{"report_id":"ce034131-76bf-4bd1-9a72-9f9a532f6d8e","version":6,"status":"done","tags":[],"date":"2025-12-27T15:02:03Z","url":{"schema":"http","addr":"aff.easypaisy.site/visit/94a85805-d101-4536-b4e0-6bcaf4804819","fqdn":"aff.easypaisy.site","domain":"easypaisy.site","tld":"site"},"ip":{"addr":"63.180.95.19","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"daily2prize.site/ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D#","fqdn":"daily2prize.site","domain":"daily2prize.site","tld":"site"},"title":"MPESA Wallet Promo – Kenya","dom":{"size":12968,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"85f2b47016bf0a99eb07aabce7aadc65","sha1":"21127a2ac347b6ff540c327122ce47ead09f70e3","sha256":"5454669b385e420908b1adf6421417ba51f9f764cca2843e9f2ff65af307c9d7","sha512":"e590a8e42949dd78ef8091a9dfba671de5baa5edfc6a4501df56adc35496516bfe38ee8b52b483a33c581bcb6b7c8732e8f2b05de51f37f7428e7824bbd09b9e","ssdeep":"384:Rjw2GEwQ9sBDSEFDlwjp+V+1vpNvc4DwjEvdnnbQJTFPlnPs42qbTI:Rjw2GxQ9sBuEFDl++V+1vpNvc4DNvdn3","tlshash":"074285b556e20022719380d0bea5d65f77e4ee03e917c568b7ee81d88fc2ec2e95321c","dom_hash":"domhash8e32f8e76fec27ea66820dc104be7997","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"aff.easypaisy.site/visit/94a85805-d101-4536-b4e0-6bcaf4804819","fqdn":"aff.easypaisy.site","domain":"easypaisy.site","tld":"site"},"ip":{"addr":"63.180.95.19","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-31T15:02:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"aff.easypaisy.site","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"aff.easypaisy.site","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"aff.easypaisy.site","ip":{"addr":"63.180.95.19","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2025-03-10","domain_rank":0,"first_seen":"2025-04-16T19:04:49.025339Z","last_seen":"2025-11-11T17:46:56.975666Z","alert_count":2,"request_count":1,"received_data":10603,"sent_data":529,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"daily2prize.site","ip":{"addr":"138.68.168.84","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-03-25","domain_rank":0,"first_seen":"2025-10-13T16:09:59.538363Z","last_seen":"2025-12-21T13:01:56.765814Z","alert_count":9,"request_count":3,"received_data":18987,"sent_data":1779,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"backunder.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-12-13","domain_rank":358523,"first_seen":"2022-12-14T00:20:46Z","last_seen":"2025-12-20T15:29:43.367541Z","alert_count":0,"request_count":1,"received_data":1940,"sent_data":412,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"daily2prize.site/ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D","fqdn":"daily2prize.site","domain":"daily2prize.site","tld":"site"},"ip":{"addr":"138.68.168.84","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"f4e87e8559784f220a97de021f0d9d05","sha1":"79c6bbc2c5e9e646efa03bffff3aea3043e2eb16","sha256":"311e90a2bcac14ee1bce8ae7c67f98aad4894f2be9a355e4602fec26a8c15145","sha512":"bf5016fa4185b321dc62cd1f55bdbf6f80fd8f8bc4fc6eb1cb1ee625e5dd8f1310825fc7b79790f0ca7998695b157c165cd865df7ff204192efa2baac369e781","ssdeep":"","tlshash":"d0c080e14f5400dc255403a48115543ed043d10fccd5420d7433d7b331933fc471c140","size":169,"data":"","first_seen":"2025-12-21T13:01:57.586941Z","last_seen":"2025-12-27T15:02:04.462332Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"backunder.com/script.js","fqdn":"backunder.com","domain":"backunder.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c3a51a4dff3112755faa513179524a6b","sha1":"1e9b8b3f4783a837446edd99a538afa1bdd41700","sha256":"6b7f26e26e43705f4cadfdb904a749313e89f722088ef983fe44cc4b34d1db9b","sha512":"8ef2eaa9785bae7149437fcf54f9989645ab4fbdfe1524c505dd9019ed3005c3325bf5730d9a68ac31b254f0c0a3a62e8fc6414889e4be76d4a44f6e1a78204c","ssdeep":"","tlshash":"e7216089e3dc14e302b6643a8a2e7ee8313e54f76d035867ec149e742450a5e51597a4","size":1228,"data":"","first_seen":"2023-03-13T07:00:08Z","last_seen":"2026-04-05T17:19:14.578697Z","times_seen":258,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"daily2prize.site/ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D#","fqdn":"daily2prize.site","domain":"daily2prize.site","tld":"site"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"f4e87e8559784f220a97de021f0d9d05","sha1":"79c6bbc2c5e9e646efa03bffff3aea3043e2eb16","sha256":"311e90a2bcac14ee1bce8ae7c67f98aad4894f2be9a355e4602fec26a8c15145","sha512":"bf5016fa4185b321dc62cd1f55bdbf6f80fd8f8bc4fc6eb1cb1ee625e5dd8f1310825fc7b79790f0ca7998695b157c165cd865df7ff204192efa2baac369e781","ssdeep":"","tlshash":"d0c080e14f5400dc255403a48115543ed043d10fccd5420d7433d7b331933fc471c140","size":169,"data":"","first_seen":"2025-12-21T13:01:57.586941Z","last_seen":"2025-12-27T15:02:04.462332Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"aff.easypaisy.site/visit/94a85805-d101-4536-b4e0-6bcaf4804819","fqdn":"aff.easypaisy.site","domain":"easypaisy.site","tld":"site"},"ip":{"addr":"63.180.95.19","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-27T15:01:40.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aff.easypaisy.site","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 20 Nov 2025 09:13:44 GMT","end":"Wed, 18 Feb 2026 09:13:43 GMT"},"fingerprint":{"sha1":"E0:9B:0D:DD:5C:E4:9A:66:03:D2:9A:48:60:1C:93:B5:DF:32:C8:53","sha256":"08:CD:8B:5C:9E:46:65:AD:85:C7:1A:B3:26:34:5E:D7:61:16:A9:DD:F8:BC:38:CD:19:D7:F5:2F:65:2C:25:98"}}},"request":{"raw":"GET /visit/94a85805-d101-4536-b4e0-6bcaf4804819 HTTP/1.1\r\nHost: aff.easypaisy.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 27 Dec 2025 15:01:41 GMT\r\ncontent-type: text/html\r\ncontent-length: 0\r\nserver: nginx\r\nlocation: https://daily2prize.site/ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Full-Version,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Reduced\r\nx-robots-tag: noindex, nofollow, noarchive\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nset-cookie: mc_attr=c%253D94a85805-d101-4536-b4e0-6bcaf4804819..m%253Dmjofi3ggv2ulbnbrnyjrjhy85q..d%253D0-0-0-0-0..l%253D17668477012..e%253D; expires=Tue, 30-Dec-2025 15:01:41 GMT; path=/; secure; samesite=none\nmc_clid=mjofi3ggv2ulbnbrnyjrjhy85q; expires=Tue, 30-Dec-2025 15:01:41 GMT; path=/; domain=.easypaisy.site; secure; samesite=none\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9632,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":556,"timings":{"blocked":259,"dns":179,"connect":20,"send":0,"wait":38,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"aff.easypaisy.site","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"aff.easypaisy.site","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daily2prize.site/ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D","fqdn":"daily2prize.site","domain":"daily2prize.site","tld":"site"},"ip":{"addr":"138.68.168.84","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-27T15:01:41.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daily2prize.site","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 12:54:47 GMT","end":"Sat, 07 Mar 2026 12:54:46 GMT"},"fingerprint":{"sha1":"90:19:8F:6E:CD:8B:8D:DB:D8:6E:11:54:C2:E8:7F:71:13:17:CC:FD","sha256":"24:E5:25:B4:C4:B7:E0:4B:B6:F2:91:90:3D:FF:8F:B6:65:D3:62:B7:7D:FF:9C:DC:47:7E:8C:46:D6:F6:CC:65"}}},"request":{"raw":"GET /ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D HTTP/1.1\r\nHost: daily2prize.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 27 Dec 2025 15:01:41 GMT\r\ncontent-type: text/html\r\ncontent-length: 3855\r\nlast-modified: Thu, 18 Dec 2025 12:07:07 GMT\r\netag: \"25a0-64638ccc51b3c-gzip\"\r\ncache-control: max-age=0, s-maxage=2592000\r\nexpires: Sat, 27 Dec 2025 15:01:41 GMT\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 0\r\nx-cache: MISS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9632,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"3f0e54946ae5ec57260d1330a72dc964","sha1":"8754739c07e719c7aea7eb6816d444e7875e9834","sha256":"313c8f73ec7bba9373ed9061c7867eac4f17067ee725f6d1876060c7daff39bd","sha512":"056043ed25b9d013113525e25e37dec16875b7f6d8b12f029d4caa79e1822b4b1b16c2f677ba355dfa935a17ee122cb1ef49d9d7a2be51fd7fb3ad843d67851d","ssdeep":"192:FQVDPfD/AN+TeRfF6w4necHsBtBVUGJC75rOvbQJTFwwlyMPs42qbTKz:FIw2GEwQ9sBDpEFgbQJTFPlnPs42qbTm","tlshash":"45121ae267d1101530a381d079c31a9eb3acda07f517d9f8abed509d8fc1adab0a275c","first_seen":"2025-12-21T13:01:57.58252Z","last_seen":"2025-12-27T15:02:04.454209Z","times_seen":2,"resource_available":false,"data":null}},"time_used":315,"timings":{"blocked":134,"dns":86,"connect":24,"send":0,"wait":40,"receive":1,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"backunder.com/script.js","fqdn":"backunder.com","domain":"backunder.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://daily2prize.site/ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D","date":"2025-12-27T15:01:41.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"backunder.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 11 Nov 2025 08:33:30 GMT","end":"Mon, 09 Feb 2026 09:33:07 GMT"},"fingerprint":{"sha1":"DE:A9:14:BC:B2:BF:01:7A:F0:13:66:17:80:4B:7B:43:D2:B0:B0:A2","sha256":"9F:24:CF:C0:BB:39:56:F1:74:CE:11:65:E0:FC:A4:61:2C:E1:0F:DF:2A:85:1D:34:1B:12:85:56:07:34:3A:17"}}},"request":{"raw":"GET /script.js HTTP/1.1\r\nHost: backunder.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://daily2prize.site/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 27 Dec 2025 15:01:41 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 487\r\nserver: cloudflare\r\nlast-modified: Mon, 23 Jan 2023 19:14:45 GMT\r\netag: \"4cc-5f2f3364b2fe4-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q2Fp3UkKu07HmVACqGs4hgYgMuHI1YBYiR1G%2FthlftAp6EhJDVToX9jjgWBS0UZiq%2F%2FJCHSRosyjkzpTRGWVyNa3KDzrGMevWxDg\"}]}\r\nage: 1206\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9b49b1d7a9fe568a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1228,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"c3a51a4dff3112755faa513179524a6b","sha1":"1e9b8b3f4783a837446edd99a538afa1bdd41700","sha256":"6b7f26e26e43705f4cadfdb904a749313e89f722088ef983fe44cc4b34d1db9b","sha512":"8ef2eaa9785bae7149437fcf54f9989645ab4fbdfe1524c505dd9019ed3005c3325bf5730d9a68ac31b254f0c0a3a62e8fc6414889e4be76d4a44f6e1a78204c","ssdeep":"","tlshash":"e7216089e3dc14e302b6643a8a2e7ee8313e54f76d035867ec149e742450a5e51597a4","first_seen":"2023-03-13T07:00:08Z","last_seen":"2026-04-05T17:19:14.578697Z","times_seen":258,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":62,"dns":45,"connect":1,"send":0,"wait":12,"receive":1,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"daily2prize.site/favicon.ico","fqdn":"daily2prize.site","domain":"daily2prize.site","tld":"site"},"ip":{"addr":"138.68.168.84","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://daily2prize.site/ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D","date":"2025-12-27T15:01:41.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daily2prize.site","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 12:54:47 GMT","end":"Sat, 07 Mar 2026 12:54:46 GMT"},"fingerprint":{"sha1":"90:19:8F:6E:CD:8B:8D:DB:D8:6E:11:54:C2:E8:7F:71:13:17:CC:FD","sha256":"24:E5:25:B4:C4:B7:E0:4B:B6:F2:91:90:3D:FF:8F:B6:65:D3:62:B7:7D:FF:9C:DC:47:7E:8C:46:D6:F6:CC:65"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: daily2prize.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://daily2prize.site/ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sat, 27 Dec 2025 15:01:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: https://daily2prize.site/wp-includes/images/w-logo-blue-white-bg.png\r\nx-ua-compatible: IE=edge\r\nlink: \u003chttps://daily2prize.site/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nx-redirect-by: WordPress\r\ncache-control: max-age=0, s-maxage=2592000\r\nexpires: Sat, 27 Dec 2025 15:01:41 GMT\r\nage: 0\r\nx-cache: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4119,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T08:11:44.873372Z","times_seen":13414019,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daily2prize.site/wp-includes/images/w-logo-blue-white-bg.png","fqdn":"daily2prize.site","domain":"daily2prize.site","tld":"site"},"ip":{"addr":"138.68.168.84","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://daily2prize.site/ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D","date":"2025-12-27T15:01:41.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"daily2prize.site","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Dec 2025 12:54:47 GMT","end":"Sat, 07 Mar 2026 12:54:46 GMT"},"fingerprint":{"sha1":"90:19:8F:6E:CD:8B:8D:DB:D8:6E:11:54:C2:E8:7F:71:13:17:CC:FD","sha256":"24:E5:25:B4:C4:B7:E0:4B:B6:F2:91:90:3D:FF:8F:B6:65:D3:62:B7:7D:FF:9C:DC:47:7E:8C:46:D6:F6:CC:65"}}},"request":{"raw":"GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1\r\nHost: daily2prize.site\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://daily2prize.site/ke-vault/?mc_attr=c%3D94a85805-d101-4536-b4e0-6bcaf4804819..m%3Dmjofi3ggv2ulbnbrnyjrjhy85q..d%3D0-0-0-0-0..l%3D17668477012..e%3D\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 27 Dec 2025 15:01:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 4119\r\nlast-modified: Tue, 25 Mar 2025 08:48:44 GMT\r\netag: \"67e26dec-1017\"\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4119,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"000bf649cc8f6bf27cfb04d1bcdcd3c7","sha1":"d73d2f6d74ec6cdcbae07955592962e77d8ae814","sha256":"6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0","sha512":"73d2ea5ffc572c1ae73f37f8f0ff25e945afee8e077b6ee42ce969e575cdc2d8444f90848ea1cb4d1c9ee4bd725aee2b4576afc25f17d7295a90e1cbfe6edfd5","ssdeep":"96:h3bdWfcmTY+aRF1pXWZL2+42HGhIUc8KeLEd:hgXTY+as02mOB8XLEd","tlshash":"00814b63df38c566e66a2b189ff6bca56b290fd50ca1194c0eecb025632c06d1065089","first_seen":"2023-04-08T12:31:37Z","last_seen":"2026-04-06T08:10:59.217396Z","times_seen":55569,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-27","alert":"Sinkholed","trigger":"daily2prize.site","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}