urlscan.io logo urlscan.io
SecurityTrails logo

heroicleaf.vip Open in urlscan Pro
2a06:98c1:3121::3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://nl-swpdmn.duckdns.org/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/608M12
Effective URL: https://heroicleaf.vip/?s1=351843&s2=1103425818&s3=6455&s4=1&s10=3900
Submission: On December 11 via manual from BE — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in and belongs to . The main domain is heroicleaf.vip.
TLS certificate: Issued by GTS CA 1P5 on November 6th 2023. Valid for: 3 months.
This is the only time heroicleaf.vip was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 91.149.241.158 26383 (ASNET)
1 45.139.123.39 8100 (ASN-QUADR...)
1 2a06:98c1:312... ()
5 4
Domain Requested by
2 nl-swpdmn.duckdns.org nl-swpdmn.duckdns.org
1 heroicleaf.vip similarweld.com
heroicleaf.vip
1 similarweld.com nl-swpdmn.duckdns.org
5 3

This site contains no links.

Subject Issuer Validity Valid
similarweld.com
R3		 2023-11-20 -
2024-02-18		 3 months crt.sh
heroicleaf.vip
GTS CA 1P5		 2023-11-06 -
2024-02-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://heroicleaf.vip/?s1=351843&s2=1103425818&s3=6455&s4=1&s10=3900
Frame ID: E423F9CF2358025980F82798FB90214A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://nl-swpdmn.duckdns.org/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/608M12 Page URL
  2. http://nl-swpdmn.duckdns.org/t/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/608M12 Page URL
  3. https://similarweld.com/0/0/0/ae92c546ea5889a8b06cefecf3467481/12/471-8242/669-194-608 Page URL
  4. https://heroicleaf.vip/?s1=351843&s2=1103425818&s3=6455&s4=1&s10=3900 Page URL

Page Statistics

5
Requests

40 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

3 kB
Transfer

3 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nl-swpdmn.duckdns.org/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/608M12 Page URL
  2. http://nl-swpdmn.duckdns.org/t/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/608M12 Page URL
  3. https://similarweld.com/0/0/0/ae92c546ea5889a8b06cefecf3467481/12/471-8242/669-194-608 Page URL
  4. https://heroicleaf.vip/?s1=351843&s2=1103425818&s3=6455&s4=1&s10=3900 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
608M12
nl-swpdmn.duckdns.org/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/ 		458 B
708 B 		Document
General
Check archive.org
Download Go to
Full URL
http://nl-swpdmn.duckdns.org/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/608M12
Protocol
HTTP/1.1
Server
91.149.241.158 Amsterdam, Netherlands, ASN26383 (ASNET, US),
Reverse DNS
home.inmail.us.com
Software
/
Resource Hash
0f3a07f36d6bddee418f7d7548bc165b09817e10764a359d2773388cdec9ff8a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Content-Length
458
Content-Type
text/html; charset=utf-8
Date
Mon, 11 Dec 2023 11:44:05 GMT
X-Address
gin_throttle_mw_7200000000_5.79.98.34
X-Ratelimit-Limit
500
X-Ratelimit-Remaining
499
X-Ratelimit-Reset
1702298645
608M12
nl-swpdmn.duckdns.org/t/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/ 		298 B
548 B 		Document
General
Check archive.org
Download Go to
Full URL
http://nl-swpdmn.duckdns.org/t/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/608M12
Requested by
Host: nl-swpdmn.duckdns.org
URL: http://nl-swpdmn.duckdns.org/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/608M12
Protocol
HTTP/1.1
Server
91.149.241.158 Amsterdam, Netherlands, ASN26383 (ASNET, US),
Reverse DNS
home.inmail.us.com
Software
/
Resource Hash
ede1fff5d2bb2fda914aa261988d03245b957cda77f2001090984c5dc31b66ab

Request headers

Referer
http://nl-swpdmn.duckdns.org/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/608M12
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Content-Length
298
Content-Type
text/html; charset=utf-8
Date
Mon, 11 Dec 2023 11:44:06 GMT
X-Address
gin_throttle_mw_7200000000_5.79.98.34
X-Ratelimit-Limit
500
X-Ratelimit-Remaining
498
X-Ratelimit-Reset
1702298645
669-194-608
similarweld.com/0/0/0/ae92c546ea5889a8b06cefecf3467481/12/471-8242/ 		132 B
425 B 		Document
General
Check archive.org
Download Go to
Full URL
https://similarweld.com/0/0/0/ae92c546ea5889a8b06cefecf3467481/12/471-8242/669-194-608
Requested by
Host: nl-swpdmn.duckdns.org
URL: http://nl-swpdmn.duckdns.org/t/4fyjQs8242Sdyw471lsgbemmrle669VLMIKDBGANTABHI194/608M12
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.139.123.39 Ashburn, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
http://nl-swpdmn.duckdns.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

content-length
132
content-type
text/html; charset=UTF-8
date
Mon, 11 Dec 2023 11:44:08 GMT
server
Apache
Primary Request /
heroicleaf.vip/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://heroicleaf.vip/?s1=351843&s2=1103425818&s3=6455&s4=1&s10=3900
Requested by
Host: similarweld.com
URL: https://similarweld.com/0/0/0/ae92c546ea5889a8b06cefecf3467481/12/471-8242/669-194-608
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
aec7f99d92cd4db9a4ce719458f8e9ef75ee54aace58efc96c8cdbfebf940791
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://similarweld.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
833d7955781265c3-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 11 Dec 2023 11:44:09 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M48gh0iO24OKJhQR8j6EUdmlNgEW5e%2Bu49wL63aB690u5mCyjDAfBhfht9b7mpFiOUGSNZKFGxQjr0F3KpHK6fftwHky0h%2FBsDELAXBewagVj%2FoHniIehf99NOxl%2B04wJtS4KKK9s7BwixqHWA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,User-Agent,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
a1c6dfcd928b7592237c22dcb9d7a9fb
heroicleaf.vip/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
heroicleaf.vip
URL
https://heroicleaf.vip/a1c6dfcd928b7592237c22dcb9d7a9fb?_ax=w

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| _0x4eba function| _0x3ccf

2 Cookies

Domain/Path Name / Value
similarweld.com/ Name: uid6455
Value: 1103425818-20231211064408-d61a332917f8471e8aa092d50b61e624-
heroicleaf.vip/ Name: PHPSESSID
Value: d138125dd3cc5a4f5d4010f4a86869b7