{"report_id":"979bb108-add8-4312-9e30-e70bff031b3a","version":6,"status":"done","tags":[],"date":"2026-05-15T19:27:01Z","url":{"schema":"https","addr":"behappy.rest/","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"behappy.rest/","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"title":"Unsupported Browser","dom":{"size":3576,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2830)","md5":"cd820e3433c4829542b70fc654a56cf3","sha1":"1dac9bb361c99ca10897f42dd65c3e660bd1ad3b","sha256":"7650dd567b3aedfee39f26bda5d63706d137068a82166624e1824f3219204555","sha512":"20fd411111fe3bad949595ec9bc85a98681dad91a8ba61cd78abd91298fc88d4eb9ed28ec7a61081dd7b5be9f4fa495d1f60e1e741a6eb690f011ea0e9f694c9","ssdeep":"","tlshash":"ac7164938718e91e2362c26af667f0c8c506840f9ab52c10f595179b5ee5ff0d1b32ba","dom_hash":"domhashfc028ee1489b8db4f9e64dae2e6e2621","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"behappy.rest/","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-19T19:27:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-05-15","alert":"Hunting_JS_WebAssembly","trigger":"behappy.rest/rlottie-wasm.b8cd14b929a7127811bd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"behappy.rest","ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2026-02-23","domain_rank":0,"first_seen":"2026-05-15T19:27:02.687613Z","last_seen":"2026-05-15T19:27:02.687613Z","alert_count":26,"request_count":22,"received_data":1075779,"sent_data":9806,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"behappy.rest/compatTest.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f460d7154f427d10ee377c39b66f48aa","sha1":"1e84aad2bb3e4eeecdd1c62e2a12d1c6d4a159d9","sha256":"727e8544ec0cfa0aa34dc209cf38263e7cca704c5fc211f9b5c4275395c184a6","sha512":"313e3ae62c9641aec509c7774abf05e668343ce1763a5cb8e3db0a86449bd2d942b734cc841ac6ea816e51d7addfe6f5e540fed5c0f5b51dbf510a0b11c59fc7","ssdeep":"","tlshash":"e061162a4cb16171906d5126ef1fb24336298577160ceb7ca220cf397fb185b855fee8","size":3199,"data":"","first_seen":"2026-02-24T12:54:22.569026Z","last_seen":"2026-05-15T19:28:01.023601Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/main.39f4dff44ff9791be355.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"56bfd93969f113e5ae174a95211ba163","sha1":"e756669d90e775b22ad32abdabdd8e23a5395f5e","sha256":"05e6b33d960ed881c5eddcfc7b3a3ae8fc076ac8447bc3700ea15b4e8219e730","sha512":"b0fb20f0360de6755c0ec98f2d50d39235cda33c5e02ad238d1a1947eada321856b2acc74ee558dde44174c17b544393d5e515ced92514e453eec577f078c2b2","ssdeep":"12288:9cmFe3nBOy0+XhpYqUvthUtvnilmmd4jRl/HrRcjU5ZQ60UjR0kS5SG7R:9FemqUXzlZMgU5Vc","tlshash":"18c44cc5719674eab3d709e6a4ab0088b7395944380dc4a0f16dfce93d3649aa373f8d","size":569019,"data":"","first_seen":"2026-05-15T19:27:05.690235Z","last_seen":"2026-05-15T19:28:01.017137Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/6708.bf6b0a556a579a024500.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"136b2cdbe79a1f6a611b48e55d8af68e","sha1":"40cb5ffc14b963f384a9b5cd54c8e548db9f65b2","sha256":"ecaf64a3666e704db51980c80b346ebdae4ccc9783a85ccbafbb8b3f4b7ea281","sha512":"fea3980e4387a201bb9f4bfa40821504add6b74e5bf1b65f9b163ad0d4920bd0ff8770ace7ccb3299410cf66baea00d0d7cdeff1beca22ae023e5bea4f1d7084","ssdeep":"192:da7mBP+WiYUpahWqPBdLKM/GtiV0D1UYGeIKfyWQPKyG1W1/u:dtB+XYUshDPBRKMFY1UYpIwyWFyG1WI","tlshash":"0712d996a131747e62a984d9e2100b127a36d5587c09a2bdf73c7cfb2d9640a34bcf7c","size":9395,"data":"","first_seen":"2026-05-15T19:27:05.696406Z","last_seen":"2026-05-15T19:28:01.032627Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/redirect.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"17773b57b87a678c98e26a7cac72df6c","sha1":"7422857aa75ee81cabcec2eed6c4a6168f363ee1","sha256":"375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f","sha512":"28d9e1c2af08154e653e2291db46f4110edbf9f5591192f8d695c8852f9c3c755d69dfb5a032a45f51e0a3fc9417f16c20d0772b1225ca9b85e5531e12fa8bfc","ssdeep":"","tlshash":"e8e07dda0279030417e013f36d82b4709137c2fb604c5d028d984321a1b9b4f5b7b84f","size":325,"data":"","first_seen":"2023-07-27T09:32:34Z","last_seen":"2026-05-15T19:28:01.033626Z","times_seen":11446,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"behappy.rest/rlottie-wasm.b8cd14b929a7127811bd.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/6805.72c030754944dd58610e.js","date":"2026-05-15T19:26:43.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /rlottie-wasm.b8cd14b929a7127811bd.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/6805.72c030754944dd58610e.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 65537\r\nConnection: keep-alive\r\nLast-Modified: Tue, 05 May 2026 11:56:43 GMT\r\nETag: \"69f9dafb-10001\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65537,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f9197a18681b7cc4f51b1911286902b0","sha1":"3f585990b02c98c9d787cb74c2a52fdf5d753b98","sha256":"bed5811a3341e35e206eaf3a0518c50edfe50ee9da37480286ac38ff29813c0d","sha512":"9679389c7ae84ee258a31c28e0da91ca3885c491f3e15e544d04c0bbb73c820e03ef8a834d96be0d29305534b18302f2b0110d9361e1d5f34a0fed38912550cd","ssdeep":"768:O6g4cP2yQ6eO0PDlgTdxHzvszXIn2B1ARnv76AeuFYNYjYxRrqhlr3NKR:O1Q6eOyQ5UzXpmK8y1alr8R","tlshash":"2c53e88535d9b0ab42837878946f310bf1ab6d52681c8410db1dd4dabcb4e49e63ffe8","first_seen":"2025-08-04T01:39:06.738468Z","last_seen":"2026-05-15T19:28:01.021979Z","times_seen":162,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":57,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-05-15","alert":"Hunting_JS_WebAssembly","trigger":"behappy.rest/rlottie-wasm.b8cd14b929a7127811bd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/redirect.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:40.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /redirect.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:40 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 325\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:40 GMT\r\nETag: \"69fe2edc-145\"\r\nExpires: Sat, 15 May 2027 19:26:40 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":325,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"17773b57b87a678c98e26a7cac72df6c","sha1":"7422857aa75ee81cabcec2eed6c4a6168f363ee1","sha256":"375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f","sha512":"28d9e1c2af08154e653e2291db46f4110edbf9f5591192f8d695c8852f9c3c755d69dfb5a032a45f51e0a3fc9417f16c20d0772b1225ca9b85e5531e12fa8bfc","ssdeep":"","tlshash":"e8e07dda0279030417e013f36d82b4709137c2fb604c5d028d984321a1b9b4f5b7b84f","first_seen":"2023-07-27T09:32:34Z","last_seen":"2026-05-15T19:28:01.033626Z","times_seen":11446,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/main.39f4dff44ff9791be355.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:40.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /main.39f4dff44ff9791be355.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:40 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 569019\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:23 GMT\r\nETag: \"69fe2ecb-8aebb\"\r\nExpires: Sat, 15 May 2027 19:26:40 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":569019,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators","md5":"56bfd93969f113e5ae174a95211ba163","sha1":"e756669d90e775b22ad32abdabdd8e23a5395f5e","sha256":"05e6b33d960ed881c5eddcfc7b3a3ae8fc076ac8447bc3700ea15b4e8219e730","sha512":"b0fb20f0360de6755c0ec98f2d50d39235cda33c5e02ad238d1a1947eada321856b2acc74ee558dde44174c17b544393d5e515ced92514e453eec577f078c2b2","ssdeep":"12288:9cmFe3nBOy0+XhpYqUvthUtvnilmmd4jRl/HrRcjU5ZQ60UjR0kS5SG7R:9FemqUXzlZMgU5Vc","tlshash":"18c44cc5719674eab3d709e6a4ab0088b7395944380dc4a0f16dfce93d3649aa373f8d","first_seen":"2026-05-15T19:27:05.690235Z","last_seen":"2026-05-15T19:28:01.017137Z","times_seen":2,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":23,"dns":0,"connect":0,"send":0,"wait":28,"receive":151,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/favicon.svg","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:40.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:40 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 892\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:40 GMT\r\nETag: \"69fe2edc-37c\"\r\nExpires: Sat, 15 May 2027 19:26:40 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":892,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d9ee2d4b0edd9f8ba2fb7242162c2c47","sha1":"398522893cf2cdefb5176f11bc67eab31c2d7382","sha256":"a462f1c5333e16b48335054493cfd1d0a13a96847b4b9ffe2cf24403e6e86010","sha512":"e404678e96fe6f6d1fe6c1390e4a64d90844a2d8903f84f1a34b23137593da5ba04112d9504b8bf480b392b294830a363344c5767e3bb5b7a3cb6f5df2a3aa45","ssdeep":"","tlshash":"97114493d060e71ad4c9e16bef61fca0116720cee5b745d485d95a34500fcdbfc08668","first_seen":"2023-05-09T00:01:39Z","last_seen":"2026-05-15T19:28:01.027736Z","times_seen":13886,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/6708.bf6b0a556a579a024500.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:43.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /6708.bf6b0a556a579a024500.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 9395\r\nConnection: keep-alive\r\nLast-Modified: Tue, 05 May 2026 12:02:02 GMT\r\nETag: \"69f9dc3a-24b3\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9395,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9341)","md5":"136b2cdbe79a1f6a611b48e55d8af68e","sha1":"40cb5ffc14b963f384a9b5cd54c8e548db9f65b2","sha256":"ecaf64a3666e704db51980c80b346ebdae4ccc9783a85ccbafbb8b3f4b7ea281","sha512":"fea3980e4387a201bb9f4bfa40821504add6b74e5bf1b65f9b163ad0d4920bd0ff8770ace7ccb3299410cf66baea00d0d7cdeff1beca22ae023e5bea4f1d7084","ssdeep":"192:da7mBP+WiYUpahWqPBdLKM/GtiV0D1UYGeIKfyWQPKyG1W1/u:dtB+XYUshDPBRKMFY1UYpIwyWFyG1WI","tlshash":"0712d996a131747e62a984d9e2100b127a36d5587c09a2bdf73c7cfb2d9640a34bcf7c","first_seen":"2026-05-15T19:27:05.696406Z","last_seen":"2026-05-15T19:28:01.032627Z","times_seen":2,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/3345.2d4c08342ed623b020d4.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/6805.72c030754944dd58610e.js","date":"2026-05-15T19:26:43.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /3345.2d4c08342ed623b020d4.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/6805.72c030754944dd58610e.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2864\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:23 GMT\r\nETag: \"69fe2ecb-b30\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2864,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2810)","md5":"e71409ecdad0c7aba5b6909e9b47d104","sha1":"a2820aa8379265ad243d35ec5786f8f5d8fda617","sha256":"23535aaf984f3edb707e9873d6008845f825e54f54b7c950de470711549bd4b5","sha512":"06ed30a6377c740bbce45234cde5719942dd5a8ec5d22dedc89b28bc03d9b083a867b50d3a0a0550d92ced6a19168d87dd5647875251a8f945e8eeb270b620e5","ssdeep":"","tlshash":"7f510b482a73387a1d6787abf4573b120d6503b13819e59316199fef8a7724f4b03f49","first_seen":"2026-05-15T19:27:05.697507Z","last_seen":"2026-05-15T19:28:01.020157Z","times_seen":2,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/3345.2d4c08342ed623b020d4.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/6805.72c030754944dd58610e.js","date":"2026-05-15T19:26:43.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /3345.2d4c08342ed623b020d4.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/6805.72c030754944dd58610e.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2864\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:23 GMT\r\nETag: \"69fe2ecb-b30\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2864,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2810)","md5":"e71409ecdad0c7aba5b6909e9b47d104","sha1":"a2820aa8379265ad243d35ec5786f8f5d8fda617","sha256":"23535aaf984f3edb707e9873d6008845f825e54f54b7c950de470711549bd4b5","sha512":"06ed30a6377c740bbce45234cde5719942dd5a8ec5d22dedc89b28bc03d9b083a867b50d3a0a0550d92ced6a19168d87dd5647875251a8f945e8eeb270b620e5","ssdeep":"","tlshash":"7f510b482a73387a1d6787abf4573b120d6503b13819e59316199fef8a7724f4b03f49","first_seen":"2026-05-15T19:27:05.697507Z","last_seen":"2026-05-15T19:28:01.020157Z","times_seen":2,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/3345.2d4c08342ed623b020d4.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/6805.72c030754944dd58610e.js","date":"2026-05-15T19:26:43.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /3345.2d4c08342ed623b020d4.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/6805.72c030754944dd58610e.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2864\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:23 GMT\r\nETag: \"69fe2ecb-b30\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2864,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2810)","md5":"e71409ecdad0c7aba5b6909e9b47d104","sha1":"a2820aa8379265ad243d35ec5786f8f5d8fda617","sha256":"23535aaf984f3edb707e9873d6008845f825e54f54b7c950de470711549bd4b5","sha512":"06ed30a6377c740bbce45234cde5719942dd5a8ec5d22dedc89b28bc03d9b083a867b50d3a0a0550d92ced6a19168d87dd5647875251a8f945e8eeb270b620e5","ssdeep":"","tlshash":"7f510b482a73387a1d6787abf4573b120d6503b13819e59316199fef8a7724f4b03f49","first_seen":"2026-05-15T19:27:05.697507Z","last_seen":"2026-05-15T19:28:01.020157Z","times_seen":2,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/compatTest.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:40.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /compatTest.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:40 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3199\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:40 GMT\r\nETag: \"69fe2edc-c7f\"\r\nExpires: Sat, 15 May 2027 19:26:40 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3199,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (413)","md5":"f460d7154f427d10ee377c39b66f48aa","sha1":"1e84aad2bb3e4eeecdd1c62e2a12d1c6d4a159d9","sha256":"727e8544ec0cfa0aa34dc209cf38263e7cca704c5fc211f9b5c4275395c184a6","sha512":"313e3ae62c9641aec509c7774abf05e668343ce1763a5cb8e3db0a86449bd2d942b734cc841ac6ea816e51d7addfe6f5e540fed5c0f5b51dbf510a0b11c59fc7","ssdeep":"","tlshash":"e061162a4cb16171906d5126ef1fb24336298577160ceb7ca220cf397fb185b855fee8","first_seen":"2026-02-24T12:54:22.569026Z","last_seen":"2026-05-15T19:28:01.023601Z","times_seen":60,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":62,"dns":0,"connect":27,"send":0,"wait":28,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/unsupported.png","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:40.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /unsupported.png HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 7043\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:40 GMT\r\nETag: \"69fe2edc-1b83\"\r\nExpires: Sat, 15 May 2027 19:26:40 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7043,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 208 x 208, 8-bit colormap, non-interlaced","md5":"6a1affa3635e8d20ec1c88a598af9011","sha1":"391ac6710a44f3e407fac2583569f992acefda92","sha256":"e9df3445d01b4af59df2721c416013479bfb89134feaf1c61036a848c63857ac","sha512":"9d9fe40b0f5d589af2cbc871140685a1e905b06bd1f78b2520dc1fd46cf40209ebcd7eed86056e8b129967efbfe3459d3173947e3bba064fdbfdad5eb2f84bcb","ssdeep":"192:GIQB1mOm995ipDlrfBtHgHkEW6w3rvFQwJ0J4xBGM:aB4OmIltBt/Z6wz70J4xBP","tlshash":"9ce19fd7d44804c0a64286bac533d4be5667adeeacc65fae739c39c06f5323d41930a5","first_seen":"2024-06-22T14:15:20Z","last_seen":"2026-05-15T19:28:01.018203Z","times_seen":98,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/6805.72c030754944dd58610e.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:43.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /6805.72c030754944dd58610e.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 7351\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:23 GMT\r\nETag: \"69fe2ecb-1cb7\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7351,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7297)","md5":"d9dcacd8ac605898ce1b728fa0a061c3","sha1":"6f467c23f5030fd4d78dd760b40889384a3f87c8","sha256":"457c177bb988e19cd0eefcd4c119440506b8a74b079443e75605769011b5a6bc","sha512":"28d0e20fd00483a9052660607130fa8144e4c1385580954cda27c49d713fde4b637153789d591dab1446c358f6ceac92426fcced4dfe00536a6ed65966059005","ssdeep":"96:5iW936N68UMUN9n7ZqrpMZndapaX976INDgr2Bst41qpKZXMAbEzFWbBT59rM7EM:5iMq8pR946cYh6EjFEYbBTvwoXDDot","tlshash":"43e1a3d63752553ee3969dceed3a104360a1c82c39188274772a5ceb6d279c1e072f93","first_seen":"2026-05-15T19:27:05.715138Z","last_seen":"2026-05-15T19:28:01.019142Z","times_seen":2,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/6805.72c030754944dd58610e.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:43.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /6805.72c030754944dd58610e.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 7351\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:23 GMT\r\nETag: \"69fe2ecb-1cb7\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7351,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7297)","md5":"d9dcacd8ac605898ce1b728fa0a061c3","sha1":"6f467c23f5030fd4d78dd760b40889384a3f87c8","sha256":"457c177bb988e19cd0eefcd4c119440506b8a74b079443e75605769011b5a6bc","sha512":"28d0e20fd00483a9052660607130fa8144e4c1385580954cda27c49d713fde4b637153789d591dab1446c358f6ceac92426fcced4dfe00536a6ed65966059005","ssdeep":"96:5iW936N68UMUN9n7ZqrpMZndapaX976INDgr2Bst41qpKZXMAbEzFWbBT59rM7EM:5iMq8pR946cYh6EjFEYbBTvwoXDDot","tlshash":"43e1a3d63752553ee3969dceed3a104360a1c82c39188274772a5ceb6d279c1e072f93","first_seen":"2026-05-15T19:27:05.715138Z","last_seen":"2026-05-15T19:28:01.019142Z","times_seen":2,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/6805.72c030754944dd58610e.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:43.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /6805.72c030754944dd58610e.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 7351\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:23 GMT\r\nETag: \"69fe2ecb-1cb7\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7351,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7297)","md5":"d9dcacd8ac605898ce1b728fa0a061c3","sha1":"6f467c23f5030fd4d78dd760b40889384a3f87c8","sha256":"457c177bb988e19cd0eefcd4c119440506b8a74b079443e75605769011b5a6bc","sha512":"28d0e20fd00483a9052660607130fa8144e4c1385580954cda27c49d713fde4b637153789d591dab1446c358f6ceac92426fcced4dfe00536a6ed65966059005","ssdeep":"96:5iW936N68UMUN9n7ZqrpMZndapaX976INDgr2Bst41qpKZXMAbEzFWbBT59rM7EM:5iMq8pR946cYh6EjFEYbBTvwoXDDot","tlshash":"43e1a3d63752553ee3969dceed3a104360a1c82c39188274772a5ceb6d279c1e072f93","first_seen":"2026-05-15T19:27:05.715138Z","last_seen":"2026-05-15T19:28:01.019142Z","times_seen":2,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/3345.2d4c08342ed623b020d4.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/6805.72c030754944dd58610e.js","date":"2026-05-15T19:26:43.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /3345.2d4c08342ed623b020d4.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/6805.72c030754944dd58610e.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2864\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:23 GMT\r\nETag: \"69fe2ecb-b30\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2864,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2810)","md5":"e71409ecdad0c7aba5b6909e9b47d104","sha1":"a2820aa8379265ad243d35ec5786f8f5d8fda617","sha256":"23535aaf984f3edb707e9873d6008845f825e54f54b7c950de470711549bd4b5","sha512":"06ed30a6377c740bbce45234cde5719942dd5a8ec5d22dedc89b28bc03d9b083a867b50d3a0a0550d92ced6a19168d87dd5647875251a8f945e8eeb270b620e5","ssdeep":"","tlshash":"7f510b482a73387a1d6787abf4573b120d6503b13819e59316199fef8a7724f4b03f49","first_seen":"2026-05-15T19:27:05.697507Z","last_seen":"2026-05-15T19:28:01.020157Z","times_seen":2,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/rlottie-wasm.b8cd14b929a7127811bd.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/6805.72c030754944dd58610e.js","date":"2026-05-15T19:26:43.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /rlottie-wasm.b8cd14b929a7127811bd.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/6805.72c030754944dd58610e.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 65537\r\nConnection: keep-alive\r\nLast-Modified: Tue, 05 May 2026 11:56:43 GMT\r\nETag: \"69f9dafb-10001\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65537,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f9197a18681b7cc4f51b1911286902b0","sha1":"3f585990b02c98c9d787cb74c2a52fdf5d753b98","sha256":"bed5811a3341e35e206eaf3a0518c50edfe50ee9da37480286ac38ff29813c0d","sha512":"9679389c7ae84ee258a31c28e0da91ca3885c491f3e15e544d04c0bbb73c820e03ef8a834d96be0d29305534b18302f2b0110d9361e1d5f34a0fed38912550cd","ssdeep":"768:O6g4cP2yQ6eO0PDlgTdxHzvszXIn2B1ARnv76AeuFYNYjYxRrqhlr3NKR:O1Q6eOyQ5UzXpmK8y1alr8R","tlshash":"2c53e88535d9b0ab42837878946f310bf1ab6d52681c8410db1dd4dabcb4e49e63ffe8","first_seen":"2025-08-04T01:39:06.738468Z","last_seen":"2026-05-15T19:28:01.021979Z","times_seen":162,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-05-15","alert":"Hunting_JS_WebAssembly","trigger":"behappy.rest/rlottie-wasm.b8cd14b929a7127811bd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-15T19:26:39.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:39 GMT\r\nContent-Type: text/html\r\nContent-Length: 3293\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:23 GMT\r\nETag: \"69fe2ecb-cdd\"\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3293,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2786)","md5":"1cc4281304f6c6f6db3fc5a85f9e85f6","sha1":"f8041a990fb7707662d4fd5eebd584646e41fc26","sha256":"3dba963a2d1cb89444cbf7ad42c2aed2cacec852958e6de7eea7fce585951a94","sha512":"e770625fd7330569772b5b23bef1c269e998a1661f7d8752c7214eabe19803493e3c931600b59b7bd9a07631732cc2a3c09225659e2cf82c04d97ab51c3114db","ssdeep":"","tlshash":"d06142934a18d95e1362c27efa77f0c8c506840f9da06c14f58916da4ee1fe481b367a","first_seen":"2026-05-15T19:27:05.721882Z","last_seen":"2026-05-15T19:28:01.03067Z","times_seen":2,"resource_available":true,"data":null}},"time_used":290,"timings":{"blocked":129,"dns":67,"connect":28,"send":0,"wait":28,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/main.742d19a98482fd0818b5.css","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:40.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /main.742d19a98482fd0818b5.css HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:40 GMT\r\nContent-Type: text/css\r\nContent-Length: 132205\r\nConnection: keep-alive\r\nLast-Modified: Tue, 05 May 2026 12:02:02 GMT\r\nETag: \"69f9dc3a-2046d\"\r\nExpires: Sat, 15 May 2027 19:26:40 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":132205,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (12827)","md5":"9deb04edf45cceb6043ac4f418958399","sha1":"1b1bd2451d0eec88f3aa77f08d50d36f9993cbe3","sha256":"21e6e0b874422f0be1cdec1afb81dd2d28447d48e5adf842f42a012ca4782e07","sha512":"11802a1d99155b5e12ba59ec32511390d3ab08e445f4ede9cc188e4b4e8c3cb0c0049ec68c8f4b5496b3a0369b3b145f39be4f50528dc53b9ca3f2d2c77965b0","ssdeep":"1536:wBiLEpR7JZQGshsIkhQdRvE8W+HYOz7PXfX1XH:TkhJZQGsREQPT1","tlshash":"45d3d7a4e94411f9ab23c63e97c4e76c8d38e481de610faff247615c07ca7da12d2b58","first_seen":"2026-05-15T19:27:05.723076Z","last_seen":"2026-05-15T19:28:01.028964Z","times_seen":2,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":65,"dns":1,"connect":28,"send":0,"wait":28,"receive":85,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/notification.mp3","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:40.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /notification.mp3 HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 206 Partial Content\r\nDate: Fri, 15 May 2026 19:26:40 GMT\r\nContent-Type: audio/mpeg\r\nContent-Length: 10880\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:40 GMT\r\nETag: \"69fe2edc-2a80\"\r\nContent-Range: bytes 0-10879/10880\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10880,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"eba09b6a457792c52fc610b5f9f974b3","sha1":"95e6e0f7648e28ea21bc434054ea59aba3a35aea","sha256":"86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6","sha512":"9dfc5ff830c9ed75c9923528c31e1361fa36500d76a209cd475984e5585a644c8aff1600bf02a658ef363436a51988ff1e63aa7606e541dc4a7b3449c5be4852","ssdeep":"192:RuQQeX7rYX/WUUIk8DLh+2BHpZqlXCYP69tuORf6tVQRa/nwNQBv5JC:RRYeUUEDLk2VClyaV0aZ5g","tlshash":"37226b18af11056ef4866bf0b3939b8dc42d26c37a26d4cdd3a5d7e369430e2a7d500d","first_seen":"2023-05-16T22:57:55Z","last_seen":"2026-05-15T19:28:01.031909Z","times_seen":16661,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/icon-192x192.png","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:40.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /icon-192x192.png HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 28231\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:40 GMT\r\nETag: \"69fe2edc-6e47\"\r\nExpires: Sat, 15 May 2027 19:26:40 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28231,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"a885944d32b972f1a77fee004e86353e","sha1":"3f915a2ec8868a7bc4a05ff9b95b8d9cb484ca99","sha256":"58c4115eb1d07489f2586124e018c961ded76ddbb954d4294528b42e324975ed","sha512":"754ca24ba114531fa888099a5d031b5b53f77da6963e4a64f56eb565a5d27216651874bb7fa7a4cdf824d302413802dd5d8578f58973c199e8dcb7e29849baf8","ssdeep":"768:YLO652KrZXTRSKXPTNhqnzsgt7kpD+IEzGi7Tb+r:nmprxk2Nhqnzsg14D+Phfby","tlshash":"cbc2f2b6efe32c9eff00e3638cda585194d9720f952e79a99812424703f4a2e1d25f40","first_seen":"2026-05-15T19:27:05.728854Z","last_seen":"2026-05-15T19:28:01.024963Z","times_seen":2,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/6805.72c030754944dd58610e.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/","date":"2026-05-15T19:26:43.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /6805.72c030754944dd58610e.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 7351\r\nConnection: keep-alive\r\nLast-Modified: Fri, 08 May 2026 18:43:23 GMT\r\nETag: \"69fe2ecb-1cb7\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7351,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7297)","md5":"d9dcacd8ac605898ce1b728fa0a061c3","sha1":"6f467c23f5030fd4d78dd760b40889384a3f87c8","sha256":"457c177bb988e19cd0eefcd4c119440506b8a74b079443e75605769011b5a6bc","sha512":"28d0e20fd00483a9052660607130fa8144e4c1385580954cda27c49d713fde4b637153789d591dab1446c358f6ceac92426fcced4dfe00536a6ed65966059005","ssdeep":"96:5iW936N68UMUN9n7ZqrpMZndapaX976INDgr2Bst41qpKZXMAbEzFWbBT59rM7EM:5iMq8pR946cYh6EjFEYbBTvwoXDDot","tlshash":"43e1a3d63752553ee3969dceed3a104360a1c82c39188274772a5ceb6d279c1e072f93","first_seen":"2026-05-15T19:27:05.715138Z","last_seen":"2026-05-15T19:28:01.019142Z","times_seen":2,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/rlottie-wasm.b8cd14b929a7127811bd.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/6805.72c030754944dd58610e.js","date":"2026-05-15T19:26:43.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /rlottie-wasm.b8cd14b929a7127811bd.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/6805.72c030754944dd58610e.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 65537\r\nConnection: keep-alive\r\nLast-Modified: Tue, 05 May 2026 11:56:43 GMT\r\nETag: \"69f9dafb-10001\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65537,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f9197a18681b7cc4f51b1911286902b0","sha1":"3f585990b02c98c9d787cb74c2a52fdf5d753b98","sha256":"bed5811a3341e35e206eaf3a0518c50edfe50ee9da37480286ac38ff29813c0d","sha512":"9679389c7ae84ee258a31c28e0da91ca3885c491f3e15e544d04c0bbb73c820e03ef8a834d96be0d29305534b18302f2b0110d9361e1d5f34a0fed38912550cd","ssdeep":"768:O6g4cP2yQ6eO0PDlgTdxHzvszXIn2B1ARnv76AeuFYNYjYxRrqhlr3NKR:O1Q6eOyQ5UzXpmK8y1alr8R","tlshash":"2c53e88535d9b0ab42837878946f310bf1ab6d52681c8410db1dd4dabcb4e49e63ffe8","first_seen":"2025-08-04T01:39:06.738468Z","last_seen":"2026-05-15T19:28:01.021979Z","times_seen":162,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-05-15","alert":"Hunting_JS_WebAssembly","trigger":"behappy.rest/rlottie-wasm.b8cd14b929a7127811bd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"behappy.rest/rlottie-wasm.b8cd14b929a7127811bd.js","fqdn":"behappy.rest","domain":"behappy.rest","tld":"rest"},"ip":{"addr":"144.31.238.115","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://behappy.rest/6805.72c030754944dd58610e.js","date":"2026-05-15T19:26:43.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"behappy.rest","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 21:24:28 GMT","end":"Mon, 29 Jun 2026 21:24:27 GMT"},"fingerprint":{"sha1":"5A:38:4C:3C:76:2E:67:1F:13:98:89:3A:96:38:B3:59:88:96:71:73","sha256":"39:15:56:B8:23:42:F1:A2:79:8B:D0:E6:C8:6C:22:F5:E1:1E:92:7F:56:CB:08:C2:5E:3E:70:F3:A0:C3:C5:8E"}}},"request":{"raw":"GET /rlottie-wasm.b8cd14b929a7127811bd.js HTTP/1.1\r\nHost: behappy.rest\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://behappy.rest/6805.72c030754944dd58610e.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 15 May 2026 19:26:43 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 65537\r\nConnection: keep-alive\r\nLast-Modified: Tue, 05 May 2026 11:56:43 GMT\r\nETag: \"69f9dafb-10001\"\r\nExpires: Sat, 15 May 2027 19:26:43 GMT\r\nCache-Control: max-age=31536000, public, immutable\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65537,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f9197a18681b7cc4f51b1911286902b0","sha1":"3f585990b02c98c9d787cb74c2a52fdf5d753b98","sha256":"bed5811a3341e35e206eaf3a0518c50edfe50ee9da37480286ac38ff29813c0d","sha512":"9679389c7ae84ee258a31c28e0da91ca3885c491f3e15e544d04c0bbb73c820e03ef8a834d96be0d29305534b18302f2b0110d9361e1d5f34a0fed38912550cd","ssdeep":"768:O6g4cP2yQ6eO0PDlgTdxHzvszXIn2B1ARnv76AeuFYNYjYxRrqhlr3NKR:O1Q6eOyQ5UzXpmK8y1alr8R","tlshash":"2c53e88535d9b0ab42837878946f310bf1ab6d52681c8410db1dd4dabcb4e49e63ffe8","first_seen":"2025-08-04T01:39:06.738468Z","last_seen":"2026-05-15T19:28:01.021979Z","times_seen":162,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-05-15","alert":"Hunting_JS_WebAssembly","trigger":"behappy.rest/rlottie-wasm.b8cd14b929a7127811bd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"behappy.rest","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}