fn=setup HTTP 302
- https://href.li/?https://wintermute.icu/go/94f9766d-73c2-48ae-af26-34c697949119?affiliate=5e91834133f76&channel=&keyword=setup
- https://fernomic.info/315078/AM3YsWDGzgQAvhwCAE5MFwASAHedi8oA/setup.exe HTTP 307
- https://globoekv.info/0d6fd64920fe40fbf5866fd2b6b18dbe/download.php
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
file.php
filedownload7887.rf.gd/ Redirect Chain
|
850 B 842 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aes.js
filedownload7887.rf.gd/ |
30 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
href.li/ Redirect Chain
|
802 B 485 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
5prBi92cfb1f45d61ae81452c78d9a9b17ff950eb64ae
6kdfjgkbjfgh.monster/ Redirect Chain
|
7 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
download.php
globoekv.info/0d6fd64920fe40fbf5866fd2b6b18dbe/ Redirect Chain
|
0 0 |
Document
applicaiton/zip |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
6kdfjgkbjfgh.monster
downloadio.club
fernomic.info
filedownload7887.rf.gd
gg.gg
globoekv.info
href.li
wintermute.icu
185.15.209.141
185.27.134.139
188.72.236.136
192.0.78.27
2606:4700:3031::6815:5139
2606:4700:3035::ac43:a3d7
2a05:d014:286:3502:280f:5c03:88aa:6d81
69.61.56.73
6b9344140d622386cbfa3ff5d604d315ea695ac4e43f07875662ff6c97698fc0
7a019680acab4685b8f37a9f3462813d33b8f902239b3948babb7a004770a0c6
97bd66d1c384f15278e1f1d0e17070f1b746b7050b64de685bcc2faa1006b675
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc