xovzrd.findiover.net Open in urlscan Pro
52.19.101.114 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://gg.gg/126654
Effective URL:
https://xovzrd.findiover.net/c/1e3a4e532f1c7040?s1=144562&s2=1335143&j1=1&j3=1&j8=1&click_id=a_631caba4f0120700012286de&s3=20164
Submission: On September 10 via manual (September 10th 2022, 3:22:12 pm UTC) from PL — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 7 domains to perform 17 HTTP transactions. The main IP is 52.19.101.114, located in and belongs to . The main domain is xovzrd.findiover.net.
TLS certificate: Issued by R3 on July 26th 2022. Valid for: 3 months.

This is the only time xovzrd.findiover.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 5	91.215.42.31 91.215.42.31	57724 (DDOS-GUARD) (DDOS-GUARD)
2	185.129.100.100 185.129.100.100	57724 (DDOS-GUARD) (DDOS-GUARD)
1 1	157.245.233.39 157.245.233.39	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	2606:4700:303... 2606:4700:3031::ac43:9781	() ()
1 1	34.91.226.152 34.91.226.152	() ()
1	52.19.101.114 52.19.101.114	() ()
17	4

5 91.215.42.31 (Russian Federation) 1 redirects

ASN57724 (DDOS-GUARD, RU)

gg.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.129.100.100 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

check.ddos-guard.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.245.233.39 (Santa Clara, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

track.adverdr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:9781 (None, ) 1 redirects

ASN- ()

makeyourwish.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.226.152 (None, ) 1 redirects

ASN- ()

t.luvmenow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.101.114 (None, )

ASN- ()

xovzrd.findiover.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	gg.gg 1 redirects gg.gg — Cisco Umbrella Rank: 214914	102 KB
2	ddos-guard.net check.ddos-guard.net — Cisco Umbrella Rank: 132666	742 B
1	findiover.net xovzrd.findiover.net
1	luvmenow.com 1 redirects t.luvmenow.com	397 B
1	makeyourwish.net 1 redirects makeyourwish.net	1017 B
1	adverdr.com 1 redirects track.adverdr.com	340 B
0	akamaized.net Failed cdn-dimi.akamaized.net Failed
17	7

	Domain	Requested by
5	gg.gg	1 redirects gg.gg
2	check.ddos-guard.net	gg.gg
1	xovzrd.findiover.net	gg.gg
1	t.luvmenow.com	1 redirects
1	makeyourwish.net	1 redirects
1	track.adverdr.com	1 redirects
0	cdn-dimi.akamaized.net Failed	xovzrd.findiover.net
17	7

This site contains no links.

Subject Issuer	Validity	Valid
*.ddos-guard.net Sectigo RSA Domain Validation Secure Server CA	`2022-07-25` - `2023-08-25`	a year	crt.sh
*.findiover.net R3	`2022-07-26` - `2022-10-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://xovzrd.findiover.net/c/1e3a4e532f1c7040?s1=144562&s2=1335143&j1=1&j3=1&j8=1&click_id=a_631caba4f0120700012286de&s3=20164
Frame ID: 9BB74193179F93815734F8F15457B64C
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://gg.gg/126654 Page URL
http://gg.gg/126654 HTTP 301
https://track.adverdr.com//tr?offer_id=11&aff_id=4435&sub1=Alex61 HTTP 307
https://makeyourwish.net/bw2bwqYC?s1=631caba3976af631caba3976b1 HTTP 302
http://t.luvmenow.com/sl?id=5fa1807a127bd6bcbd272004&pid=11249&sub3=tj4l016k24q4&sub1=20164&sub2=frd HTTP 302
https://xovzrd.findiover.net/c/1e3a4e532f1c7040?s1=144562&s2=1335143&j1=1&j3=1&j8=1&click_id=a_631caba4f0... Page URL

Detected technologies

CodeIgniter (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

17
Requests

18 %
HTTPS

17 %
IPv6

7
Domains

7
Subdomains

4
IPs

2
Countries

101 kB
Transfer

123 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://gg.gg/126654 Page URL
http://gg.gg/126654 HTTP 301
https://track.adverdr.com//tr?offer_id=11&aff_id=4435&sub1=Alex61 HTTP 307
https://makeyourwish.net/bw2bwqYC?s1=631caba3976af631caba3976b1 HTTP 302
http://t.luvmenow.com/sl?id=5fa1807a127bd6bcbd272004&pid=11249&sub3=tj4l016k24q4&sub1=20164&sub2=frd HTTP 302
https://xovzrd.findiover.net/c/1e3a4e532f1c7040?s1=144562&s2=1335143&j1=1&j3=1&j8=1&click_id=a_631caba4f0120700012286de&s3=20164 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	403 Forbidden	126654 Show response gg.gg/	8 KB 9 KB	58ms 22ms	Document text/html	91.215.42.31 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL http://gg.gg/126654 Protocol HTTP/1.1 Server 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS Software ddos-guard / Resource Hash `3ae6b0aa0ad7a4a3135967f6aa7317820d5b7a4b60e7bebbc0abca7c8fe045c2` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-cache, no-store, must-revalidate Connection keep-alive Content-Length 8176 Content-Type text/html; charset=UTF-8 Date Sat, 10 Sep 2022 15:22:08 GMT Keep-Alive timeout=60 Server ddos-guard
GET DATA	200 OK	truncated /	555 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `781f9640521a0e58c8bfa567d0b6646fd227fb85ff3530f737ebec5998633ce0` Request headers accept-language de-DE,de;q=0.9 Referer http://gg.gg/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Content-Type image/svg+xml
GET H/1.1	200 Ok	check Show response gg.gg/.well-known/ddos-guard/	91 KB 92 KB	23ms 22ms	Script application/javascript	91.215.42.31 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL http://gg.gg/.well-known/ddos-guard/check?context=free_splash Requested by Host: gg.gg URL: http://gg.gg/126654 Protocol HTTP/1.1 Server 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS Software ddos-guard / Resource Hash `e8ad60f8af33e8db9e91a6b54dab652bafd39d012cd299df50d7b1b5efbc9596` Request headers accept-language de-DE,de;q=0.9 Referer http://gg.gg/126654 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Sat, 10 Sep 2022 15:22:08 GMT Server ddos-guard Connection keep-alive Content-Type application/javascript Keep-Alive timeout=60 Content-Length 93545 Expires Sat, 10 Sep 2022 16:22:08 GMT
GET H2	200	check.js Show response check.ddos-guard.net/	152 B 490 B	83ms 23ms	Script application/javascript	185.129.100.100 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://check.ddos-guard.net/check.js Requested by Host: gg.gg URL: http://gg.gg/126654 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.129.100.100 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software ddos-guard / Resource Hash `8c1e6d80e1c67dc4ad85380bd468c389292d34aac3cc2f44662894414a35f352` Request headers accept-language de-DE,de;q=0.9 Referer http://gg.gg/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Sat, 10 Sep 2022 15:22:08 GMT last-modified Thu, 01 Jan 1970 00:00:00 GMT server ddos-guard etag vshNvTlWGOFDo6pa p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" cache-control private, s-maxage=0, max-age=31536000 content-type application/javascript content-length 152 expires Sun, 10 Sep 2023 15:22:08 GMT
GET H/1.1	200 Ok	vshNvTlWGOFDo6pa gg.gg/.well-known/ddos-guard/id/	68 B 411 B	21ms 21ms	Image image/png	91.215.42.31 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL http://gg.gg/.well-known/ddos-guard/id/vshNvTlWGOFDo6pa Requested by Host: gg.gg URL: http://gg.gg/126654 Protocol HTTP/1.1 Server 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS Software ddos-guard / Resource Hash `f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710` Request headers accept-language de-DE,de;q=0.9 Referer http://gg.gg/126654 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers Date Sat, 10 Sep 2022 15:22:08 GMT Server ddos-guard Content-Type image/png Cache-Control no-cache Connection keep-alive Keep-Alive timeout=60 Content-Length 68 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	200	vshNvTlWGOFDo6pa check.ddos-guard.net/set/id/	68 B 252 B	22ms 22ms	Image image/png	185.129.100.100 DDOS-GUARD
General Check archive.org Show headers Download Go to Show image Full URL https://check.ddos-guard.net/set/id/vshNvTlWGOFDo6pa Requested by Host: gg.gg URL: http://gg.gg/126654 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.129.100.100 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software ddos-guard / Resource Hash `f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710` Request headers accept-language de-DE,de;q=0.9 Referer http://gg.gg/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers pragma no-cache date Sat, 10 Sep 2022 15:22:08 GMT server ddos-guard p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" cache-control no-cache content-type image/png content-length 68 expires Thu, 01 Jan 1970 00:00:00 GMT
POST H/1.1	200 OK	/ Show response gg.gg/.well-known/ddos-guard/mark/	0 143 B	81ms 23ms	XHR text/plain	91.215.42.31 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL http://gg.gg/.well-known/ddos-guard/mark/ Requested by Host: gg.gg URL: http://gg.gg/.well-known/ddos-guard/check?context=free_splash Protocol HTTP/1.1 Server 91.215.42.31 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS Software ddos-guard / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://gg.gg/126654 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Date Sat, 10 Sep 2022 15:22:08 GMT Server ddos-guard Connection keep-alive Keep-Alive timeout=60 Content-Length 0
GET H2	200	Primary Request 1e3a4e532f1c7040 xovzrd.findiover.net/c/ Redirect Chain http://gg.gg/126654 https://track.adverdr.com//tr?offer_id=11&aff_id=4435&sub1=Alex61 https://makeyourwish.net/bw2bwqYC?s1=631caba3976af631caba3976b1 http://t.luvmenow.com/sl?id=5fa1807a127bd6bcbd272004&pid=11249&sub3=tj4l016k24q4&sub1=20164&sub2=frd https://xovzrd.findiover.net/c/1e3a4e532f1c7040?s1=144562&s2=1335143&j1=1&j3=1&j8=1&click_id=a_631caba4f0120700012286de&s3=20164	23 KB 0	217ms 50ms	Document text/html	52.19.101.114
General Check archive.org Show headers Download Go to Full URL https://xovzrd.findiover.net/c/1e3a4e532f1c7040?s1=144562&s2=1335143&j1=1&j3=1&j8=1&click_id=a_631caba4f0120700012286de&s3=20164 Requested by Host: gg.gg URL: http://gg.gg/.well-known/ddos-guard/check?context=free_splash Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.19.101.114 -, , ASN (), Reverse DNS Software nginx / Resource Hash Request headers Referer http://gg.gg/126654 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-type text/html; charset=utf-8 date Sat, 10 Sep 2022 15:22:12 GMT server nginx Redirect headers Access-Control-Allow-Origin * Connection keep-alive Content-Length 0 Date Sat, 10 Sep 2022 15:22:12 GMT Location https://xovzrd.findiover.net/c/1e3a4e532f1c7040?s1=144562&s2=1335143&j1=1&j3=1&j8=1&click_id=a_631caba4f0120700012286de&s3=20164 Server nginx
GET		style.css cdn-dimi.akamaized.net/landings/274421/1662542857/css/	0 0

GET		popup.css cdn-dimi.akamaized.net/landings/274421/1662542857/css/	0 0

GET		jquery-2.2.4.min.js cdn-dimi.akamaized.net/landings/274421/1662542857/js/	0 0

GET		vegas.js cdn-dimi.akamaized.net/landings/274421/1662542857/js/	0 0

GET		function.js cdn-dimi.akamaized.net/landings/274421/1662542857/js/	0 0

GET		translates.js cdn-dimi.akamaized.net/landings/274421/1662542857/js/	0 0

GET		tn_pHash.js cdn-dimi.akamaized.net/landings/274421/1662542857/js/	0 0

GET		logo.png cdn-dimi.akamaized.net/landings/274421/1662542857/images/	0 0

GET		logo-white.png cdn-dimi.akamaized.net/landings/274421/1662542857/images/	0 0

GET		1.jpg cdn-dimi.akamaized.net/landings/274421/1662542857/images/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cdn-dimi.akamaized.net
URL: https://cdn-dimi.akamaized.net/landings/274421/1662542857/css/style.css?1662542858

Domain: cdn-dimi.akamaized.net
URL: https://cdn-dimi.akamaized.net/landings/274421/1662542857/css/popup.css?1662542858

Domain: cdn-dimi.akamaized.net
URL: https://cdn-dimi.akamaized.net/landings/274421/1662542857/js/jquery-2.2.4.min.js?1662542858

Domain: cdn-dimi.akamaized.net
URL: https://cdn-dimi.akamaized.net/landings/274421/1662542857/js/vegas.js?1662542858

Domain: cdn-dimi.akamaized.net
URL: https://cdn-dimi.akamaized.net/landings/274421/1662542857/js/function.js?1662542858

Domain: cdn-dimi.akamaized.net
URL: https://cdn-dimi.akamaized.net/landings/274421/1662542857/js/translates.js?1662542858

Domain: cdn-dimi.akamaized.net
URL: https://cdn-dimi.akamaized.net/landings/274421/1662542857/js/tn_pHash.js?1662542858

Domain: cdn-dimi.akamaized.net
URL: https://cdn-dimi.akamaized.net/landings/274421/1662542857/images/logo.png

Domain: cdn-dimi.akamaized.net
URL: https://cdn-dimi.akamaized.net/landings/274421/1662542857/images/logo-white.png

Domain: cdn-dimi.akamaized.net
URL: https://cdn-dimi.akamaized.net/landings/274421/1662542857/images/1.jpg

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.gg.gg/	1970-01-20 14:39:19	Name: __ddgid_ Value: BfnbmNUnA3cEv6WN
.gg.gg/	1970-01-20 05:55:09	Name: __ddgmark_ Value: vw0cfikMKYqDQvaQ
.gg.gg/	1970-01-20 05:53:54	Name: __ddg5_ Value: RDp2O0fN28Rk1lyj
.check.ddos-guard.net/	1970-01-20 14:39:19	Name: __ddg2 Value: vshNvTlWGOFDo6pa
.gg.gg/	1970-01-20 14:39:19	Name: __ddg2_ Value: vshNvTlWGOFDo6pa
.gg.gg/	1970-01-20 14:39:19	Name: __ddg1_ Value: 2X5i3dd1XgxG2cEfn27k
gg.gg/	1970-01-20 05:53:50	Name: ci_session Value: a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22ce80e8a02a0af79ab82d3779af1b47e3%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22186.2.160.181%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A116%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F105.0.5195.102+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1662823330%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D907dc229a993d8ab201c6dff50b615bd
.gg.gg/	1970-01-20 08:03:19	Name: gg_token Value: 3799b441943c38903e901ad97dc1fabb631caba27981c6.08187294
track.adverdr.com/	1970-01-20 05:55:09	Name: click_id Value: 631caba3976af631caba3976b1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://gg.gg/126654 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
rendering	warning	URL: https://xovzrd.findiover.net/c/1e3a4e532f1c7040?s1=144562&s2=1335143&j1=1&j3=1&j8=1&click_id=a_631caba4f0120700012286de&s3=20164(Line 227) Message: The value "false" for key "user-scalable" is invalid, and has been ignored.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn-dimi.akamaized.net
check.ddos-guard.net
gg.gg
makeyourwish.net
t.luvmenow.com
track.adverdr.com
xovzrd.findiover.net
cdn-dimi.akamaized.net
157.245.233.39
185.129.100.100
2606:4700:3031::ac43:9781
34.91.226.152
52.19.101.114
91.215.42.31
3ae6b0aa0ad7a4a3135967f6aa7317820d5b7a4b60e7bebbc0abca7c8fe045c2
781f9640521a0e58c8bfa567d0b6646fd227fb85ff3530f737ebec5998633ce0
8c1e6d80e1c67dc4ad85380bd468c389292d34aac3cc2f44662894414a35f352
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8ad60f8af33e8db9e91a6b54dab652bafd39d012cd299df50d7b1b5efbc9596
f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710

xovzrd.findiover.net Open in urlscan Pro 52.19.101.114 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

18 %HTTPS

17 %IPv6

7 Domains

7 Subdomains

4 IPs

2 Countries

101 kBTransfer

123 kBSize

9 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

9 Cookies

2 Console Messages

Indicators

xovzrd.findiover.net Open in urlscan Pro
52.19.101.114 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

18 %
HTTPS

17 %
IPv6

7
Domains

7
Subdomains

4
IPs

2
Countries

101 kB
Transfer

123 kB
Size

9
Cookies

17 HTTP transactions
1 data transactions