urlscan.io logo urlscan.io
SecurityTrails logo

windowexeallkiller.com Open in urlscan Pro
115.71.236.95  Public Scan

Go To Rescan Add Verdict Report
URL: http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
Submission: On October 08 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 115.71.236.95, located in Korea, Republic Of and belongs to GNJ-AS-KR DAOU TECHNOLOGY, KR. The main domain is windowexeallkiller.com.
This is the only time windowexeallkiller.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 115.71.236.95 45996 (GNJ-AS-KR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
7 3
Domain Requested by
4 windowexeallkiller.com windowexeallkiller.com
2 apis.google.com windowexeallkiller.com
apis.google.com
1 www.youtube.com windowexeallkiller.com
7 3

This site contains links to these domains. Also see Links.

Domain
www.superdownloads.com.br
windowexe.tistory.com
Subject Issuer Validity Valid
*.apis.google.com
GTS CA 1O1		 2020-09-22 -
2020-12-15		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-09-22 -
2020-12-15		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
Frame ID: CE271DFE880E5AE135722C01490F1570
Requests: 6 HTTP requests in this frame

Frame: https://www.youtube.com/embed/g8Wwgk2N0tc?feature=player_detailpage
Frame ID: 19F347E11DD6DD184529F2A4243C7714
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /apis\.google\.com\/js\/[a-z]*\.js/i

Page Statistics

7
Requests

43 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

109 kB
Transfer

226 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • http://www.youtube.com/embed/g8Wwgk2N0tc?feature=player_detailpage HTTP 307
  • https://www.youtube.com/embed/g8Wwgk2N0tc?feature=player_detailpage

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set e.php
windowexeallkiller.com/ 		19 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
Protocol
HTTP/1.1
Server
115.71.236.95 , Korea, Republic Of, ASN45996 (GNJ-AS-KR DAOU TECHNOLOGY, KR),
Reverse DNS
Software
Apache / PHP/5.3.3
Resource Hash
eb32f9b1b1b9351b983394334d9ce72d745510e6bfb570d501a12a8bbdae9463

Request headers

Host
windowexeallkiller.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 08 Oct 2020 17:38:02 GMT
Server
Apache
X-Powered-By
PHP/5.3.3
P3P
CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Set-Cookie
PHPSESSID=m3cuptb9902pl3bj2t8b2lusc3; path=/ f33d2ed86bd82d4c22123c9da444d8ab=MTYwMjE3ODY4Mg%3D%3D; expires=Fri, 08-Oct-2021 17:38:02 GMT; path=/ 96b28b766b7e0699aa91c9ff3d890663=deleted; expires=Wed, 09-Oct-2019 17:38:01 GMT; path=/ 2a0d2363701f23f8a75028924a3af643=ODkuMjQ5LjY0LjE3MQ%3D%3D; expires=Fri, 09-Oct-2020 17:38:02 GMT; path=/
Expires
0
Last-Modified
Thu, 08 Oct 2020 17:38:02 GMT
Cache-Control
pre-check=0, post-check=0, max-age=0
Pragma
no-cache
Keep-Alive
timeout=15, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8
style.css
windowexeallkiller.com/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://windowexeallkiller.com/style.css
Requested by
Host: windowexeallkiller.com
URL: http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
Protocol
HTTP/1.1
Server
115.71.236.95 , Korea, Republic Of, ASN45996 (GNJ-AS-KR DAOU TECHNOLOGY, KR),
Reverse DNS
Software
Apache /
Resource Hash
af8e6b9dfc8804585365ba105e3c940e9412c2c3e88c89d9b0f9666558512340

Request headers

Referer
http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 08 Oct 2020 17:38:02 GMT
Last-Modified
Tue, 17 Sep 2013 22:15:25 GMT
Server
Apache
ETag
"c2c1a-518-4e69ba8505940"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
1304
common.js
windowexeallkiller.com/js/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://windowexeallkiller.com/js/common.js
Requested by
Host: windowexeallkiller.com
URL: http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
Protocol
HTTP/1.1
Server
115.71.236.95 , Korea, Republic Of, ASN45996 (GNJ-AS-KR DAOU TECHNOLOGY, KR),
Reverse DNS
Software
Apache /
Resource Hash
51955abe453072a1fe4f841f27c6a2ddc83c7928ebe46e54630398cc69615d63

Request headers

Referer
http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 08 Oct 2020 17:38:03 GMT
Last-Modified
Fri, 22 Nov 2013 03:29:01 GMT
Server
Apache
ETag
"c2657-12ae-4ebbb9d851940"
Content-Type
text/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
Content-Length
4782
plusone.js
apis.google.com/js/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/plusone.js
Requested by
Host: windowexeallkiller.com
URL: http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
758564edb90e7304792f6d37364e79ed384934e13143efd6635d3b0e0ba4e626
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-jMDGolFfOiqwxjYepO89zw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 08 Oct 2020 17:38:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"55d429851f32fac761aa7dda5c357e83"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-jMDGolFfOiqwxjYepO89zw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Thu, 08 Oct 2020 17:38:03 GMT
wrest.js
windowexeallkiller.com/js/ 		15 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://windowexeallkiller.com/js/wrest.js
Requested by
Host: windowexeallkiller.com
URL: http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
Protocol
HTTP/1.1
Server
115.71.236.95 , Korea, Republic Of, ASN45996 (GNJ-AS-KR DAOU TECHNOLOGY, KR),
Reverse DNS
Software
Apache /
Resource Hash
4250de59fb6fcf91557da76a53487364e2bde3c936d981ae8eff2cea3a944e34

Request headers

Referer
http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 08 Oct 2020 17:38:03 GMT
Last-Modified
Mon, 09 Apr 2012 10:51:57 GMT
Server
Apache
ETag
"e2a15-3cb3-4bd3ccb84ad40"
Content-Type
text/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
15539
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.2laq3Py8kJk.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNOVyb6DDYv7xgJGtF_6RiAl0K1Kw/ 		137 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.2laq3Py8kJk.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCNOVyb6DDYv7xgJGtF_6RiAl0K1Kw/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5754a78fea82bb52d068d3c64de5ab9ae7ed70de719090407bb2ade232a5b7ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 05 Oct 2020 22:51:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 02 Oct 2020 15:53:30 GMT
server
sffe
age
240380
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49024
x-xss-protection
0
expires
Tue, 05 Oct 2021 22:51:43 GMT
g8Wwgk2N0tc
www.youtube.com/embed/ Frame 19F3
Redirect Chain
  • http://www.youtube.com/embed/g8Wwgk2N0tc?feature=player_detailpage
  • https://www.youtube.com/embed/g8Wwgk2N0tc?feature=player_detailpage
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/g8Wwgk2N0tc?feature=player_detailpage
Requested by
Host: windowexeallkiller.com
URL: http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/g8Wwgk2N0tc?feature=player_detailpage
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://windowexeallkiller.com/e.php?q=hpqwmiex-c-users-administrator-appdata-roaming-hewlett-packard-hpqwmiex-exe

Response headers

status
200
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
content-length
10963
cache-control
no-cache
expires
Tue, 27 Apr 1971 19:44:06 GMT
strict-transport-security
max-age=31536000
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding
br
date
Thu, 08 Oct 2020 17:38:03 GMT
server
YouTube Frontend Proxy
x-xss-protection
0
set-cookie
VISITOR_INFO1_LIVE=fkE1HF-IOM0; path=/; domain=.youtube.com; secure; expires=Tue, 06-Apr-2021 17:38:03 GMT; httponly; samesite=None YSC=fv9lloRn0Gs; path=/; domain=.youtube.com; secure; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Thu, 08-Oct-2020 18:08:03 GMT VISITOR_INFO1_LIVE=fkE1HF-IOM0; path=/; domain=.youtube.com; secure; expires=Tue, 06-Apr-2021 17:38:03 GMT; httponly; samesite=None
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

Location
https://www.youtube.com/embed/g8Wwgk2N0tc?feature=player_detailpage
Non-Authoritative-Reason
HSTS

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| trustedTypes string| g4_path string| g4_bbs string| g4_bbs_img string| g4_url string| g4_is_member string| g4_is_admin string| g4_bo_table string| g4_sca string| g4_charset string| g4_cookie_domain boolean| g4_is_gecko boolean| g4_is_ie boolean| COMMON_JS string| errmsg undefined| errfld object| last_id function| check_field function| error_field function| clear_field function| trim function| number_format function| del function| set_cookie function| get_cookie function| delete_cookie function| menu function| check_byte function| doc_write object| gapi object| ___jsl object| gadgets object| osapi object| shindig object| iframer function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| __gapi_jstiming__ boolean| WREST_JS string| wrestMsg object| wrestFld string| wrestFldDefaultColor string| wrestFldBackColor object| arrAttr function| wrestItemname function| wrestTrim function| wrestRequired function| wrestMinlength function| wrestTelnumber function| wrestEmail function| wrestMemberId function| wrestHangul function| wrestHangul2 function| wrestHangulAlphaNumeric function| wrestNumeric function| wrestAlpha function| wrestAlphaNumeric function| wrestAlphaNumericUnderLine function| wrestJumin function| wrestSaupja function| wrestNospace function| wrestSubmit function| wrestInitialized

5 Cookies

Domain/Path Name / Value
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: fkE1HF-IOM0
.youtube.com/ Name: YSC
Value: fv9lloRn0Gs
windowexeallkiller.com/ Name: 2a0d2363701f23f8a75028924a3af643
Value: ODkuMjQ5LjY0LjE3MQ%3D%3D
windowexeallkiller.com/ Name: f33d2ed86bd82d4c22123c9da444d8ab
Value: MTYwMjE3ODY4Mg%3D%3D
windowexeallkiller.com/ Name: PHPSESSID
Value: m3cuptb9902pl3bj2t8b2lusc3