sw33tprize.com Open in urlscan Pro
185.128.34.96 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://20.229.172.147/ezmeralda/14315.html
Effective URL:
https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5=
Submission: On June 22 via manual (June 22nd 2022, 3:30:48 pm UTC) from IT — Scanned from IT

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 14 HTTP transactions. The main IP is 185.128.34.96, located in Netherlands and belongs to EUROFIBER-UNET EUROFIBER, NL. The main domain is sw33tprize.com.
TLS certificate: Issued by R3 on June 15th 2022. Valid for: 3 months.

This is the only time sw33tprize.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Tracking (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	20.229.172.147 20.229.172.147	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	178.237.33.50 178.237.33.50	8455 (ATOM86-AS...) (ATOM86-AS ATOM86)
1 1	20.91.223.9 20.91.223.9	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	34.117.79.165 34.117.79.165	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 10	185.128.34.96 185.128.34.96	29396 (EUROFIBER...) (EUROFIBER-UNET EUROFIBER)
2	2606:4700:303... 2606:4700:3037::6815:4392	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	5

1 20.229.172.147 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

20.229.172.147	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.237.33.50 (Netherlands)

ASN8455 (ATOM86-AS ATOM86, NL)

www.geoplugin.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.91.223.9 (Gävle, Sweden) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.shortcoffe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.79.165 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 165.79.117.34.bc.googleusercontent.com

www.lpredirect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.128.34.96 (Netherlands) 1 redirects

ASN29396 (EUROFIBER-UNET EUROFIBER, NL)

sw33tprize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3037::6815:4392 (United States)

ASN13335 (CLOUDFLARENET, US)

virtualpushplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	sw33tprize.com 1 redirects sw33tprize.com	669 KB
2	virtualpushplatform.com virtualpushplatform.com — Cisco Umbrella Rank: 292303	4 KB
1	lpredirect.com 1 redirects www.lpredirect.com — Cisco Umbrella Rank: 423765	469 B
1	shortcoffe.com 1 redirects www.shortcoffe.com	580 B
1	geoplugin.net www.geoplugin.net — Cisco Umbrella Rank: 40749	2 KB
14	5

	Domain	Requested by
10	sw33tprize.com	1 redirects 20.229.172.147 sw33tprize.com
2	virtualpushplatform.com	sw33tprize.com virtualpushplatform.com
1	www.lpredirect.com	1 redirects
1	www.shortcoffe.com	1 redirects
1	www.geoplugin.net	20.229.172.147
14	5

This site contains links to these domains. Also see Links.

Domain
docs.google.com

Subject Issuer	Validity	Valid
sw33tprize.com R3	`2022-06-15` - `2022-09-13`	3 months	crt.sh
*.virtualpushplatform.com E1	`2022-04-25` - `2022-07-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5=
Frame ID: 8242A86D72039C8A9854C9AB5E5FCD5A
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

(1) Notifica

Page URL History Show full URLs

http://20.229.172.147/ezmeralda/14315.html Page URL
https://www.shortcoffe.com/3D2JC5Q/WBZ58D8/ HTTP 302
https://www.lpredirect.com/24QSBG/BX3DCK8/?source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7 HTTP 302
https://sw33tprize.com/A0FPIPXT2I/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a... HTTP 302
https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&s... Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Page Statistics

14
Requests

79 %
HTTPS

17 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

676 kB
Transfer

680 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://docs.google.com/forms/d/e/1FAIpQLSesX6Ke9XwqXgfFpwPqKXUbKMzl-XrqcZuLaHj9AV6vY1xcOw/viewform
Title: Affiliates

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://20.229.172.147/ezmeralda/14315.html Page URL
https://www.shortcoffe.com/3D2JC5Q/WBZ58D8/ HTTP 302
https://www.lpredirect.com/24QSBG/BX3DCK8/?source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7 HTTP 302
https://sw33tprize.com/A0FPIPXT2I/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= HTTP 302
https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	14315.html Show response 20.229.172.147/ezmeralda/	518 B 662 B	93ms 46ms	Document text/html	20.229.172.147 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL http://20.229.172.147/ezmeralda/14315.html Protocol HTTP/1.1 Server 20.229.172.147 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `7fdffa5477c4a8886a0a83fb91caff69094b937b7d6b1f1e7e72091b85574ca4` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Encoding gzip Content-Length 325 Content-Type text/html Date Wed, 22 Jun 2022 15:30:43 GMT ETag "206-5e20869ba8340-gzip" Keep-Alive timeout=5, max=100 Last-Modified Wed, 22 Jun 2022 12:24:05 GMT Server Apache/2.4.29 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	javascript.gp Show response www.geoplugin.net/	2 KB 2 KB	94ms 43ms	Script application/javascript	178.237.33.50 ATOM86-AS ATOM86
General Check archive.org Show headers Download Go to Full URL http://www.geoplugin.net/javascript.gp Requested by Host: 20.229.172.147 URL: http://20.229.172.147/ezmeralda/14315.html Protocol HTTP/1.1 Server 178.237.33.50 , Netherlands, ASN8455 (ATOM86-AS ATOM86, NL), Reverse DNS Software Apache / Resource Hash `d0fe3c2ac0c660a2ee04451a5ea2986e6c36833cf75e6a7e8ada8d54b045c755` Request headers accept-language it-IT,it;q=0.9 Referer http://20.229.172.147/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers access-control-allow-origin * date Wed, 22 Jun 2022 15:30:43 GMT cache-control public, max-age=300 expires Wed, 22 Jun 2022 15:30:43 GMT server Apache content-length 1560 content-type application/javascript; charset=utf-8
GET H2	200	Primary Request / Show response sw33tprize.com/ Redirect Chain https://www.shortcoffe.com/3D2JC5Q/WBZ58D8/ https://www.lpredirect.com/24QSBG/BX3DCK8/?source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7 https://sw33tprize.com/A0FPIPXT2I/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5=	14 KB 14 KB	80ms 80ms	Document text/html	185.128.34.96 EUROFIBER-UNET EU...
General Check archive.org Show headers Download Go to Full URL https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Requested by Host: 20.229.172.147 URL: http://20.229.172.147/ezmeralda/14315.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.128.34.96 , Netherlands, ASN29396 (EUROFIBER-UNET EUROFIBER, NL), Reverse DNS Software lighttpd/1.4.59 / Resource Hash `4b6176d2e17c7cf1179cbe0ef3c699b5f773ae29d3ee3dcc2bcb53e3ec5fcbf4` Request headers Referer http://20.229.172.147/ezmeralda/14315.html Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers accept-ranges bytes content-length 13848 content-type text/html date Wed, 22 Jun 2022 15:30:44 GMT etag "3489258626" last-modified Mon, 20 Jun 2022 11:16:25 GMT server lighttpd/1.4.59 Redirect headers content-length 292 content-type text/html date Wed, 22 Jun 2022 15:30:44 GMT location https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= server lighttpd/1.4.59
GET H2	200	style.css sw33tprize.com/css/	10 KB 10 KB	41ms 40ms	Stylesheet text/css	185.128.34.96 EUROFIBER-UNET EU...
General Check archive.org Show headers Download Go to Full URL https://sw33tprize.com/css/style.css Requested by Host: sw33tprize.com URL: https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.128.34.96 , Netherlands, ASN29396 (EUROFIBER-UNET EUROFIBER, NL), Reverse DNS Software lighttpd/1.4.59 / Resource Hash `f449973a66ba9e7c69c7e70e566db386d1946e303a96591495c508487db83bab` Request headers accept-language it-IT,it;q=0.9 Referer https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 22 Jun 2022 15:30:44 GMT last-modified Wed, 15 Jun 2022 09:36:51 GMT server lighttpd/1.4.59 accept-ranges bytes etag "1237300842" content-length 10306 content-type text/css; charset=utf-8
GET H2	200	animate.min.css sw33tprize.com/css/	57 KB 57 KB	42ms 41ms	Stylesheet text/css	185.128.34.96 EUROFIBER-UNET EU...
General Check archive.org Show headers Download Go to Full URL https://sw33tprize.com/css/animate.min.css Requested by Host: sw33tprize.com URL: https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.128.34.96 , Netherlands, ASN29396 (EUROFIBER-UNET EUROFIBER, NL), Reverse DNS Software lighttpd/1.4.59 / Resource Hash `4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf` Request headers accept-language it-IT,it;q=0.9 Referer https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 22 Jun 2022 15:30:44 GMT last-modified Wed, 15 Jun 2022 09:36:51 GMT server lighttpd/1.4.59 accept-ranges bytes etag "1531278954" content-length 58139 content-type text/css; charset=utf-8
GET H2	200	ace-push.js Show response virtualpushplatform.com/	9 KB 4 KB	121ms 42ms	Script application/javascript	2606:4700:3037::6815:4392 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://virtualpushplatform.com/ace-push.js Requested by Host: sw33tprize.com URL: https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:4392 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `02111eae1d7ec3ea741a9f80e8a67a7428f62ef6d870809a86d3735454236b4b` Request headers accept-language it-IT,it;q=0.9 Referer https://sw33tprize.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 22 Jun 2022 15:30:44 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 2153 cf-polished origSize=13342 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Fri, 03 Jun 2022 11:22:20 GMT server cloudflare etag W/"1d8773c30540a1e" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pr4fYbONqwR2glMhmLbynW4TesoXisWavFcK6AuXezQe%2Bupnvpjirw2mjvqsCq8ek8E9XFSVJtZBEAapqpRjimpRMTEI0WpQhZk6MTSE1lF4zImlGiHVPOLzF%2F1LKCRwtPpmhGoKwiQC1TFnVqdkKQt6QErDQQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=3600 cf-ray 71f606e5f96541aa-MRS cf-bgj minify
GET H2	200	logo.png sw33tprize.com/images/	36 KB 36 KB	40ms 40ms	Image image/png	185.128.34.96 EUROFIBER-UNET EU...
General Check archive.org Show headers Download Go to Show image Full URL https://sw33tprize.com/images/logo.png Requested by Host: sw33tprize.com URL: https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.128.34.96 , Netherlands, ASN29396 (EUROFIBER-UNET EUROFIBER, NL), Reverse DNS Software lighttpd/1.4.59 / Resource Hash `5b8c4f4c5d393ccfe9ea4bf9cf02d37ed3c6946148ff7673664074273ebe720b` Request headers accept-language it-IT,it;q=0.9 Referer https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 22 Jun 2022 15:30:44 GMT last-modified Wed, 15 Jun 2022 09:36:51 GMT server lighttpd/1.4.59 accept-ranges bytes etag "413774055" content-length 37101 content-type image/png
GET H2	200	package.png sw33tprize.com/images/	17 KB 17 KB	41ms 40ms	Image image/png	185.128.34.96 EUROFIBER-UNET EU...
General Check archive.org Show headers Download Go to Show image Full URL https://sw33tprize.com/images/package.png Requested by Host: sw33tprize.com URL: https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.128.34.96 , Netherlands, ASN29396 (EUROFIBER-UNET EUROFIBER, NL), Reverse DNS Software lighttpd/1.4.59 / Resource Hash `3b19eeb21d7fbd9b8b260e57c2d9198f83732339a9e3cbd5d2264f77e722df26` Request headers accept-language it-IT,it;q=0.9 Referer https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 22 Jun 2022 15:30:44 GMT last-modified Wed, 15 Jun 2022 09:36:51 GMT server lighttpd/1.4.59 accept-ranges bytes etag "3235164598" content-length 17622 content-type image/png
GET H2	200	loading.gif sw33tprize.com/images/	496 KB 497 KB	41ms 40ms	Image image/gif	185.128.34.96 EUROFIBER-UNET EU...
General Check archive.org Show headers Download Go to Show image Full URL https://sw33tprize.com/images/loading.gif Requested by Host: sw33tprize.com URL: https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.128.34.96 , Netherlands, ASN29396 (EUROFIBER-UNET EUROFIBER, NL), Reverse DNS Software lighttpd/1.4.59 / Resource Hash `fc85702baca03c9e5cea9b68ee081a4fcb99d8ab9c028772dc69e908208128f7` Request headers accept-language it-IT,it;q=0.9 Referer https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 22 Jun 2022 15:30:44 GMT last-modified Wed, 15 Jun 2022 09:36:52 GMT server lighttpd/1.4.59 accept-ranges bytes etag "115180345" content-length 508135 content-type image/gif
GET H2	200	check.png sw33tprize.com/images/	5 KB 5 KB	78ms 76ms	Image image/png	185.128.34.96 EUROFIBER-UNET EU...
General Check archive.org Show headers Download Go to Show image Full URL https://sw33tprize.com/images/check.png Requested by Host: sw33tprize.com URL: https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.128.34.96 , Netherlands, ASN29396 (EUROFIBER-UNET EUROFIBER, NL), Reverse DNS Software lighttpd/1.4.59 / Resource Hash `4cf42b49cf7e1856000a6383e59b587c108f4bac7ae5da57916cf835788cbd56` Request headers accept-language it-IT,it;q=0.9 Referer https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 22 Jun 2022 15:30:44 GMT last-modified Wed, 15 Jun 2022 09:36:51 GMT server lighttpd/1.4.59 accept-ranges bytes etag "2682352316" content-length 5052 content-type image/png
GET H2	200	product.png sw33tprize.com/images/	20 KB 20 KB	79ms 78ms	Image image/png	185.128.34.96 EUROFIBER-UNET EU...
General Check archive.org Show headers Download Go to Show image Full URL https://sw33tprize.com/images/product.png Requested by Host: sw33tprize.com URL: https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.128.34.96 , Netherlands, ASN29396 (EUROFIBER-UNET EUROFIBER, NL), Reverse DNS Software lighttpd/1.4.59 / Resource Hash `b3f2d797aa29b93b8919af68290b7399ebcb02dc93ddf8aa9f57b4ad1df8500e` Request headers accept-language it-IT,it;q=0.9 Referer https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 22 Jun 2022 15:30:44 GMT last-modified Wed, 15 Jun 2022 09:36:51 GMT server lighttpd/1.4.59 accept-ranges bytes etag "2025959541" content-length 20568 content-type image/png
GET H2	200	script.js Show response sw33tprize.com/js/	13 KB 13 KB	41ms 41ms	Script application/javascript	185.128.34.96 EUROFIBER-UNET EU...
General Check archive.org Show headers Download Go to Full URL https://sw33tprize.com/js/script.js Requested by Host: sw33tprize.com URL: https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 185.128.34.96 , Netherlands, ASN29396 (EUROFIBER-UNET EUROFIBER, NL), Reverse DNS Software lighttpd/1.4.59 / Resource Hash `6b83282d850d687d049f53f4fd97aec0aa73981c65e77ea38487ae5500c05767` Request headers accept-language it-IT,it;q=0.9 Referer https://sw33tprize.com/?encoded_value=24QSBG&source_id=1477&sub1=7fb883ad98e64b45b25950a90fd265e7&sub2=&sub3=&sub4=&sub5= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Wed, 22 Jun 2022 15:30:44 GMT last-modified Wed, 15 Jun 2022 09:36:52 GMT server lighttpd/1.4.59 accept-ranges bytes etag "1482722650" content-length 13325 content-type application/javascript
POST		visit virtualpushplatform.com/api/v1/	0 0

OPTIONS H2	204	visit virtualpushplatform.com/api/v1/	0 0	163ms 100ms	Preflight	2606:4700:3037::6815:4392 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://virtualpushplatform.com/api/v1/visit Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::6815:4392 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://sw33tprize.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers access-control-allow-headers content-type access-control-allow-methods POST access-control-allow-origin * alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 71f606e6ab4f599b-MXP date Wed, 22 Jun 2022 15:30:44 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z7WKlvLa%2BdO5Rw0hwZ1FizCjLCv3y46FFpE7KXeSVtaUwD2AjHwZoBnofJ0ZOnFMj%2B7oZcyDsH8wGMzKLQqnmquojr0sfyLwlzKjjzQWLaZlCOh5IePGKrpyC1fM7JzZWH194SI1xsj0QbncGJYjqllyYgekeg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: virtualpushplatform.com
URL: https://virtualpushplatform.com/api/v1/visit

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Tracking (Transportation)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.lpredirect.com/	1970-01-21 03:58:31	Name: uniqueClick_BX3DCK8 Value: ba7558bc-65c1-48c0-8933-5bd03f10549c:1655911844
www.lpredirect.com/	1970-01-20 06:08:07	Name: transaction_id Value: 47dde9de717b4b4f9d9ce26cb5d5ebf4
sw33tprize.com/	1969-12-31 23:59:59	Name: SESSIONIDS Value: A0FPIPXT2I

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

sw33tprize.com
virtualpushplatform.com
www.geoplugin.net
www.lpredirect.com
www.shortcoffe.com
virtualpushplatform.com
178.237.33.50
185.128.34.96
20.229.172.147
20.91.223.9
2606:4700:3037::6815:4392
34.117.79.165
02111eae1d7ec3ea741a9f80e8a67a7428f62ef6d870809a86d3735454236b4b
3b19eeb21d7fbd9b8b260e57c2d9198f83732339a9e3cbd5d2264f77e722df26
4b6176d2e17c7cf1179cbe0ef3c699b5f773ae29d3ee3dcc2bcb53e3ec5fcbf4
4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf
4cf42b49cf7e1856000a6383e59b587c108f4bac7ae5da57916cf835788cbd56
5b8c4f4c5d393ccfe9ea4bf9cf02d37ed3c6946148ff7673664074273ebe720b
6b83282d850d687d049f53f4fd97aec0aa73981c65e77ea38487ae5500c05767
7fdffa5477c4a8886a0a83fb91caff69094b937b7d6b1f1e7e72091b85574ca4
b3f2d797aa29b93b8919af68290b7399ebcb02dc93ddf8aa9f57b4ad1df8500e
d0fe3c2ac0c660a2ee04451a5ea2986e6c36833cf75e6a7e8ada8d54b045c755
f449973a66ba9e7c69c7e70e566db386d1946e303a96591495c508487db83bab
fc85702baca03c9e5cea9b68ee081a4fcb99d8ab9c028772dc69e908208128f7

sw33tprize.com Open in urlscan Pro 185.128.34.96 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

79 %HTTPS

17 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

676 kBTransfer

680 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

3 Cookies

Indicators

sw33tprize.com Open in urlscan Pro
185.128.34.96 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

79 %
HTTPS

17 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

676 kB
Transfer

680 kB
Size

3
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!