Report - nk.checkpoin681.click/12345

Report Overview

Submitted URL
nk.checkpoin681.click/12345
IP
4.193.51.28
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-04-18 20:22:08
Access
public
Website Title
Facebook
Final URL
kh.cighelp.click/7
Tags
meta facebook phishing social
urlquery detections
Phishing - Facebook

Detections

urlquery
6
Network Intrusion Detection
1
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.youtube.com	90	2005-02-15	2013-04-13	2024-04-18	451 B	48 kB	216.58.207.238
salekit.page	unknown	2023-02-19	2023-02-21	2023-11-05	3.0 kB	162 kB	4.193.51.28
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-18	462 B	12 kB	142.250.74.106
player.vimeo.com	1858	unknown	2013-09-26	2024-04-17	410 B	12 kB	162.159.138.60
apis.google.com	105	1997-09-15	2013-05-06	2024-04-18	405 B	6.8 kB	142.250.74.110
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	1.6 kB	50 kB	216.58.207.227
photo.salekit.com	unknown	2006-09-18	2022-07-05	2024-02-02	939 B	992 kB	14.225.18.24
kh.cighelp.click	unknown	unknown	No data	No data	2.4 kB	213 kB	203.205.10.134
api.webcake.io	unknown	2019-11-06	2020-05-25	2024-03-27	865 B	7.6 kB	113.20.119.13
content.pancake.vn	unknown	unknown	2023-06-23	2024-03-18	1.6 kB	48 kB	113.20.119.10
a.pancake.vn	806491	unknown	2021-03-22	2024-03-27	1.2 kB	5.6 kB	113.20.119.13
nk.checkpoin681.click	unknown	unknown	No data	No data	7.7 kB	440 kB	4.193.51.28

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-18 20:21:49	low	203.205.10.134	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	nk.checkpoin681.click/12345	Facebook, Inc.
2024-04-18	medium	kh.cighelp.click/7	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	kh.cighelp.click/7	434 B	2023-03-13	2024-04-24
Pretty URL kh.cighelp.click/7 IP 203.205.10.134 ASN #45903 CMC Telecom Infrastructure Company Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-13 11:17:26 Last Seen2024-04-24 17:46:53 Times Seen271 Hash 87efdf509e021238ca4c7ed7e965d4d5 f0aa08b322ead0a2c6c858a4c4c7ab6e211ad48e 76db81e0e8bd1039ec8eeb6da0b653e1a16edc20968702213bb175c48231894c Loading...

	kh.cighelp.click/webcake/v4/fff57a8c-ca66-4e3b-96df-5a0e55363edb	392 kB	2024-04-15	2024-04-24
Pretty URL kh.cighelp.click/webcake/v4/fff57a8c-ca66-4e3b-96df-5a0e55363edb IP 203.205.10.134 ASN #45903 CMC Telecom Infrastructure Company Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-15 17:50:57 Last Seen2024-04-24 17:46:54 Times Seen6 Hash 9c167466da191511970c71204bd80ed3 9d9ce183a58d5417da95324d798a856015fa9874 8449b66969fc2bc8d3ca8b90c0a368cc28f25862bdb2f5bee70818f1ad72eb95 Loading...

	a.pancake.vn/js/app.js?vsn=d	4.9 kB	2023-03-08	2024-04-24
Pretty URL a.pancake.vn/js/app.js?vsn=d IP 113.20.119.13 ASN #45903 CMC Telecom Infrastructure Company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 02:47:38 Last Seen2024-04-24 17:46:54 Times Seen522 Hash 2256f1b3f8d83aae868f3e546a7fa5ec c59eb80f98846f38f28cfa496c824829ed39c789 74b62bbff4866e7a99770a845517c37ae2f1315f850b48028c1697038cb58c7f Loading...

	kh.cighelp.click/7	1.3 kB	2023-03-08	2024-04-24
Pretty URL kh.cighelp.click/7 IP 203.205.10.134 ASN #45903 CMC Telecom Infrastructure Company Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:47:38 Last Seen2024-04-24 17:46:53 Times Seen280 Hash bb49d815c92d05b0742391976939158f 5024436428f749c94689e8710802015338e15a0e c93ecb394fd1ec9a36a8aaaf4b93a3d5974866c4f4aa75347e309ec6cf6ebdb7 Loading...

	unknown	39 B	2023-04-11	2024-05-01
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-11 03:58:47 Last Seen2024-05-01 17:14:35 Times Seen2804 Hash 87b659c90b81604997dd06a67e8b773e bc13329ca575a3e32c93e0e1cf791f47f91b0c2f 1ac445488ebead2ed0b74a9c86ad76fa1a81f363806218afb2ae4aae5f127448 Loading...

	kh.cighelp.click/7	8.4 kB	2024-04-18	2024-04-18
Pretty URL kh.cighelp.click/7 IP 203.205.10.134 ASN #45903 CMC Telecom Infrastructure Company Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 22:22:16 Last Seen2024-04-18 22:22:16 Times Seen1 Hash 86faf71e4be686c56f2d1ae89fbf0b82 230ac636bcce0153750e53aa27990a2da186e5f2 3336a7a66bd80cf8229af91eeb52d6943c00edd346b2e24daeb80829eb8e6260 Loading...

	kh.cighelp.click/address_wc/address.84.min.js?v=1	448 kB	2023-08-08	2024-04-24
Pretty URL kh.cighelp.click/address_wc/address.84.min.js?v=1 IP 203.205.10.134 ASN #45903 CMC Telecom Infrastructure Company Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-08 23:30:42 Last Seen2024-04-24 17:46:53 Times Seen99 Hash a759939f9c8ba558c3d3274a1ec63b3a 3e2d93da25c03fe06a43ccecb9e46cfde4b2d959 1549821457bafd3155f570ab2892a8b218ec8e0be049c46e15d0b296be9e8fd6 Loading...

	kh.cighelp.click/7	63 B	2023-03-08	2024-04-24
Pretty URL kh.cighelp.click/7 IP 203.205.10.134 ASN #45903 CMC Telecom Infrastructure Company Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:47:38 Last Seen2024-04-24 17:46:53 Times Seen278 Hash 1b50ec67c297254fcd8fb8be840cba8b 9b52fe0105007c31e38d325872c2154efdc3d21f 9c3ccb2cd662b9c7770c0f527900f6425087e367020011ea2566ff91a671cfbc Loading...

	kh.cighelp.click/7	96 B	2024-04-18	2024-04-18
Pretty URL kh.cighelp.click/7 IP 203.205.10.134 ASN #45903 CMC Telecom Infrastructure Company Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 22:22:16 Last Seen2024-04-18 22:22:16 Times Seen1 Hash aa92213441c31a089f63315b6dae43e6 59fafe44e8e4e2321ce048724e05ee0fcd87b109 7fed35d28b45cc929634466da08530062bae24f15a7f869ed3e9bd69fafcce87 Loading...

	unknown	318 B	2024-04-18	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 22:22:16 Last Seen2024-04-18 22:22:16 Times Seen1 Hash 91661a07e27a815bc01084ca8b9bd07b 460407730f6b44c551ea8bc36f65b01827dfa632 bb78154ba2633bfdd339efe2e0606246b1bdc356c2cfa6279f523cae76cd5812 Loading...

	kh.cighelp.click/7	275 B	2024-01-19	2024-04-24
Pretty URL kh.cighelp.click/7 IP 203.205.10.134 ASN #45903 CMC Telecom Infrastructure Company Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-19 16:05:45 Last Seen2024-04-24 17:46:53 Times Seen17 Hash 03ef68d1c2147fb091f961da3354a693 57619910bde556bac0569cff6fd4351450f290a1 2032d6ebb2560240f7ce0ad76515fa47409c2b6d545fffe94cfc800a3516c58d Loading...

HTTP Transactions (43)

URL IP Response Size

nk.checkpoin681.click/12345

4.193.51.28

4.2 kB

URL
nk.checkpoin681.click/12345
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, Unicode text, UTF-8 text, with very long lines (565)
Size
4.2 kB (4177 bytes)
Hash
6d77d32665017853753a8feb0e5f03e2
83f8ef33676a204525340619e5dde2797d95cd3a
99ccdd4b5d054e43186c1a7d64bc2bf95d0d4ed56b2f94f60d7f3bbb9aa7e0d0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /12345 HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

player.vimeo.com/api/player.js

162.159.138.60

11 kB

URL
player.vimeo.com/api/player.js
IP
162.159.138.60:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (37717)
Size
11 kB (11254 bytes)
Hash
bfc1fdb7ce042868fce549b271d1c0bc
bb3606efb09dd7f5c884295b6e711b77c74b93db
7ca8d104a83cbe3ecbbf319589825e678c69e8edf97a760336f8cfd63a69ea06

HTTP Headers

GET /api/player.js HTTP/1.1
Host: player.vimeo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: application/javascript;charset=utf-8
Content-Length: 11254
Connection: keep-alive
access-control-allow-origin: *
Cache-Control: max-age=1800
content-security-policy: default-src 'none'; style-src 'unsafe-inline'
expires: Thu, 18 Apr 2024 16:27:04 GMT
x-player-backend: g
x-backend-server: player-backend-edge-entry
x-bapp-server: 
Content-Encoding: gzip
accept-ranges: bytes
via: 1.1 varnish
Age: 1478
x-served-by: cache-osl6521-OSL
x-cache: HIT
x-cache-hits: 827
x-timer: S1713471703.266334,VS0,VE0
vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=7gDJtSG2x9ymY5xcrORE9lVWkYr8d2OCJXkqKtjVI3U-1713471703-1.0.1.1-Q_yV2k_zPdrmQjiGK6PsAUvpC2WgKJizDtDhTyplm9zzSjxejPcUI6q03hMhPa80p9CwmuFErPsDmlHp2oJNtA; path=/; expires=Thu, 18-Apr-24 20:51:43 GMT; domain=.vimeo.com; HttpOnly; Secure; SameSite=None
_cfuvid=WbBknFhgeWeew2iOZWdiUHRzZHNxmey0p5zMGWifJaQ-1713471703267-0.0.1.1-604800000; path=/; domain=.vimeo.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 87675ce15a56b4fa-OSL

apis.google.com/js/api.js

142.250.74.110

5.9 kB

URL
apis.google.com/js/api.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2054)
Size
5.9 kB (5903 bytes)
Hash
fcb94b60f5baa41e591afc6cab73a55c
09fd4db039d6f9fb8315817b48d56357c0d9de54
858530159a38c73530e5e4c4f07497d2fa4d1d54398b4a093e9851f9a239295e

HTTP Headers

GET /js/api.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 5903
date: Thu, 18 Apr 2024 20:21:43 GMT
expires: Thu, 18 Apr 2024 20:21:43 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "e30c79398fadde6b"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.youtube.com/s/player/9a0939d3/www-widgetapi.vflset/www-widgetapi.js

216.58.207.238

48 kB

URL
www.youtube.com/s/player/9a0939d3/www-widgetapi.vflset/www-widgetapi.js
IP
216.58.207.238:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (570)
Size
48 kB (47552 bytes)
Hash
d5e4c439b296ee3d5c5eba18ae30e1e1
a1fca8cf4aa55704009e8a79bb7c69a7c4527bd3
393699c2314dc1e25ff5d748cdd9eb8ae727fa439c5d5ab507e39b16e68c978f

HTTP Headers

GET /s/player/9a0939d3/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 47552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 10:51:06 GMT
expires: Wed, 16 Apr 2025 10:51:06 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Oct 2021 22:05:02 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
age: 207037
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/light.min.css

4.193.51.28

620 B

URL
nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/light.min.css
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (477)
Size
620 B (620 bytes)
Hash
51d00c2e3bd34e674097fca68cc0413d
c294772f9ec03dcea9718cf8bbb1233249efb035
52d5e428100b3c00d0db976d06e49a8f23894104cdd33bed95093e9f0c43f4e6

HTTP Headers

GET /assets/font/fontawesome-pro-5.15.2/css/light.min.css HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: text/css
Content-Length: 620
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-26c"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/solid.min.css

4.193.51.28

624 B

URL
nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/solid.min.css
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (481)
Size
624 B (624 bytes)
Hash
ae6d5e1ee5483c00145805a48ea81573
f06f353972f41ec325c1cb61d381a4866c6f6207
0ae4eb2a13046f28af8d13d707ca1616bb236b0fd00d0784b14b423ad55950f9

HTTP Headers

GET /assets/font/fontawesome-pro-5.15.2/css/solid.min.css HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: text/css
Content-Length: 624
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-270"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/brands.min.css

4.193.51.28

632 B

URL
nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/brands.min.css
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (489)
Size
632 B (632 bytes)
Hash
326321d2cbee63e93cb4c5d2821316a3
c6641246a29f5fef3e8d56e0bd133b684c211400
c38354a04ff57716714e9c23080d41bb29ee8b89a18dc4c78e587270596e6920

HTTP Headers

GET /assets/font/fontawesome-pro-5.15.2/css/brands.min.css HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: text/css
Content-Length: 632
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-278"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/regular.min.css

4.193.51.28

632 B

URL
nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/regular.min.css
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (489)
Size
632 B (632 bytes)
Hash
a80ed755e46c3cfe903bab5a50c1c2ce
93b905116befec4fb463c474ab469fa476545a01
7accee75e0a023ce7d08f70cedc4d0cdd6cd2caac5f5ab90b281c32ea2e6f3de

HTTP Headers

GET /assets/font/fontawesome-pro-5.15.2/css/regular.min.css HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: text/css
Content-Length: 632
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-278"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

salekit.page/assets/js/youtube_preview.js

4.193.51.28

1.8 kB

URL
salekit.page/assets/js/youtube_preview.js
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
1.8 kB (1844 bytes)
Hash
3bde9b21c6db31992251a36bed87fc98
3c7ff7a5719a41b0427af7113e46cf1bac39f1c6
9b052c9afa890f0acbccf223aae9dd76cfa947a2b7b62f4e9bc1e1e4691298d1

HTTP Headers

GET /assets/js/youtube_preview.js HTTP/1.1
Host: salekit.page
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: application/javascript
Content-Length: 1844
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-734"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

salekit.page/assets/builder/js_funel/submit_form.js?v=55

4.193.51.28

8.5 kB

URL
salekit.page/assets/builder/js_funel/submit_form.js?v=55
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
8.5 kB (8485 bytes)
Hash
16c3c702528ad30fe509f7344656d973
ca6adfd5b9133ffbff585d9fa6185ea6612e99d1
60240d4abbc5587841c152d85c0cb9e42b5da4800cebe3b91f02678964e5f413

HTTP Headers

GET /assets/builder/js_funel/submit_form.js?v=55 HTTP/1.1
Host: salekit.page
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: application/javascript
Content-Length: 8485
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-2125"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

salekit.page/assets/js/animate_text.js?v=55

4.193.51.28

6.8 kB

URL
salekit.page/assets/js/animate_text.js?v=55
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JavaScript source, ASCII text
Size
6.8 kB (6775 bytes)
Hash
28d03e7cb275c13dcfe77f2a7f88eff3
878e1c233a94aaa2d971cda72b75c5b70a8ea90c
71d366e008f9b4013647ea6c2cd4357a41869d37df6e8dd93f6f908c3cbfca85

HTTP Headers

GET /assets/js/animate_text.js?v=55 HTTP/1.1
Host: salekit.page
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: application/javascript
Content-Length: 6775
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-1a77"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

salekit.page/assets/js/snowfall.js?v=55

4.193.51.28

3.1 kB

URL
salekit.page/assets/js/snowfall.js?v=55
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
3.1 kB (3050 bytes)
Hash
d3915e2e744860ec42912c2580b9141a
35c4e50546f7de51a56a1de5ad0d509cc5b06416
3b9daa4200623260f8d01adc3e03886a46bd4e4890d2368e5cec0a26e2b7dc29

HTTP Headers

GET /assets/js/snowfall.js?v=55 HTTP/1.1
Host: salekit.page
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: application/javascript
Content-Length: 3050
Last-Modified: Fri, 22 Mar 2024 03:39:04 GMT
Connection: keep-alive
ETag: "65fcfd58-bea"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

salekit.page/assets/js/after_main.js?v=55

4.193.51.28

499 B

URL
salekit.page/assets/js/after_main.js?v=55
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
499 B (499 bytes)
Hash
e5e90bc3259f3a367425ad070c5b91e9
7f34b978bd993d17e8a3c6ab534be929c8d94bfc
4786777310a9ee28d750e5a3e9e010e57365eaaa9ce07ed1998e86217dd65268

HTTP Headers

GET /assets/js/after_main.js?v=55 HTTP/1.1
Host: salekit.page
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: application/javascript
Content-Length: 499
Last-Modified: Thu, 04 Apr 2024 03:34:48 GMT
Connection: keep-alive
ETag: "660e1fd8-1f3"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/assets/lib/carousel/owl.carousel.min.css

4.193.51.28

3.4 kB

URL
nk.checkpoin681.click/assets/lib/carousel/owl.carousel.min.css
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (3184)
Size
3.4 kB (3351 bytes)
Hash
b2752a850d44f50036628eeaef3bfcfa
fba46353cf90450ef3d362a123f1e7af3e8c561e
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc

HTTP Headers

GET /assets/lib/carousel/owl.carousel.min.css HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: text/css
Content-Length: 3351
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-d17"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/assets/css/reset_css.css?v=55

4.193.51.28

15 kB

URL
nk.checkpoin681.click/assets/css/reset_css.css?v=55
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
15 kB (15434 bytes)
Hash
a83d0e72a594299b4536aa115a5ccc93
66e7d94a3dc44cf326415a006d39c925359f77ee
ddb4d089b754ba7cc492947f369d7979280b3b2d570a816d5cc551c9d0633c57

HTTP Headers

GET /assets/css/reset_css.css?v=55 HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: text/css
Content-Length: 15434
Last-Modified: Fri, 22 Mar 2024 03:39:04 GMT
Connection: keep-alive
ETag: "65fcfd58-3c4a"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/assets/lib/animate.min.css?v=55

4.193.51.28

72 kB

URL
nk.checkpoin681.click/assets/lib/animate.min.css?v=55
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (65348)
Size
72 kB (71772 bytes)
Hash
ee0e52e59c8e132545ad8689a47a70dd
c2f2f627664aeb173e027ef00a81065353c4ce0e
0aad071474d584970d2165131984a67a27c11beb8001b2a8665123a189ffaba7

HTTP Headers

GET /assets/lib/animate.min.css?v=55 HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: text/css
Content-Length: 71772
Last-Modified: Wed, 06 Mar 2024 04:41:13 GMT
Connection: keep-alive
ETag: "65e7f3e9-1185c"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/assets/css/animate_text.css

4.193.51.28

15 kB

URL
nk.checkpoin681.click/assets/css/animate_text.css
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
15 kB (14589 bytes)
Hash
d58f7d401e7d09c7757278b0518bf7bc
3a61118169ad193753bb18020627551c0c4bd8c8
c1e803810f0135a01d93f55b96ffdc8891618f3a8ee1002c5b9ef2882d6329f0

HTTP Headers

GET /assets/css/animate_text.css HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: text/css
Content-Length: 14589
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-38fd"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/duotone.min.css

4.193.51.28

82 kB

URL
nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/duotone.min.css
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (65393)
Size
82 kB (81475 bytes)
Hash
b2ac7a0830df974f9c2dd619110a31f0
2180bf5a4c2b95eb9d298aa02a021dc7368ff6b6
b6efc91116e195b5a5c21effe3e31e00712e9f9087566ee0a1e089a2060bdbf9

HTTP Headers

GET /assets/font/fontawesome-pro-5.15.2/css/duotone.min.css HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: text/css
Content-Length: 81475
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-13e43"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/fontawesome.css

4.193.51.28

113 kB

URL
nk.checkpoin681.click/assets/font/fontawesome-pro-5.15.2/css/fontawesome.css
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
113 kB (112825 bytes)
Hash
116f91364b44669772751a8765f60dc8
2c7f8c78f1cf0c285059e057fc78e43c7598ecdd
9254ca503935d1aa04f5939a28075e77a802f3b0f4438f24a1af3223efd7f23b

HTTP Headers

GET /assets/font/fontawesome-pro-5.15.2/css/fontawesome.css HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: text/css
Content-Length: 112825
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-1b8b9"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/assets/lib/carousel/owl.carousel.min.js

4.193.51.28

44 kB

URL
nk.checkpoin681.click/assets/lib/carousel/owl.carousel.min.js
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JavaScript source, ASCII text, with very long lines (31997)
Size
44 kB (44342 bytes)
Hash
f416f9031fef25ae25ba9756e3eb6978
e2a600e433df72b4cfde93d7880e3114917a3cbe
a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d

HTTP Headers

GET /assets/lib/carousel/owl.carousel.min.js HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:44 GMT
Content-Type: application/javascript
Content-Length: 44342
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-ad36"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

salekit.page/assets/js/main_preview.js?v=55

4.193.51.28

135 kB

URL
salekit.page/assets/js/main_preview.js?v=55
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (369)
Size
135 kB (135157 bytes)
Hash
485e01ba91f158a46666612f9904c56e
d8ca7a402b8915e0960e25c8b2fd60b99ec5b30f
3b8a5d702006b97a5f080768b9cb63f44f837658b4424305e8586a26ee5c9904

HTTP Headers

GET /assets/js/main_preview.js?v=55 HTTP/1.1
Host: salekit.page
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:43 GMT
Content-Type: application/javascript
Content-Length: 135157
Last-Modified: Thu, 04 Apr 2024 10:57:28 GMT
Connection: keep-alive
ETag: "660e8798-20ff5"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

nk.checkpoin681.click/661607858d109d280322bf8e/lib_js/constant

4.193.51.28

1.0 kB

URL
nk.checkpoin681.click/661607858d109d280322bf8e/lib_js/constant
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text
Size
1.0 kB (1001 bytes)
Hash
80da47a659972f46184a9ddc89d713f6
9679398c916a6b6f9e8531015a469f012e563c0e
f9e5387f0083d908203581ef7b3987b4977640f9ae9a92976065d7a805117849

HTTP Headers

GET /661607858d109d280322bf8e/lib_js/constant HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:44 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache

nk.checkpoin681.click/assets/lib/jquery.2.1.1.min.js

4.193.51.28

84 kB

URL
nk.checkpoin681.click/assets/lib/jquery.2.1.1.min.js
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JavaScript source, ASCII text, with very long lines (32061)
Size
84 kB (84245 bytes)
Hash
e40ec2161fe7993196f23c8a07346306
afb90752e0a90c24b7f724faca86c5f3d15d1178
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

HTTP Headers

GET /assets/lib/jquery.2.1.1.min.js HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:44 GMT
Content-Type: application/javascript
Content-Length: 84245
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-14915"
Pragma: public
Cache-Control: public
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

salekit.page/assets/images/logo/salekitio_logo.png

4.193.51.28

4.1 kB

URL
salekit.page/assets/images/logo/salekitio_logo.png
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 160 x 38, 8-bit/color RGBA, non-interlaced
Size
4.1 kB (4114 bytes)
Hash
219971be9d8e987f1c8033f9f89c4982
ff6a66460f1866fbbf53e79786ecbf73679f45fb
dc3319e242336ba2deed244cb53835b334aa3e44ee87db75e86e82d7d45717c9

HTTP Headers

GET /assets/images/logo/salekitio_logo.png HTTP/1.1
Host: salekit.page
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:44 GMT
Content-Type: image/png
Content-Length: 4114
Last-Modified: Mon, 26 Feb 2024 04:50:23 GMT
Connection: keep-alive
ETag: "65dc188f-1012"
Accept-Ranges: bytes

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://nk.checkpoin681.click
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:32:46 GMT
expires: Fri, 18 Apr 2025 02:32:46 GMT
cache-control: public, max-age=31536000
age: 64138
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nk.checkpoin681.click/apiv1/landingpage/updateView

4.193.51.28

15 B

URL
nk.checkpoin681.click/apiv1/landingpage/updateView
IP
4.193.51.28:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON text data
Size
15 B (15 bytes)
Hash
ba5b6723e9df7319a90175587a04bc4e
beaee247c79d096b01998af4f35eefaa512750c6
d44c1f2a6531d774fda6e6eba865f1ba8aed10f372fe97f395895a8a1e1fa2a5

HTTP Headers

POST /apiv1/landingpage/updateView HTTP/1.1
Host: nk.checkpoin681.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 29
Origin: https://nk.checkpoin681.click
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/12345
Cookie: PHPSESSID=nlh69ncrclaok9smnunqpsl8t0; 661607858d109d280322bf8e=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Apr 2024 20:21:46 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache

photo.salekit.com/uploads/salepage_661606b68d109d280322bf8c/11111.png

14.225.18.24

259 kB

URL
photo.salekit.com/uploads/salepage_661606b68d109d280322bf8c/11111.png
IP
14.225.18.24:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
PNG image data, 1920 x 921, 8-bit/color RGBA, interlaced
Size
259 kB (258873 bytes)
Hash
0d4da4745acfe0dcda0e1b8688ad2403
de9c436a2d402113cccbcdf8b43267a35d1a88eb
e69f8d0e838453201b6e459e07bfb1cca5f976083f0d46836fb6f43696787518

HTTP Headers

GET /uploads/salepage_661606b68d109d280322bf8c/11111.png HTTP/1.1
Host: photo.salekit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.14.1
date: Thu, 18 Apr 2024 20:21:45 GMT
content-type: image/png
content-length: 258873
last-modified: Wed, 10 Apr 2024 03:59:59 GMT
etag: "66160ebf-3f339"
expires: Sat, 18 May 2024 20:21:45 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

photo.salekit.com/uploads/salepage_661606b68d109d280322bf8c/vip3.gif

14.225.18.24

733 kB

URL
photo.salekit.com/uploads/salepage_661606b68d109d280322bf8c/vip3.gif
IP
14.225.18.24:0
ASN
#135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

File type
GIF image data, version 89a, 500 x 600
Size
733 kB (732618 bytes)
Hash
1dc8719c81b43a9e43caa02e58bbe6cf
f9c53374a4e9752c5794dfa6db946325a4f4cd43
3250e092d1039e48de8ae20d7249ae5d142552fdedcdae6ee844cd46e3819337

HTTP Headers

GET /uploads/salepage_661606b68d109d280322bf8c/vip3.gif HTTP/1.1
Host: photo.salekit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nk.checkpoin681.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.14.1
date: Thu, 18 Apr 2024 20:21:45 GMT
content-type: image/gif
content-length: 732618
last-modified: Wed, 10 Apr 2024 03:59:37 GMT
etag: "66160ea9-b2dca"
expires: Sat, 18 May 2024 20:21:45 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

kh.cighelp.click/7

203.205.10.134

200 OK

12 kB

URL User Request GET HTTP/2
kh.cighelp.click/7
IP
203.205.10.134:443
ASN
#45903 CMC Telecom Infrastructure Company

Certificate
IssuerZeroSSL
Subjectkh.cighelp.click
FingerprintAA:DD:08:4C:67:B6:D2:AC:4F:71:B3:D1:6A:2B:78:B2:42:A6:10:CE
ValidityFri, 12 Apr 2024 00:00:00 GMT - Thu, 11 Jul 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (22389), with CR, LF line terminators
Size
12 kB (12304 bytes)
Hash
d1ed82b4a39b27a691c0bbe1c29c80eb
f110592dd48f2409c363c988bb9593fe09a4e153
9eec1050099b47a7412539c79aa91b982e6c7e4ff0cd452f6072e4b08d0f147d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /7 HTTP/1.1
Host: kh.cighelp.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.19.3.2
date: Thu, 18 Apr 2024 20:21:49 GMT
content-type: text/html; charset=utf-8
content-length: 12304
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
vary: accept-encoding
x-request-id: F8d5cOtYHeSpFjoIs2uB
access-control-allow-origin: *
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://kh.cighelp.click/7
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://kh.cighelp.click
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 01:54:31 GMT
expires: Wed, 16 Apr 2025 01:54:31 GMT
cache-control: public, max-age=31536000
age: 239238
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://kh.cighelp.click/7
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://kh.cighelp.click
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 16:27:38 GMT
expires: Wed, 16 Apr 2025 16:27:38 GMT
cache-control: public, max-age=31536000
age: 186851
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

kh.cighelp.click/address_wc/address.84.min.js?v=1

203.205.10.134

200 OK

89 kB

URL GET HTTP/2
kh.cighelp.click/address_wc/address.84.min.js?v=1
IP
203.205.10.134:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerZeroSSL
Subjectkh.cighelp.click
FingerprintAA:DD:08:4C:67:B6:D2:AC:4F:71:B3:D1:6A:2B:78:B2:42:A6:10:CE
ValidityFri, 12 Apr 2024 00:00:00 GMT - Thu, 11 Jul 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (58425)
Size
89 kB (89268 bytes)
Hash
bcce9fe11b6a03f20fe1e6e8b55b1aee
67f9bab35bc2d85020b96e0c46e4178b9d7a8bc9
eb391c914c6c4ee5aa01ae03eaddf7d09acad25535a9f2cb31da425f347fd065

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

HTTP Headers

GET /address_wc/address.84.min.js?v=1 HTTP/1.1
Host: kh.cighelp.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.3.2
date: Thu, 18 Apr 2024 20:21:49 GMT
content-type: application/javascript
content-length: 89268
service-worker-allowed: /
accept-ranges: bytes
cache-control: public, max-age=31536000
content-encoding: gzip
etag: "7C47507"
vary: Accept-Encoding
access-control-allow-origin: *
X-Firefox-Spdy: h2

kh.cighelp.click/page_view.gif?pid=04437df7-5f27-484c-94e8-6b14f72c6fbd

203.205.10.134

200 OK

35 B

URL GET HTTP/2
kh.cighelp.click/page_view.gif?pid=04437df7-5f27-484c-94e8-6b14f72c6fbd
IP
203.205.10.134:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerZeroSSL
Subjectkh.cighelp.click
FingerprintAA:DD:08:4C:67:B6:D2:AC:4F:71:B3:D1:6A:2B:78:B2:42:A6:10:CE
ValidityFri, 12 Apr 2024 00:00:00 GMT - Thu, 11 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

HTTP Headers

GET /page_view.gif?pid=04437df7-5f27-484c-94e8-6b14f72c6fbd HTTP/1.1
Host: kh.cighelp.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.3.2
date: Thu, 18 Apr 2024 20:21:49 GMT
content-type: image/gif
content-length: 35
cache-control: max-age=0, private, must-revalidate
x-request-id: F8d5cQbtOqpYjwcIUv7D
access-control-allow-origin: *
X-Firefox-Spdy: h2

kh.cighelp.click/webcake/v4/fff57a8c-ca66-4e3b-96df-5a0e55363edb

203.205.10.134

200 OK

110 kB

URL GET HTTP/2
kh.cighelp.click/webcake/v4/fff57a8c-ca66-4e3b-96df-5a0e55363edb
IP
203.205.10.134:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerZeroSSL
Subjectkh.cighelp.click
FingerprintAA:DD:08:4C:67:B6:D2:AC:4F:71:B3:D1:6A:2B:78:B2:42:A6:10:CE
ValidityFri, 12 Apr 2024 00:00:00 GMT - Thu, 11 Jul 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65470)
Size
110 kB (110073 bytes)
Hash
9c167466da191511970c71204bd80ed3
9d9ce183a58d5417da95324d798a856015fa9874
8449b66969fc2bc8d3ca8b90c0a368cc28f25862bdb2f5bee70818f1ad72eb95

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

HTTP Headers

GET /webcake/v4/fff57a8c-ca66-4e3b-96df-5a0e55363edb HTTP/1.1
Host: kh.cighelp.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.3.2
date: Thu, 18 Apr 2024 20:21:49 GMT
content-length: 110073
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
vary: accept-encoding
x-request-id: F8d5cQbXuGofP1d25LzD
access-control-allow-origin: *
X-Firefox-Spdy: h2

api.webcake.io/render_iconfont/iconfont.css?v=1

113.20.119.13

200 OK

302 B

URL GET HTTP/2
api.webcake.io/render_iconfont/iconfont.css?v=1
IP
113.20.119.13:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerSectigo Limited
Subject*.webcake.io
Fingerprint8D:AC:11:28:4F:78:54:5F:A1:F8:4E:EF:09:BB:29:11:40:A4:D2:30
ValidityFri, 29 Sep 2023 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
ASCII text
Size
302 B (302 bytes)
Hash
e35bda369458e13a9de042dabef63b49
d37d221d9eee4bbaf39c66ef1c9907996a101c09
a7f565be47dcd36f197bdb273b3cdd06ac2ac12e7b7d44ac089f6461f9fe2394

HTTP Headers

GET /render_iconfont/iconfont.css?v=1 HTTP/1.1
Host: api.webcake.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.15.8.2
date: Thu, 18 Apr 2024 20:21:50 GMT
content-type: text/css
content-length: 302
service-worker-allowed: /
accept-ranges: bytes
cache-control: public, max-age=31536000
content-encoding: gzip
etag: "2ED106"
vary: Accept-Encoding
X-Firefox-Spdy: h2

api.webcake.io/animate/animatev4.css?v=1

113.20.119.13

200 OK

6.7 kB

URL GET HTTP/2
api.webcake.io/animate/animatev4.css?v=1
IP
113.20.119.13:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerSectigo Limited
Subject*.webcake.io
Fingerprint8D:AC:11:28:4F:78:54:5F:A1:F8:4E:EF:09:BB:29:11:40:A4:D2:30
ValidityFri, 29 Sep 2023 00:00:00 GMT - Tue, 01 Oct 2024 23:59:59 GMT

File type
ASCII text
Size
6.7 kB (6707 bytes)
Hash
9696d7f622ae25a26f8ea7d8ccf48b8b
10bf8ac510b34778c24c46208a98696a15758a64
5a0a021a59ca4c7381a7fc358ba5572400b1a9f47aee1bcb2d520f218991f447

HTTP Headers

GET /animate/animatev4.css?v=1 HTTP/1.1
Host: api.webcake.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.15.8.2
date: Thu, 18 Apr 2024 20:21:50 GMT
content-type: text/css
content-length: 6707
service-worker-allowed: /
accept-ranges: bytes
cache-control: public, max-age=31536000
content-encoding: gzip
etag: "4114F2F"
vary: Accept-Encoding
X-Firefox-Spdy: h2

content.pancake.vn/1/s600x450/fwebp/e6/9f/8d/0e/838453201b6e459e07bfb1cca5f976083f0d46836fb6f43696787518.png

113.20.119.10

200 OK

27 kB

URL GET HTTP/2
content.pancake.vn/1/s600x450/fwebp/e6/9f/8d/0e/838453201b6e459e07bfb1cca5f976083f0d46836fb6f43696787518.png
IP
113.20.119.10:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerSectigo Limited
Subject*.pancake.vn
Fingerprint4C:04:4A:05:69:92:1D:2B:AD:84:10:DC:24:50:2B:66:E9:C9:AB:1B
ValidityMon, 10 Jul 2023 00:00:00 GMT - Fri, 12 Jul 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
27 kB (26826 bytes)
Hash
8a2e375898e417d5eae6ac759784594b
7edd048b065c3c25a8a3c65bc14bff834bc4fe2c
92fcdd7ccbf27b47513cb23b13cd7988d2ffd4c0816056bafeca1fc9b346c91c

HTTP Headers

GET /1/s600x450/fwebp/e6/9f/8d/0e/838453201b6e459e07bfb1cca5f976083f0d46836fb6f43696787518.png HTTP/1.1
Host: content.pancake.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 18 Apr 2024 20:21:50 GMT
content-type: image/webp
content-length: 26826
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: 
cache-control: public, max-age=2505600
etag: 838453201b6e459e07bfb1cca5f976083f0d46836fb6f43696787518.png
accept-ranges: bytes
X-Firefox-Spdy: h2

content.pancake.vn/1/s700x450/fwebp/72/4b/22/21/399f6ab069d66e4c8059ec058258dc61907c0a1eadcbe63791bc1af9.jpg

113.20.119.10

200 OK

5.3 kB

URL GET HTTP/2
content.pancake.vn/1/s700x450/fwebp/72/4b/22/21/399f6ab069d66e4c8059ec058258dc61907c0a1eadcbe63791bc1af9.jpg
IP
113.20.119.10:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerSectigo Limited
Subject*.pancake.vn
Fingerprint4C:04:4A:05:69:92:1D:2B:AD:84:10:DC:24:50:2B:66:E9:C9:AB:1B
ValidityMon, 10 Jul 2023 00:00:00 GMT - Fri, 12 Jul 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 686x429, Scaling: [none]x[none], YUV color, decoders should clamp
Size
5.3 kB (5348 bytes)
Hash
d4f8775620519dbf90581a4c388ca124
e5f76e0318a47742ec0276dcd02ede2e227b0f0a
f32c8d948a69e9c46a37104aa37a73255b623ef556248781eb7212576e34b92c

HTTP Headers

GET /1/s700x450/fwebp/72/4b/22/21/399f6ab069d66e4c8059ec058258dc61907c0a1eadcbe63791bc1af9.jpg HTTP/1.1
Host: content.pancake.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 18 Apr 2024 20:21:50 GMT
content-type: image/webp
content-length: 5348
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: 
cache-control: public, max-age=2505600
etag: 399f6ab069d66e4c8059ec058258dc61907c0a1eadcbe63791bc1af9.jpg
accept-ranges: bytes
X-Firefox-Spdy: h2

kh.cighelp.click/sync/04437df7-5f27-484c-94e8-6b14f72c6fbd

203.205.10.134

200 OK

65 B

URL GET HTTP/2
kh.cighelp.click/sync/04437df7-5f27-484c-94e8-6b14f72c6fbd
IP
203.205.10.134:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerZeroSSL
Subjectkh.cighelp.click
FingerprintAA:DD:08:4C:67:B6:D2:AC:4F:71:B3:D1:6A:2B:78:B2:42:A6:10:CE
ValidityFri, 12 Apr 2024 00:00:00 GMT - Thu, 11 Jul 2024 23:59:59 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
59413744ae5c322acb759e834d27bcef
213d148985d39261e3c33fadb7f232bdc8527e5e
3f2075ae1e3ca7261c17558ee154020f661b4a3aa4422a2ced569d52df3cd141

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook

HTTP Headers

GET /sync/04437df7-5f27-484c-94e8-6b14f72c6fbd HTTP/1.1
Host: kh.cighelp.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/7
Cookie: _p_session_id=04f8b5a3-289a-42db-89e8-9d360a3e329d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty/1.19.3.2
date: Thu, 18 Apr 2024 20:21:51 GMT
content-type: application/json; charset=utf-8
content-length: 65
cache-control: max-age=0, private, must-revalidate
x-request-id: F8d5cW3DJ6sEyBMIs22B
access-control-allow-origin: *
X-Firefox-Spdy: h2

content.pancake.vn/1/s600x600/fwebp/49/8a/4a/b8/f3cc0cbc4cc23c304abdacdac4483b2636aecc0e33bc715d5a5966e7.png

113.20.119.10

200 OK

14 kB

URL GET HTTP/2
content.pancake.vn/1/s600x600/fwebp/49/8a/4a/b8/f3cc0cbc4cc23c304abdacdac4483b2636aecc0e33bc715d5a5966e7.png
IP
113.20.119.10:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerSectigo Limited
Subject*.pancake.vn
Fingerprint4C:04:4A:05:69:92:1D:2B:AD:84:10:DC:24:50:2B:66:E9:C9:AB:1B
ValidityMon, 10 Jul 2023 00:00:00 GMT - Fri, 12 Jul 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
14 kB (14346 bytes)
Hash
4c4d16ece23112e1e39fe472bfa40fb4
5cdf94c8ffb463aaf1be76f70a5498617e1d0e9d
2649a3640d1a6f6d5ed4f3dd9719432fd4d4e6273fcb047954df8b61327ef74b

HTTP Headers

GET /1/s600x600/fwebp/49/8a/4a/b8/f3cc0cbc4cc23c304abdacdac4483b2636aecc0e33bc715d5a5966e7.png HTTP/1.1
Host: content.pancake.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 18 Apr 2024 20:21:51 GMT
content-type: image/webp
content-length: 14346
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: 
cache-control: public, max-age=2505600
etag: f3cc0cbc4cc23c304abdacdac4483b2636aecc0e33bc715d5a5966e7.png
accept-ranges: bytes
X-Firefox-Spdy: h2

a.pancake.vn/js/app.js?vsn=d

113.20.119.13

200 OK

4.9 kB

URL GET HTTP/2
a.pancake.vn/js/app.js?vsn=d
IP
113.20.119.13:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerSectigo Limited
Subject*.pancake.vn
Fingerprint4C:04:4A:05:69:92:1D:2B:AD:84:10:DC:24:50:2B:66:E9:C9:AB:1B
ValidityMon, 10 Jul 2023 00:00:00 GMT - Fri, 12 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (4869), with no line terminators
Size
4.9 kB (4869 bytes)
Hash
2256f1b3f8d83aae868f3e546a7fa5ec
c59eb80f98846f38f28cfa496c824829ed39c789
74b62bbff4866e7a99770a845517c37ae2f1315f850b48028c1697038cb58c7f

HTTP Headers

GET /js/app.js?vsn=d HTTP/1.1
Host: a.pancake.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.15.8.2
date: Thu, 18 Apr 2024 20:21:52 GMT
content-type: text/javascript
content-length: 4869
accept-ranges: bytes
cache-control: public, max-age=31536000
X-Firefox-Spdy: h2

a.pancake.vn/collect?dl=https%3A%2F%2Fkh.cighelp.click%2F7&hn=kh.cighelp.click&sc=https%3A&sr=1280x1024&vp=1280x800&dt=Facebook&tid=ab-lp-04437df7-5f27-484c-94e8-6b14f72c6fbd&ts=1713471712690&_v=2.0&fr=&_aba=CPA2.1713471712688.3.0d3d7c58-6dd0-4d52-9161-499c14aecea4&_abd=CPD2.1713471712689.3.222366e4-5ab9-4bcb-9de2-be3b565155af&_abt=CPT2.1713471712689.3.e3d1af76-784d-4717-b884-2a8a00c782a6&campaign_id=null&campaign_variant_id=null

113.20.119.13

200 OK

35 B

URL GET HTTP/2
a.pancake.vn/collect?dl=https%3A%2F%2Fkh.cighelp.click%2F7&hn=kh.cighelp.click&sc=https%3A&sr=1280x1024&vp=1280x800&dt=Facebook&tid=ab-lp-04437df7-5f27-484c-94e8-6b14f72c6fbd&ts=1713471712690&_v=2.0&fr=&_aba=CPA2.1713471712688.3.0d3d7c58-6dd0-4d52-9161-499c14aecea4&_abd=CPD2.1713471712689.3.222366e4-5ab9-4bcb-9de2-be3b565155af&_abt=CPT2.1713471712689.3.e3d1af76-784d-4717-b884-2a8a00c782a6&campaign_id=null&campaign_variant_id=null
IP
113.20.119.13:443
ASN
#45903 CMC Telecom Infrastructure Company

Requested by
https://kh.cighelp.click/7
Certificate
IssuerSectigo Limited
Subject*.pancake.vn
Fingerprint4C:04:4A:05:69:92:1D:2B:AD:84:10:DC:24:50:2B:66:E9:C9:AB:1B
ValidityMon, 10 Jul 2023 00:00:00 GMT - Fri, 12 Jul 2024 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

HTTP Headers

GET /collect?dl=https%3A%2F%2Fkh.cighelp.click%2F7&hn=kh.cighelp.click&sc=https%3A&sr=1280x1024&vp=1280x800&dt=Facebook&tid=ab-lp-04437df7-5f27-484c-94e8-6b14f72c6fbd&ts=1713471712690&_v=2.0&fr=&_aba=CPA2.1713471712688.3.0d3d7c58-6dd0-4d52-9161-499c14aecea4&_abd=CPD2.1713471712689.3.222366e4-5ab9-4bcb-9de2-be3b565155af&_abt=CPT2.1713471712689.3.e3d1af76-784d-4717-b884-2a8a00c782a6&campaign_id=null&campaign_variant_id=null HTTP/1.1
Host: a.pancake.vn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty/1.15.8.2
date: Thu, 18 Apr 2024 20:21:53 GMT
content-type: image/gif
content-length: 35
cache-control: max-age=0, private, must-revalidate
cross-origin-window-policy: deny
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: F8d5cd9k07cM8y4GJkpk
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:100,300,400,700,900&display=swap

142.250.74.106

200 OK

12 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:100,300,400,700,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://kh.cighelp.click/7
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text
Size
12 kB (11685 bytes)
Hash
1eb0fc73df28026d228d100265553551
d8f0b28bc98e7a57a7f886994c7ceefd111f0a69
ca70f34d4f6f51f432835b3f8671fe4b4d2f43b048570e37474bbcec992ce4da

HTTP Headers

GET /css?family=Roboto:100,300,400,700,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kh.cighelp.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 20:21:49 GMT
date: Thu, 18 Apr 2024 20:21:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL