Report - win2.icu/1/3/index.html?cid=812674848210825217&uid=8008272

Report Overview

Submitted URL
win2.icu/1/3/index.html?cid=812674848210825217&uid=8008272
IP
172.67.203.143
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 05:56:49
Access
public
Website Title
404 Not Found
Final URL
free.dkk9.com/?utm_medium=db2f465816bd5cba253c1c9f57de6f985f80b7e5&utm_campaign=QA_2f72d2&cid=812674848210825217&1=4143&np=2&2=
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
push-sdk.net	unknown	2022-10-25	2022-11-02	2024-05-09	850 B	16 kB	23.88.8.123
down2.sbs	unknown	2024-04-12	2024-04-12	2024-04-18	1.0 kB	1.3 kB	188.114.96.1
free.dkk9.com	unknown	2019-11-13	2023-05-01	2024-04-18	1.2 kB	5.9 kB	65.60.58.178
app.monetizer.com	479042	2004-03-03	2017-02-09	2023-08-03	431 B	3.2 kB	173.236.118.98
win2.icu	unknown	unknown	No data	No data	974 B	1.3 kB	172.67.203.143

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 05:56:24	medium	Client IP	172.67.203.143	ET INFO Suspicious Domain (*.icu) in TLS SNI
2024-05-10 05:56:24	medium	Client IP	172.67.203.143	ET INFO Suspicious Domain (*.icu) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (9)

	URL	IP	Response	Size
	win2.icu/1/3/index.html?cid=812674848210825217&uid=8008272	172.67.203.143		0 B
URL win2.icu/1/3/index.html?cid=812674848210825217&uid=8008272 IP 172.67.203.143:0 ASN #13335 CLOUDFLARENET File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /1/3/index.html?cid=812674848210825217&uid=8008272 HTTP/1.1 Host: win2.icu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 308 Permanent Redirect date: Fri, 10 May 2024 05:56:24 GMT content-length: 0 location: /1/3/?cid=812674848210825217&uid=8008272 access-control-allow-origin: * referrer-policy: strict-origin-when-cross-origin report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dqOoAduYLJrQCmIaICaqiLKv0Lg2odi9UVjSmEus3bta6y82VgQrcLLSw0YkHJqXBzXtfagZ6Pm6%2FR4BCvQRparcVsDm%2BC%2B7%2BhDN100V6tOZdSTFhGMV8F7c4w%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding cf-cache-status: DYNAMIC server: cloudflare cf-ray: 8817af95ccf2569c-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	win2.icu/favicon.ico	172.67.203.143		0 B
URL win2.icu/favicon.ico IP 172.67.203.143:0 ASN #13335 CLOUDFLARENET File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: win2.icu User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://win2.icu/1/3/?cid=812674848210825217&uid=8008272 DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 404 Not Found date: Fri, 10 May 2024 05:56:25 GMT content-length: 0 access-control-allow-origin: * referrer-policy: strict-origin-when-cross-origin report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ciIT62Hyjhalglh1rLh7InxfZjvKxLs%2FdDScu9mgMGePQPtkLLrIwrd5ct%2B6%2B4u9r9JWFDHFDEfSdR12TkqWAnaLH3uL9bAlVXYNcaqBsPoN0RxIyKeaR2sCg%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding cache-control: max-age=14400 cf-cache-status: EXPIRED server: cloudflare cf-ray: 8817af9b08e056b4-OSL alt-svc: h3=":443"; ma=86400

	push-sdk.net/f/sdk.js?z=1196578	23.88.8.123		15 kB
URL push-sdk.net/f/sdk.js?z=1196578 IP 23.88.8.123:0 ASN #24940 Hetzner Online GmbH File type JavaScript source, Unicode text, UTF-8 text, with very long lines (53344), with no line terminators Size 15 kB (14884 bytes) Hash df17f9793d0bbfbec3c9285f3dcc6200 12f0459f4095371bee63e6dd5f04ea9451cff933 1c60c387936024b9abb1b2514bba07be7725ffad25903c7faf23eecb61e222d7 HTTP Headers `GET /f/sdk.js?z=1196578 HTTP/1.1 Host: push-sdk.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://win2.icu/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: Angie date: Fri, 10 May 2024 05:56:25 GMT content-type: application/javascript; charset=utf-8 content-length: 14884 content-encoding: gzip cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate vary: Accept-Encoding X-Firefox-Spdy: h2`

	push-sdk.net/event?z=1196578	23.88.8.123		0 B
URL push-sdk.net/event?z=1196578 IP 23.88.8.123:0 ASN #24940 Hetzner Online GmbH File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `POST /event?z=1196578 HTTP/1.1 Host: push-sdk.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://win2.icu/ Content-Type: text/plain;charset=UTF-8 Content-Length: 83 Origin: https://win2.icu DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site TE: trailers` HTTP/2 200 OK server: Angie date: Fri, 10 May 2024 05:56:25 GMT content-length: 0 access-control-allow-origin: https://win2.icu access-control-allow-credentials: true access-control-allow-methods: GET, POST, OPTIONS access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-CSRF-Token access-control-expose-headers: Authorization cache-control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store pragma: no-cache expires: Tue, 11 Jan 1994 00:00:00 GMT accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64 X-Firefox-Spdy: h2

	down2.sbs/1.html?cid=812674848210825217&uid=8008272&lp=4143	188.114.96.1		0 B
URL down2.sbs/1.html?cid=812674848210825217&uid=8008272&lp=4143 IP 188.114.96.1:0 ASN #13335 CLOUDFLARENET File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /1.html?cid=812674848210825217&uid=8008272&lp=4143 HTTP/1.1 Host: down2.sbs User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://win2.icu/ DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 308 Permanent Redirect date: Fri, 10 May 2024 05:56:29 GMT content-length: 0 location: /1?cid=812674848210825217&uid=8008272&lp=4143 access-control-allow-origin: * referrer-policy: strict-origin-when-cross-origin report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ViqJVLv69i8thoB3RatZ2QLipyze%2FgzJEo6RAvvHfVkBES1qQYe9jWEELIP4oFzU2ljt%2FKHdScT3W4GJMNmwfZajCHO%2FXbKbannRkY2b0jfuBjo9L7qr9NnHplc%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding cf-cache-status: DYNAMIC server: cloudflare cf-ray: 8817afb449d8b503-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	down2.sbs/favicon.ico	188.114.96.1		0 B
URL down2.sbs/favicon.ico IP 188.114.96.1:0 ASN #13335 CLOUDFLARENET File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: down2.sbs User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://down2.sbs/1?cid=812674848210825217&uid=8008272&lp=4143 DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 404 Not Found date: Fri, 10 May 2024 05:56:29 GMT content-length: 0 access-control-allow-origin: * referrer-policy: strict-origin-when-cross-origin report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7lpjl1U%2FGY61luJotiPJ7LVSK2vPn3HARdW57Nh17VI80az6%2BIJ50%2F7agFojRHVOLXbsnt%2Bd1xmrSUoEFBBe5pzWCzmP1MntDc7XJeHAJa5lfvtWDQY5Mg09yfU%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding cache-control: max-age=14400 cf-cache-status: MISS server: cloudflare cf-ray: 8817afb61f370b41-OSL alt-svc: h3=":443"; ma=86400

	free.dkk9.com/favicon.ico	65.60.58.178	200 OK	1.2 kB
URL GET HTTP/2 free.dkk9.com/favicon.ico IP 65.60.58.178:443 ASN #32475 SINGLEHOP-LLC Requested by https://free.dkk9.com/?utm_medium=db2f465816bd5cba253c1c9f57de6f985f80b7e5&utm_campaign=QA_2f72d2&cid=812674848210825217&1=4143&np=2&2= Certificate IssuerLet's Encrypt Subjectfree.dkk9.com Fingerprint84:45:63:A3:35:E1:A3:37:E8:85:2F:91:3B:57:8C:42:50:26:AD:55 ValiditySat, 13 Apr 2024 03:24:03 GMT - Fri, 12 Jul 2024 03:24:02 GMT File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel Size 1.2 kB (1150 bytes) Hash 91abe01116ab422c598e9c8af72cf4da 0f2815fe8e067d48537ad168225ab4674271fa27 b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc HTTP Headers GET /favicon.ico HTTP/1.1 Host: free.dkk9.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://free.dkk9.com/?utm_medium=db2f465816bd5cba253c1c9f57de6f985f80b7e5&utm_campaign=QA_2f72d2&cid=812674848210825217&1=4143&np=2&2= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Fri, 10 May 2024 05:56:30 GMT content-type: image/x-icon content-length: 1150 last-modified: Fri, 11 Aug 2023 10:37:02 GMT etag: "64d60f4e-47e" expires: Sat, 11 May 2024 05:56:30 GMT cache-control: max-age=86400 strict-transport-security: max-age=63072000; includeSubDomains; preload alt-svc: h3=":443"; ma=604800; persist=1 accept-ranges: bytes X-Firefox-Spdy: h2`

	app.monetizer.com/images/monetizer.png	173.236.118.98	200 OK	2.8 kB
URL GET HTTP/2 app.monetizer.com/images/monetizer.png IP 173.236.118.98:443 ASN #32475 SINGLEHOP-LLC Requested by https://free.dkk9.com/?utm_medium=db2f465816bd5cba253c1c9f57de6f985f80b7e5&utm_campaign=QA_2f72d2&cid=812674848210825217&1=4143&np=2&2= Certificate IssuerLet's Encrypt Subjectmonetizer.com Fingerprint57:55:9D:34:64:B5:26:CA:C4:DB:62:6E:6E:4F:30:D6:91:57:2E:35 ValidityMon, 08 Apr 2024 05:52:12 GMT - Sun, 07 Jul 2024 05:52:11 GMT File type PNG image data, 150 x 149, 8-bit colormap, non-interlaced Size 2.8 kB (2763 bytes) Hash 03a4f7ed6a82302928cb627d8c4b7ba4 ee1470782b782b0b1d7e59616fe5d476c2ac08b2 a907a5abbd6b6e9435a8d503c6a9c05767fd296d59dd6e5fee73e6bc96a9f29c HTTP Headers `GET /images/monetizer.png HTTP/1.1 Host: app.monetizer.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://free.dkk9.com/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Fri, 10 May 2024 05:56:30 GMT content-type: image/png content-length: 2763 last-modified: Mon, 06 May 2024 13:49:09 GMT etag: "6638dfd5-acb" expires: Sat, 11 May 2024 05:56:30 GMT cache-control: max-age=86400 strict-transport-security: max-age=63072000; includeSubDomains; preload alt-svc: h3=":443"; ma=604800; persist=1 accept-ranges: bytes X-Firefox-Spdy: h2`

	free.dkk9.com/?utm_medium=db2f465816bd5cba253c1c9f57de6f985f80b7e5&utm_campaign=QA_2f72d2&cid=812674848210825217&1=4143&np=2&2=	65.60.58.178	404 Not Found	3.9 kB
URL User Request GET HTTP/2 free.dkk9.com/?utm_medium=db2f465816bd5cba253c1c9f57de6f985f80b7e5&utm_campaign=QA_2f72d2&cid=812674848210825217&1=4143&np=2&2= IP 65.60.58.178:443 ASN #32475 SINGLEHOP-LLC Certificate IssuerLet's Encrypt Subjectfree.dkk9.com Fingerprint84:45:63:A3:35:E1:A3:37:E8:85:2F:91:3B:57:8C:42:50:26:AD:55 ValiditySat, 13 Apr 2024 03:24:03 GMT - Fri, 12 Jul 2024 03:24:02 GMT File type gzip compressed data, from Unix Size 3.9 kB (3851 bytes) Hash 06f19d3401bb6e5f25770fad0d599de3 b1438ae02ec3b54b9fbad4555ff47a493181f83b dcf5ea629a00f04f1700907c4e0b61c732c188e3ad21479cefd2a67e54029972 HTTP Headers GET /?utm_medium=db2f465816bd5cba253c1c9f57de6f985f80b7e5&utm_campaign=QA_2f72d2&cid=812674848210825217&1=4143&np=2&2= HTTP/1.1 Host: free.dkk9.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://down2.sbs/ DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 404 Not Found server: nginx date: Fri, 10 May 2024 05:56:29 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding cache-control: no-store, no-cache, must-revalidate, max-age=0 pragma: no-cache expires: Thu, 01 Jan 1970 00:00:00 GMT accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version strict-transport-security: max-age=63072000; includeSubDomains; preload alt-svc: h3=":443"; ma=604800; persist=1 content-encoding: gzip X-Firefox-Spdy: h2`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP