Report - smiling-u.vip/sweep-spinner-2?cep=tMkB3xvAIy6ydU7_lgcPOkKWcGe5S9Fcc5ykq7rZ1V6x79cWCCozFWpyhikrkMTjSd_tmytWjTlwAipNoZhGMZYYXnvF_Z3Pl41eUyDNcSMxmqj49LWcYJC-KvaIRSR3JpPa-evEh4uY-7o_a-FigRMVGKUiNupacywjXpBpKsTFHZeLW3sbbxx8FV5uB5QjLOqEjbTMD1bp_8nzDo9k3s64JbxDdd87pPcgczN74unNNhFV-sbSPffD8GmO5JHKP86wdtEwhkm7_890MHnA7bu-uNM6fCUT6nCxCSKNbQZc20sAqXazFjeCf6f99LUSgVAgz7Y1Rv90e8B1y3es9Gf18PyHOFEDtH_8Gr_PaMxIq3EpJEAtCW4hVQ9r5oEKfEyEym4ISnwjjCIqbxr4GQ&lptoken=17a301442474546d9735/sweep-spinner-2//sweep-spinner-2//sweep-spinner-2/

Report Overview

Visited public
2023-11-29 07:42:17
Tags
URL
smiling-u.vip/sweep-spinner-2?cep=tMkB3xvAIy6ydU7_lgcPOkKWcGe5S9Fcc5ykq7rZ1V6x79cWCCozFWpyhikrkMTjSd_tmytWjTlwAipNoZhGMZYYXnvF_Z3Pl41eUyDNcSMxmqj49LWcYJC-KvaIRSR3JpPa-evEh4uY-7o_a-FigRMVGKUiNupacywjXpBpKsTFHZeLW3sbbxx8FV5uB5QjLOqEjbTMD1bp_8nzDo9k3s64JbxDdd87pPcgczN74unNNhFV-sbSPffD8GmO5JHKP86wdtEwhkm7_890MHnA7bu-uNM6fCUT6nCxCSKNbQZc20sAqXazFjeCf6f99LUSgVAgz7Y1Rv90e8B1y3es9Gf18PyHOFEDtH_8Gr_PaMxIq3EpJEAtCW4hVQ9r5oEKfEyEym4ISnwjjCIqbxr4GQ&lptoken=17a301442474546d9735/sweep-spinner-2//sweep-spinner-2//sweep-spinner-2/
Finishing URL
smiling-u.vip/sweep-spinner-2/
IP / ASN
172.67.182.98
#13335 CLOUDFLARENET
Title
Spin&Win🎰

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
smiling-u.vip	unknown	2023-06-27	2023-06-27 08:56:18	2023-11-28 05:41:40	2.4 kB	17 kB	172.67.182.98
assets.landerlab.io	484499	2019-07-03	2020-11-05 05:28:34	2023-11-28 18:11:18	426 B	9.2 kB	54.230.111.105
happy-u.vip	unknown	2019-12-18	2019-12-18 14:12:42	2023-11-28 16:55:06	3.1 kB	671 kB	104.21.93.229
track.landerlab.io	818681	2019-07-03	2021-07-23 11:29:47	2023-11-28 19:32:43	472 B	890 B	104.18.17.6
deefauph.com	135892	2021-03-12	2021-03-12 14:41:43	2023-11-28 05:13:00	1.0 kB	12 kB	139.45.197.251

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-29	medium	smiling-u.vip	Sinkholed
2023-11-29	medium	smiling-u.vip	Sinkholed
2023-11-29	medium	smiling-u.vip	Sinkholed
2023-11-29	medium	smiling-u.vip	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	smiling-u.vip/sweep-spinner-2/	ScriptElement	40 B	2023-06-27	2024-08-20
Pretty URL smiling-u.vip/sweep-spinner-2/ IP 172.67.182.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-27 15:27 Last Seen2024-08-20 17:40 Times Seen19 Hash c54f97f30943e6ebed57819de49415d8 76fb2de397774d948a8b798c51fddd524e440e90 0a25c28de7e181f85511154ec851ff106af45af3bc4ea55ad1325bff82df13a8 Loading...

	smiling-u.vip/sweep-spinner-2/	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL smiling-u.vip/sweep-spinner-2/ IP 172.67.182.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 12:30 Times Seen4654275 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	track.landerlab.io/p/606dc316bd12e800113ca177?lander_id=9500885da67c0f6f240f184f270a7baf	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL track.landerlab.io/p/606dc316bd12e800113ca177?lander_id=9500885da67c0f6f240f184f270a7baf IP 104.18.17.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 12:30 Times Seen4654275 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	deefauph.com/pfe/current/micro.tag.min.js?z=4620078&sw=/sw-check-permissions-0a6ea.js	ScriptElement	27 kB	2023-11-02	2024-08-20
Pretty URL deefauph.com/pfe/current/micro.tag.min.js?z=4620078&sw=/sw-check-permissions-0a6ea.js IP 139.45.197.251 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 09:44 Last Seen2024-08-20 21:23 Times Seen8998 Hash 5ccd2d5882a06f293d07510ac91c92e6 b44dc0eaa03981adb70d3313e728f9359c1d21c1 9fc2aa21f3a7bfe66783d35fdbb48147f73e72a41f87aea848f64a8cb4518eba Loading...

	smiling-u.vip/sweep-spinner-2/	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL smiling-u.vip/sweep-spinner-2/ IP 172.67.182.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 12:30 Times Seen4654275 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	happy-u.vip/spin2win%2Fjs%2Fcount_down.js	ScriptElement	907 B	2023-03-07	2024-08-21
Pretty URL happy-u.vip/spin2win%2Fjs%2Fcount_down.js IP 104.21.93.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2024-08-21 09:39 Times Seen270 Hash 09ec635ed1a465823cbe01516339645e 095041fdb5894a7a468c5d12ab1bacfad8070a8d fcc0f3f494fde197064616b7c701d17b30a865194cfafd4be32105576bb9fb91 Loading...

	happy-u.vip/spin2win%2Fjs%2Fjquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-11
Pretty URL happy-u.vip/spin2win%2Fjs%2Fjquery.min.js IP 104.21.93.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-11 07:57 Times Seen4544 Hash 7c14a783dfeb3d238ccd3edd840d82ee ad886e472b3557f3dc7dfa2bc43468ab8d1cef5b 80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0 Loading...

HTTP Transactions (15)

URL IP Response Size

assets.landerlab.io/base.css

54.230.111.105

200 OK

8.7 kB

URL GET HTTP/2
assets.landerlab.io/base.css
IP
54.230.111.105:443
ASN
#16509 AMAZON-02

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerAmazon
Subject*.landerlab.io
FingerprintCA:55:A0:91:66:D2:49:1D:74:D9:90:B0:7E:D2:4C:B1:3A:0C:10:78
ValidityWed, 28 Jun 2023 00:00:00 GMT - Fri, 26 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (8731)
Size
8.7 kB (8732 bytes)
Hash
7f6de4e86d84bcbfd919f155e7545439
e7d9a7a418519c3fbce6de3c85775087cba93b49
8d8c59c2712df25a26ecd01739496e49c3514a9341fa3cd21cfa98627ba6efa2

HTTP Headers

GET /base.css HTTP/1.1
Host: assets.landerlab.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
content-length: 8732
last-modified: Sat, 29 May 2021 19:05:04 GMT
x-amz-version-id: 0sEXTlrAazg9KkJm7sv1lqt808WfgxiL
accept-ranges: bytes
server: AmazonS3
date: Tue, 28 Nov 2023 19:40:21 GMT
etag: "7f6de4e86d84bcbfd919f155e7545439"
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: DzjOk3H4M1UJaThaw5xL7vyy6QYb3_rchgq9L2rkDij4n7DEM38_-Q==
age: 43300
X-Firefox-Spdy: h2

happy-u.vip/spin2win%2Fimg%2Fpointer.png

104.21.93.229

200 OK

23 kB

URL GET HTTP/2
happy-u.vip/spin2win%2Fimg%2Fpointer.png
IP
104.21.93.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjecthappy-u.vip
Fingerprint60:D2:E0:0E:6D:F6:F0:3F:A6:B5:F1:91:7E:E3:90:90:29:80:0A:E4
ValidityThu, 26 Oct 2023 05:54:28 GMT - Wed, 24 Jan 2024 05:54:27 GMT

File type
PNG image data, 265 x 133, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (23050 bytes)
Hash
0eefbef8c10d7eaf4439abc814ef08ca
3a651a3ec4ae6cf02029ac3df2ea9413cd1846af
a976617eac03d776487dd15431f06db8426f673d5745beba8a0aefbe5308f740

HTTP Headers

GET /spin2win%2Fimg%2Fpointer.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 29 Nov 2023 07:42:00 GMT
content-type: image/png
content-length: 23050
x-amz-id-2: QI7Ec/IkFAEZWQ8v1lwm3+JlFD2ntkQcHb2FMWK20Rf0brkT6Xa2Lk2qhwbEbGNpWDwhJL0t8Jo=
x-amz-request-id: JFYN6NYKRG52FWZ6
last-modified: Sun, 04 Jun 2023 14:41:39 GMT
etag: "0eefbef8c10d7eaf4439abc814ef08ca"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EP6Ifj5lnH6jYW%2Bawhwx82iVflZw0aLhsj2wHcW7By3l9bMzhiQKDJLx%2BCXHV6hTiNZE4dLUBeM0orpwXEMuR7XHwaL%2FCcnJmfFq8zs58aQqEmYBbdjb7EgXz2%2F0hg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d936247e9c712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

happy-u.vip/spin2win%2Fimg%2F2cvxag0tb945z8wi3hlo.png

104.21.93.229

200 OK

125 kB

URL GET HTTP/2
happy-u.vip/spin2win%2Fimg%2F2cvxag0tb945z8wi3hlo.png
IP
104.21.93.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjecthappy-u.vip
Fingerprint60:D2:E0:0E:6D:F6:F0:3F:A6:B5:F1:91:7E:E3:90:90:29:80:0A:E4
ValidityThu, 26 Oct 2023 05:54:28 GMT - Wed, 24 Jan 2024 05:54:27 GMT

File type
PNG image data, 867 x 468, 8-bit/color RGBA, non-interlaced\012- data
Size
125 kB (124744 bytes)
Hash
e04fee898592269da379a0d70cb76e76
142b42540a7f3d644f7dc061867f2b754fdb9e65
5c42e9030657c1043259bb823c47703ce9279024db6bee1d96e9e55520309c99

HTTP Headers

GET /spin2win%2Fimg%2F2cvxag0tb945z8wi3hlo.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 29 Nov 2023 07:42:00 GMT
content-type: image/png
content-length: 124744
x-amz-id-2: X0FhJRMTCjhZRaJcjB5i3dkMFa0sOfP3h4F0hmPdy/w/xrTi0hIBiUvxON9P6UDo6+V8kLWycj4=
x-amz-request-id: JFYX6PVB4992SWZW
last-modified: Sun, 04 Jun 2023 14:41:39 GMT
etag: "e04fee898592269da379a0d70cb76e76"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xtCHXiO4cpNqEcgrGoVNddijYsal%2F0nIlsdXcysTGFaJfJQKxP5jd%2FXFHAZenXCndDkPKU9YLGCbxhj%2F6aAswdTkHqPvRrBJoKPi4JvGrtqiAXPH3dv%2F38Co0SXAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d936247e9d712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

happy-u.vip/spin2win%2Fimg%2Fspin_wheel.png

104.21.93.229

200 OK

300 kB

URL GET HTTP/2
happy-u.vip/spin2win%2Fimg%2Fspin_wheel.png
IP
104.21.93.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjecthappy-u.vip
Fingerprint60:D2:E0:0E:6D:F6:F0:3F:A6:B5:F1:91:7E:E3:90:90:29:80:0A:E4
ValidityThu, 26 Oct 2023 05:54:28 GMT - Wed, 24 Jan 2024 05:54:27 GMT

File type
PNG image data, 718 x 718, 8-bit/color RGBA, non-interlaced\012- data
Size
300 kB (299863 bytes)
Hash
e1bf1c906a87c2454f418ebf3d27beee
f1adb9977dcfe2228b806e9aa36fd72ee1b63fc1
e3c6f661ff6103dbf682712d2e60d324bf9807090434d653c3fd4d5f23f27770

HTTP Headers

GET /spin2win%2Fimg%2Fspin_wheel.png HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 29 Nov 2023 07:42:00 GMT
content-type: image/png
content-length: 299863
x-amz-id-2: EM17eoW6tXF7kUYRb7Ygwghf21N76Us6lfTq16ypXSWvwQpMa2SSQxYhBS8vSK3YTB+h3Yply50=
x-amz-request-id: JFYG0CYN5APT11GP
last-modified: Sun, 04 Jun 2023 14:41:39 GMT
etag: "e1bf1c906a87c2454f418ebf3d27beee"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=myqvx85wHT6yb9oIxLrFlihqZO4ow305SMwVjdJKyHPU0Pc4Px6387rvSuSmoRA7Tkb2gLTce8STuOH30VQ6%2BK5g6ugDrHnnp%2BMIAUOVTKJ6%2Bif%2BGGe6rV8zZLX2Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d936247e9b712b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

track.landerlab.io/p/606dc316bd12e800113ca177?lander_id=9500885da67c0f6f240f184f270a7baf

104.18.17.6

200 OK

0 B

URL GET HTTP/2
track.landerlab.io/p/606dc316bd12e800113ca177?lander_id=9500885da67c0f6f240f184f270a7baf
IP
104.18.17.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerCloudflare, Inc.
Subjectlanderlab.io
FingerprintE5:19:57:65:1C:8A:4A:59:2F:10:FC:CE:EC:7C:74:C3:C9:6E:04:49
ValidityFri, 07 Apr 2023 00:00:00 GMT - Sat, 06 Apr 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/606dc316bd12e800113ca177?lander_id=9500885da67c0f6f240f184f270a7baf HTTP/1.1
Host: track.landerlab.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 Nov 2023 07:42:00 GMT
content-length: 0
cache-control: no-cache
set-cookie: worker_cookie=N4Igdgpg7g+gFgSwC4wQExALhAThwDggBYAGAVjIFoySB2fSogZjVsvwEYSBjSgJm4A2ToJJ8SHAEY4QAGhAA3BAGdkqDNnwkiAMwhku/cYMZ80vSYIglKtMhACG3HEW740konMUq1SBAC2EMpIDgEADlgg4nxMlBwc/DgAKnSYRHyYJCQAdLS0ggBa3kqqSAD2AE7qUdwQTNIc3A78OiSSjG0mDnwQfPyS+PgO7e3iEN7NEQ4IAOZgNdiiguZMHIKSaBy9WhIcTM0c+d5g5WgQMNxwM2BYANoAuvIqMJBQWDoOADbKEAC+QA===; Expires=Thu, 30 Nov 2023 07:42:00 GMT; Domain=track.landerlab.io; Path=/; SameSite=None; Secure
__cf_bm=PGCKYaStXT_SJEGN5WSisq3xRsAtA3URZWfVDoDunfg-1701243720-0-AQNlZI00xilT4zQPJ6VreDj/e3AwGbat8ND11YfL0zFAAoeOCwoW2Ug24fZi91G2dBnj+twp/kEW9uIB9dFWZPQ=; path=/; expires=Wed, 29-Nov-23 08:12:00 GMT; domain=.track.landerlab.io; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d93626cdf356bb-OSL
X-Firefox-Spdy: h2

deefauph.com/pfe/current/micro.tag.min.js?z=4620078&sw=/sw-check-permissions-0a6ea.js

139.45.197.251

200 OK

11 kB

URL GET HTTP/2
deefauph.com/pfe/current/micro.tag.min.js?z=4620078&sw=/sw-check-permissions-0a6ea.js
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjectdeefauph.com
FingerprintC9:BF:8F:4B:E8:EB:DC:8F:83:22:79:96:21:1A:B7:59:F3:02:A6:28
ValiditySat, 28 Oct 2023 05:38:23 GMT - Fri, 26 Jan 2024 05:38:22 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
11 kB (11396 bytes)
Hash
eec832250bf3dc806229f339adb8cbf9
d4c222809698b241ca8da2ccc51d1b147960f924
a08b175db1e67b8d727b5d2e363f74292ddc34c227807c6d0fcaaf7e0961c9bd

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=4620078&sw=/sw-check-permissions-0a6ea.js HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 29 Nov 2023 07:42:00 GMT
content-type: application/javascript
last-modified: Mon, 27 Nov 2023 17:44:23 GMT
etag: W/"6564d577-697f"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

smiling-u.vip/favicon.ico

172.67.182.98

404 Not Found

346 B

URL GET HTTP/3
smiling-u.vip/favicon.ico
IP
172.67.182.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjectsmiling-u.vip
FingerprintDC:C6:BA:2E:C0:35:45:B8:AA:D6:33:93:BD:FA:A9:C0:B6:43:2E:A0
ValidityMon, 23 Oct 2023 11:49:28 GMT - Sun, 21 Jan 2024 11:49:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (360), with no line terminators
Size
346 B (346 bytes)
Hash
e59ee1e1299bcdffa06b19a49fb2a1f6
d3bb3271c746b281ba1e0d02417317ce0988e7fa
2f66c00df6684ac5a6e17b6d970be7fc3026461b26ebf597d69a7abe89f240e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: smiling-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/sweep-spinner-2/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 29 Nov 2023 07:42:00 GMT
content-type: text/html; charset=utf-8
x-amz-request-id: XTFRH087VW8ZKKWF
x-amz-id-2: dVJe64smb4JP/yGVfrCK5b05FC82u7IP3xDulfyiNslOvkC0jX8g0+elxU7UwTHm48KkgG+dsGU=
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=568x%2BOEoFWWCqZRSdcX3DeoKb4%2FvjNWrT6HM0Mo77LsJ5DgeeKSgjapkn%2FFPttDdnYxbMKO%2BMueS9zKP8d6fgjXECWIHk6ktkzS9HtMBdsyMqqawW20LDdPuOawGW58T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d93627da3f56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

deefauph.com/zone?&pub=0&zone_id=4620078&is_mobile=false&domain=smiling-u.vip&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest

139.45.197.251

200 OK

0 B

URL POST HTTP/2
deefauph.com/zone?&pub=0&zone_id=4620078&is_mobile=false&domain=smiling-u.vip&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjectdeefauph.com
FingerprintC9:BF:8F:4B:E8:EB:DC:8F:83:22:79:96:21:1A:B7:59:F3:02:A6:28
ValiditySat, 28 Oct 2023 05:38:23 GMT - Fri, 26 Jan 2024 05:38:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=4620078&is_mobile=false&domain=smiling-u.vip&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest HTTP/1.1
Host: deefauph.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://smiling-u.vip
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Wed, 29 Nov 2023 07:42:00 GMT
content-length: 0
x-trace-id: acd7d118f481f473faf09caaaf1250ee
access-control-allow-origin: https://smiling-u.vip
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

smiling-u.vip/sweep-spinner-2/

172.67.182.98

200 OK

6.5 kB

URL User Request GET HTTP/2
smiling-u.vip/sweep-spinner-2/
IP
172.67.182.98:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectsmiling-u.vip
FingerprintDC:C6:BA:2E:C0:35:45:B8:AA:D6:33:93:BD:FA:A9:C0:B6:43:2E:A0
ValidityMon, 23 Oct 2023 11:49:28 GMT - Sun, 21 Jan 2024 11:49:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6823), with no line terminators
Size
6.5 kB (6506 bytes)
Hash
95917d8afc44217a798c25c235b80b3d
75a0753037e30f9daebd52cdca1619a90cbc4689
9213bfa2ce28b53e977714d8f4c5e20f8d69ff44805330d739f165a0e46483be

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweep-spinner-2/ HTTP/1.1
Host: smiling-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 Nov 2023 07:41:59 GMT
content-type: text/html
x-amz-id-2: o3HL3UDZv4kJ4eGwrpG9FmFGYMCdIpeuVgA04iOupQCXydetnKCKG/e6vXteoJS832GSEu7RY2M=
x-amz-request-id: DA69MQF8PXCEN9E4
last-modified: Wed, 12 Jul 2023 11:59:36 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HF0tpKT0T3MQDpkk6Ci2vKLJ4glSZY8FcBT4dcVdbVCTei7WCKkPPG8xnqNhEppzruttoR51SOxdCAZJl21bkRBzDuRd8NbiN%2FzGPioEkr49zN5OGBtd3BgMQ2wPijbS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d93621daad5699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

happy-u.vip/spin2win%2Fcss%2Fmain.css

104.21.93.229

200 OK

5.6 kB

URL GET HTTP/2
happy-u.vip/spin2win%2Fcss%2Fmain.css
IP
104.21.93.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjecthappy-u.vip
Fingerprint60:D2:E0:0E:6D:F6:F0:3F:A6:B5:F1:91:7E:E3:90:90:29:80:0A:E4
ValidityThu, 26 Oct 2023 05:54:28 GMT - Wed, 24 Jan 2024 05:54:27 GMT

File type
ASCII text, with very long lines (5554), with no line terminators
Size
5.6 kB (5554 bytes)
Hash
788d6b0c599c78339d8457484a6b2c4d
10610a39e7b2d11824ed517d4afb69bce0f2dc1b
6e0736ed4f2c0f28665ea6cfe69d19baa943c75529d82177017a104e81975140

HTTP Headers

GET /spin2win%2Fcss%2Fmain.css HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 Nov 2023 07:42:00 GMT
content-type: text/css
cf-bgj: minify
etag: W/"788d6b0c599c78339d8457484a6b2c4d"
last-modified: Sun, 04 Jun 2023 14:41:39 GMT
x-amz-id-2: f7avht85M5arAIMrAYe7Hqb6BZi1BwfjRZT4su+JkctS17X3awR11CJMCFlQYbc5r4IvR3WCy70=
x-amz-request-id: JFYVP765RMCVN0FQ
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nXKlbFPjuCsn7oOs768saJK5We9KuUXpDZdpYICUEa3bgY7fsyZBXiqMt5RKNgx%2BPPbT4zeJ%2BgVFylS4bhTzv5fDH5%2B4Rg1vrN6t9ejuJJPXoD0DY2eUiVqnaoWiZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d93624cefb712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

happy-u.vip/spin2win%2Fjs%2Fjquery.min.js

104.21.93.229

200 OK

90 kB

URL GET HTTP/2
happy-u.vip/spin2win%2Fjs%2Fjquery.min.js
IP
104.21.93.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjecthappy-u.vip
Fingerprint60:D2:E0:0E:6D:F6:F0:3F:A6:B5:F1:91:7E:E3:90:90:29:80:0A:E4
ValidityThu, 26 Oct 2023 05:54:28 GMT - Wed, 24 Jan 2024 05:54:27 GMT

File type
ASCII text, with very long lines (65447)
Size
90 kB (89500 bytes)
Hash
7c14a783dfeb3d238ccd3edd840d82ee
ad886e472b3557f3dc7dfa2bc43468ab8d1cef5b
80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0

HTTP Headers

GET /spin2win%2Fjs%2Fjquery.min.js HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 Nov 2023 07:42:00 GMT
content-type: application/javascript
x-amz-id-2: 24Lvb23bY6SScecmvoKdldAciYliFzWpz7rAVQ0Vg2GkGt3d5YmIyySvQudDJVvElysT7jr0UhM=
x-amz-request-id: JFYRAH5CVHKJBAK5
last-modified: Sun, 04 Jun 2023 14:41:39 GMT
etag: W/"7c14a783dfeb3d238ccd3edd840d82ee"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyjU%2BrwrxC54QAFKj1ZCteG0%2B2zBNQ516ffZsxES5Xz8Emv0e6GJjPGBmLE4en3DIm0lQVjRc9AM%2BByo2IS3Rl5QmVnWWn4JnJklz0hAc7xZrcwBC7QtXuJky3srdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d936247ea9712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

smiling-u.vip/sweep-spinner-2?cep=tMkB3xvAIy6ydU7_lgcPOkKWcGe5S9Fcc5ykq7rZ1V6x79cWCCozFWpyhikrkMTjSd_tmytWjTlwAipNoZhGMZYYXnvF_Z3Pl41eUyDNcSMxmqj49LWcYJC-KvaIRSR3JpPa-evEh4uY-7o_a-FigRMVGKUiNupacywjXpBpKsTFHZeLW3sbbxx8FV5uB5QjLOqEjbTMD1bp_8nzDo9k3s64JbxDdd87pPcgczN74unNNhFV-sbSPffD8GmO5JHKP86wdtEwhkm7_890MHnA7bu-uNM6fCUT6nCxCSKNbQZc20sAqXazFjeCf6f99LUSgVAgz7Y1Rv90e8B1y3es9Gf18PyHOFEDtH_8Gr_PaMxIq3EpJEAtCW4hVQ9r5oEKfEyEym4ISnwjjCIqbxr4GQ&lptoken=17a301442474546d9735/sweep-spinner-2//sweep-spinner-2//sweep-spinner-2/

172.67.182.98

302 Found

6.5 kB

URL User Request GET HTTP/2
smiling-u.vip/sweep-spinner-2?cep=tMkB3xvAIy6ydU7_lgcPOkKWcGe5S9Fcc5ykq7rZ1V6x79cWCCozFWpyhikrkMTjSd_tmytWjTlwAipNoZhGMZYYXnvF_Z3Pl41eUyDNcSMxmqj49LWcYJC-KvaIRSR3JpPa-evEh4uY-7o_a-FigRMVGKUiNupacywjXpBpKsTFHZeLW3sbbxx8FV5uB5QjLOqEjbTMD1bp_8nzDo9k3s64JbxDdd87pPcgczN74unNNhFV-sbSPffD8GmO5JHKP86wdtEwhkm7_890MHnA7bu-uNM6fCUT6nCxCSKNbQZc20sAqXazFjeCf6f99LUSgVAgz7Y1Rv90e8B1y3es9Gf18PyHOFEDtH_8Gr_PaMxIq3EpJEAtCW4hVQ9r5oEKfEyEym4ISnwjjCIqbxr4GQ&lptoken=17a301442474546d9735/sweep-spinner-2//sweep-spinner-2//sweep-spinner-2/
IP
172.67.182.98:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectsmiling-u.vip
FingerprintDC:C6:BA:2E:C0:35:45:B8:AA:D6:33:93:BD:FA:A9:C0:B6:43:2E:A0
ValidityMon, 23 Oct 2023 11:49:28 GMT - Sun, 21 Jan 2024 11:49:27 GMT

File type

Size
6.5 kB (6506 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sweep-spinner-2?cep=tMkB3xvAIy6ydU7_lgcPOkKWcGe5S9Fcc5ykq7rZ1V6x79cWCCozFWpyhikrkMTjSd_tmytWjTlwAipNoZhGMZYYXnvF_Z3Pl41eUyDNcSMxmqj49LWcYJC-KvaIRSR3JpPa-evEh4uY-7o_a-FigRMVGKUiNupacywjXpBpKsTFHZeLW3sbbxx8FV5uB5QjLOqEjbTMD1bp_8nzDo9k3s64JbxDdd87pPcgczN74unNNhFV-sbSPffD8GmO5JHKP86wdtEwhkm7_890MHnA7bu-uNM6fCUT6nCxCSKNbQZc20sAqXazFjeCf6f99LUSgVAgz7Y1Rv90e8B1y3es9Gf18PyHOFEDtH_8Gr_PaMxIq3EpJEAtCW4hVQ9r5oEKfEyEym4ISnwjjCIqbxr4GQ&lptoken=17a301442474546d9735/sweep-spinner-2//sweep-spinner-2//sweep-spinner-2/ HTTP/1.1
Host: smiling-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Wed, 29 Nov 2023 07:41:59 GMT
content-type: text/html; charset=utf-8
x-amz-error-code: Found
x-amz-error-message: Resource Found
x-amz-request-id: XTFPE4H07WVRKC9W
x-amz-id-2: nVMDrAEy5pwnZJW/2T/EJVgUm/JVsPjDDOA2hGlYxpPhVRC/EoeoFlB5eBnOIhVToTvW0m0FOPc=
location: /sweep-spinner-2/
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2BnJjj%2BiZD%2F2GDk6A5mzMNMG2Jl52sYeERYJGrNeTqWUvaKtq7WIEE2vBnzExKgPZdUHOpNYXx1uFDRfFoBcgISvHjZncLtg1h%2FvqbV5HhqdwQtDPkJZJ6P70%2FJWXvno"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d93620994a5699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

happy-u.vip/spin2win%2Fcss%2Fbootstrap.min.css

104.21.93.229

200 OK

121 kB

URL GET HTTP/2
happy-u.vip/spin2win%2Fcss%2Fbootstrap.min.css
IP
104.21.93.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjecthappy-u.vip
Fingerprint60:D2:E0:0E:6D:F6:F0:3F:A6:B5:F1:91:7E:E3:90:90:29:80:0A:E4
ValidityThu, 26 Oct 2023 05:54:28 GMT - Wed, 24 Jan 2024 05:54:27 GMT

File type
ASCII text, with very long lines (65371)
Size
121 kB (121200 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /spin2win%2Fcss%2Fbootstrap.min.css HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 Nov 2023 07:42:00 GMT
content-type: text/css
x-amz-id-2: MnvRhzd9wCTrLwuI513IsoHchACi8sdceo5gyHppwicKX4xveIBNNrpOr8qKhn565XogUm4d6h4=
x-amz-request-id: JFYYWAAJ920KBRDP
last-modified: Sun, 04 Jun 2023 14:41:39 GMT
etag: W/"ec3bb52a00e176a7181d454dffaea219"
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=848BXsWuwIr3KZVVyixZZF3rU9Pxcz9%2F3SVRPucr25klhrEw6Q3TT3Esk86eCVvcg5%2BTTN3ripEq9Fbr4ONo5w6cV%2F1u9ZF7ynNS20o2vUpC4J%2Fakx%2FknnKfxZyV9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d936247ea6712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

happy-u.vip/spin2win%2Fjs%2Fcount_down.js

104.21.93.229

200 OK

907 B

URL GET HTTP/2
happy-u.vip/spin2win%2Fjs%2Fcount_down.js
IP
104.21.93.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjecthappy-u.vip
Fingerprint60:D2:E0:0E:6D:F6:F0:3F:A6:B5:F1:91:7E:E3:90:90:29:80:0A:E4
ValidityThu, 26 Oct 2023 05:54:28 GMT - Wed, 24 Jan 2024 05:54:27 GMT

File type
ASCII text, with very long lines (936), with no line terminators
Size
907 B (907 bytes)
Hash
e6f56d1fb2ba8717d528d583908a32bc
09d52dde47a15590794f3a82174d96b339ffbf13
dd6c33c0fec0651cb08b639522fd5f170bef2c12bbdfb5ac2c731b5f149205f0

HTTP Headers

GET /spin2win%2Fjs%2Fcount_down.js HTTP/1.1
Host: happy-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 29 Nov 2023 07:42:00 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=1229
etag: W/"fc01db2be817b3fb3184f98127ff0277"
last-modified: Sun, 04 Jun 2023 14:41:39 GMT
x-amz-id-2: IBegiEEuxXqJJA+VrZNBX84CsNZ+6b3jWSYV46wQ5h0hHZlGQVudbgQdKMu1bauEcXhLJZwkGxo=
x-amz-request-id: JFYXAGDQVVX3PG05
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HI3tZ4jqFvcuEqNmwCo7btKEzQ0v%2Bx%2FZhTaRGZ6wxuXZumfk8j%2FZ3kcK2gFKAHKTtgtG2y1FfPhwwV9MFgRQXnl9mDyhl09mlPKr0iABAd6Zf9Dl5309wfQTLXbyOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d936247e98712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

smiling-u.vip/sw-check-permissions-0a6ea.js

172.67.182.98

404 Not Found

364 B

URL GET HTTP/3
smiling-u.vip/sw-check-permissions-0a6ea.js
IP
172.67.182.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smiling-u.vip/sweep-spinner-2/
Certificate
IssuerLet's Encrypt
Subjectsmiling-u.vip
FingerprintDC:C6:BA:2E:C0:35:45:B8:AA:D6:33:93:BD:FA:A9:C0:B6:43:2E:A0
ValidityMon, 23 Oct 2023 11:49:28 GMT - Sun, 21 Jan 2024 11:49:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (378), with no line terminators
Size
364 B (364 bytes)
Hash
f7176ee953b1112d9d5992a2276f7cff
eadae38b4ea283d882f54e213ac0a60a76c13f8f
1869a319126d9ffe03db11b46c1111eb797e4b0f7f6a0cdc11ef8edb189aa515

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sw-check-permissions-0a6ea.js HTTP/1.1
Host: smiling-u.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://smiling-u.vip/sweep-spinner-2/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 29 Nov 2023 07:42:00 GMT
content-type: text/html; charset=utf-8
x-amz-request-id: XTFZZ0BF04WGH8P0
x-amz-id-2: Se29iaKYjeoBrGwtE8NMbvy+YuP3U9JCy2DrFAh5OIAVvSQrGwBTmqWI5YK6P8A4KirMh4CzN9I=
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3TL62urUL%2FX6rKYlvQwR%2BqsryMw4lEpVVIrlraQQ65JrFPWUwtvubR8yYGyrg2Ns%2FoWqGtMqQpTwmJbB3VuzIlfj%2F1LupXQ7q7byuigshxvmZkzA9%2F8fh04kP90NXT%2F8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82d93627fa5d56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash