labor-day-51gb-free2.iokd9[.]top
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Quttera Web Malware Removal is a paid subscription service. Pricing, plans, and trial availability are set by Quttera. Quttera is operated by Quttera Ltd, an independent third-party company unrelated to RCS LT. PCRisk.com may earn a referral commission when users sign up through this link.
Description of labor-day-51gb-free2.iokd9[.]top
This domain appears to host a promotional landing page claiming that visitors have received "51GB FREE Data for Labor Day." The page imagery and wording suggest it is targeting users in the Philippines, with references to Filipino workers and visual branding associated with major telecom providers. Based on the page title, screenshot, and URL structure, the site appears to be designed as a campaign-style giveaway or reward page rather than a full business website.
The domain itself does not appear to match the official web presence of a recognized telecom operator or government labor program. Its randomly structured subdomain format, newly created registration, and use of redirect-style paths such as /go.php and /single.php may indicate that it is part of a short-lived traffic or lead-generation setup. No clear operator identity, company ownership details, or official organizational attribution were provided in the scan data.
Safety Assessment for labor-day-51gb-free2.iokd9[.]top
The scan results show several cautionary indicators at the time of this scan. One out of 91 security engines flagged the domain for phishing, and a malware scan marked the overall threat level as malicious, with 7 out of 10 scanned files flagged as malicious or suspicious. In addition, 7 external links and 2 referenced domains were flagged, including externally loaded resources that were associated with generic malicious-object detections. These findings may indicate that the page is using suspicious redirects, third-party scripts, or externally hosted assets commonly seen in deceptive campaigns.
Contextual signals also raise concern. The domain was registered the same day it was scanned, has no established traffic ranking, and uses a highly disposable-looking hostname pattern. The page content advertises a large free-data reward tied to a holiday theme and displays telecom branding, which may create the impression of affiliation with legitimate providers even though the domain does not appear to be an official provider domain. That combination of a newly created domain, giveaway-style messaging, and suspicious redirect endpoints may increase the likelihood of social-engineering or phishing-related activity.
Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site was reachable over HTTPS with a valid Let's Encrypt certificate that, at the time of this scan, was set to expire on 2026-07-29. It appears to be served through Cloudflare infrastructure, with the server IP resolving to 172.67.195.145 and Cloudflare nameservers in use. DNSSEC appears to be unsigned, which is not uncommon but does mean there is no DNSSEC-based authenticity protection visible in the provided data.
From a technical risk perspective, the more notable issues are the flagged PHP endpoints, suspicious outbound links, and references to externally hosted resources that were identified as malicious by malware scanning. The use of multiple redirect-like parameters under /go.php and the loading of third-party content from flagged domains may indicate an infrastructure pattern associated with short-lived campaigns or traffic redirection chains.
Share your experience with this website. Was it safe? Did you encounter any issues?