20.113.67.50302 Found 466 B URL User Request GET HTTP/1.1 IP 20.113.67.50:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerLet's Encrypt
Subjectapp.secads.club
FingerprintBD:DE:53:85:01:8C:EA:AF:64:CD:60:55:7A:E0:15:1B:26:09:60:25
ValidityMon, 17 Apr 2023 06:31:06 GMT - Sun, 16 Jul 2023 06:31:05 GMT
File type HTML document, ASCII text, with very long lines (464)
Hash 79530f11d1430dd893aea3551503da6b
c11a380ea407c7c84959a793ff51943e8a5034a7
d5383f00717a1a61b585fdb1190ea121d47b3de77ac9cd2a990f2f4068776626
Analyzer Verdict Alert fortinet Phishing
GET /15GBdn HTTP/1.1
Host: app.secads.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Thu, 25 May 2023 08:19:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 466
Connection: keep-alive
Location: http://nine3app.xyz/ef494c32/?clickid=ed7aa7a334acffeef6044bb78e332d41-10342-0525&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=ac3892fe1f385d25ccd2bc0ca3a143ed$buP5xd5OqQ191jl4yIM9Hw--pBJNh39Tx.8_oUQNb0k__i3AYuk1IU6LDDzNxOhLGIwrQo1FefV0morJs6Z5uy3hMYbWV3AQPUWzHRuNQ8O.T0vBVRSrylwi4IP23k9m1ySIzbUN7qfFuLiqgjNUGz9tQwKY8QZZSzkQwvHLZXtWBTHD2.v1bQbHGqNZfDAz02XIJzrBQfwGCxy19So8A1yL
Set-Cookie: 15GBdnl=1; Path=/; Domain=app.secads.club; Max-Age=1685089140; Secure; SameSite=None
pc-cid=ed7aa7a334acffeef6044bb78e332d41-10342-0525; Path=/; Domain=app.secads.club; Max-Age=1685089140; Secure; SameSite=None
pc-campaign=15GBdn; Path=/; Domain=app.secads.club; Max-Age=1685089140; Secure; SameSite=None
pc-linf=eyIxIjoiMTVHQmRuIiwiMTIiOjc3MzMsIjIiOjk4NDc4MCwiMyI6IldpdGhvdXQgcmVmZXJlciIsIjQiOnt9LCI1IjoyMjcxMDAsIjExIjoyMTk2MTksIjkiOjE2ODUwMDI3NDA5MTIyOTM4MDcsIjEwIjowLCIxMyI6MCwiMTQiOjEsIjYiOjEsIjciOjAsIjE1IjowLCJDaWQiOiJlZDdhYTdhMzM0YWNmZmVlZjYwNDRiYjc4ZTMzMmQ0MS0xMDM0Mi0wNTI1In0=; Path=/; Domain=app.secads.club; Max-Age=1685089140; Secure; SameSite=None
nine3app.xyz/ef494c32/?clickid=ed7aa7a334acffeef6044bb78e332d41-10342-0525&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=ac3892fe1f385d25ccd2bc0ca3a143ed$buP5xd5OqQ191jl4yIM9Hw--pBJNh39Tx.8_oUQNb0k__i3AYuk1IU6LDDzNxOhLGIwrQo1FefV0morJs6Z5uy3hMYbWV3AQPUWzHRuNQ8O.T0vBVRSrylwi4IP23k9m1ySIzbUN7qfFuLiqgjNUGz9tQwKY8QZZSzkQwvHLZXtWBTHD2.v1bQbHGqNZfDAz02XIJzrBQfwGCxy19So8A1yL
188.114.97.1200 OK 6.9 kB URL User Request GET HTTP/1.1 nine3app.xyz/ef494c32/?clickid=ed7aa7a334acffeef6044bb78e332d41-10342-0525&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=ac3892fe1f385d25ccd2bc0ca3a143ed$buP5xd5OqQ191jl4yIM9Hw--pBJNh39Tx.8_oUQNb0k__i3AYuk1IU6LDDzNxOhLGIwrQo1FefV0morJs6Z5uy3hMYbWV3AQPUWzHRuNQ8O.T0vBVRSrylwi4IP23k9m1ySIzbUN7qfFuLiqgjNUGz9tQwKY8QZZSzkQwvHLZXtWBTHD2.v1bQbHGqNZfDAz02XIJzrBQfwGCxy19So8A1yL
IP 188.114.97.1:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, Unicode text, UTF-8 text
Hash b42a547811bd12d04e8b3f81f8295454
f073b37b34ed15d67d39ae8c2d012c41791b6638
b533388a3e324d3c03a87d5af05b9c43496814ed590421d5cb54b5b1405eb6fe
GET /ef494c32/?clickid=ed7aa7a334acffeef6044bb78e332d41-10342-0525&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=ac3892fe1f385d25ccd2bc0ca3a143ed$buP5xd5OqQ191jl4yIM9Hw--pBJNh39Tx.8_oUQNb0k__i3AYuk1IU6LDDzNxOhLGIwrQo1FefV0morJs6Z5uy3hMYbWV3AQPUWzHRuNQ8O.T0vBVRSrylwi4IP23k9m1ySIzbUN7qfFuLiqgjNUGz9tQwKY8QZZSzkQwvHLZXtWBTHD2.v1bQbHGqNZfDAz02XIJzrBQfwGCxy19So8A1yL HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 May 2023 08:19:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T1yQTC0gblEB%2F%2Bo1ty%2BOr%2F6c%2FTQdJ8cFmtTN6aFclwyX4%2F5BABzG3N%2BowJzK4eMdAcdnwA7e1gkuoRXqgFOPx01usSa03F%2BfFS8duya2HCUGpW2mo86h9bAoTwL1vzk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ccc59db5a5ab505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
nine3app.xyz/ef494c32/gp2.png
188.114.97.1200 OK 6.6 kB URL GET HTTP/1.1 nine3app.xyz/ef494c32/gp2.png
IP 188.114.97.1:80
Requested by http://nine3app.xyz/ef494c32/?clickid=ed7aa7a334acffeef6044bb78e332d41-10342-0525&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=ac3892fe1f385d25ccd2bc0ca3a143ed$buP5xd5OqQ191jl4yIM9Hw--pBJNh39Tx.8_oUQNb0k__i3AYuk1IU6LDDzNxOhLGIwrQo1FefV0morJs6Z5uy3hMYbWV3AQPUWzHRuNQ8O.T0vBVRSrylwi4IP23k9m1ySIzbUN7qfFuLiqgjNUGz9tQwKY8QZZSzkQwvHLZXtWBTHD2.v1bQbHGqNZfDAz02XIJzrBQfwGCxy19So8A1yL
File type PNG image data, 646 x 250, 8-bit colormap, non-interlaced\012- data
Hash 1f12a6762bc48d9b8718238d2da2c41d
c349b997c783fcefe385f1c5e88c4836d2a84cd5
decc3938dfd47c68d5dfbd2e9e30286b4664382d3938145ed7e16bb1b33fb08f
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /ef494c32/gp2.png HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=ed7aa7a334acffeef6044bb78e332d41-10342-0525&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=ac3892fe1f385d25ccd2bc0ca3a143ed$buP5xd5OqQ191jl4yIM9Hw--pBJNh39Tx.8_oUQNb0k__i3AYuk1IU6LDDzNxOhLGIwrQo1FefV0morJs6Z5uy3hMYbWV3AQPUWzHRuNQ8O.T0vBVRSrylwi4IP23k9m1ySIzbUN7qfFuLiqgjNUGz9tQwKY8QZZSzkQwvHLZXtWBTHD2.v1bQbHGqNZfDAz02XIJzrBQfwGCxy19So8A1yL
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 May 2023 08:19:01 GMT
Content-Type: image/png
Content-Length: 6567
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 19:42:43 GMT
ETag: "641b5a33-19a7"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fSLB2yJ85J8BPyJ53n%2FXaxNCsqLo2YVFnDZfXviW3alKBra%2BsYFqZoZtDkBmLh%2Fq57d%2F4%2FuIi1OvcimcCIN7oGksD7SkVZfAvd%2BEVNnO1oD2qPmi9Ku0qQM6x%2FcF8zg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ccc59dd7e3db4ee-OSL
alt-svc: h2=":443"; ma=60
nine3app.xyz/ef494c32/icon.png
188.114.97.1200 OK 8.7 kB URL GET HTTP/1.1 nine3app.xyz/ef494c32/icon.png
IP 188.114.97.1:80
Requested by http://nine3app.xyz/ef494c32/?clickid=ed7aa7a334acffeef6044bb78e332d41-10342-0525&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=ac3892fe1f385d25ccd2bc0ca3a143ed$buP5xd5OqQ191jl4yIM9Hw--pBJNh39Tx.8_oUQNb0k__i3AYuk1IU6LDDzNxOhLGIwrQo1FefV0morJs6Z5uy3hMYbWV3AQPUWzHRuNQ8O.T0vBVRSrylwi4IP23k9m1ySIzbUN7qfFuLiqgjNUGz9tQwKY8QZZSzkQwvHLZXtWBTHD2.v1bQbHGqNZfDAz02XIJzrBQfwGCxy19So8A1yL
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash db0156e7646f17debf44c9ce4e79b3f1
a0dbacd714b52e9d360b21ea47022dc6124be88c
935bea814a879495307745976751ff1e1003721c4d2e0d5e3487a5111fb2efff
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /ef494c32/icon.png HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=ed7aa7a334acffeef6044bb78e332d41-10342-0525&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=ac3892fe1f385d25ccd2bc0ca3a143ed$buP5xd5OqQ191jl4yIM9Hw--pBJNh39Tx.8_oUQNb0k__i3AYuk1IU6LDDzNxOhLGIwrQo1FefV0morJs6Z5uy3hMYbWV3AQPUWzHRuNQ8O.T0vBVRSrylwi4IP23k9m1ySIzbUN7qfFuLiqgjNUGz9tQwKY8QZZSzkQwvHLZXtWBTHD2.v1bQbHGqNZfDAz02XIJzrBQfwGCxy19So8A1yL
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 May 2023 08:19:01 GMT
Content-Type: image/png
Content-Length: 8730
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 19:42:43 GMT
ETag: "641b5a33-221a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AvZQyh3nMoi%2F7l8kTSf4gthmB3jLQtZWdSlBPmolza496SMSx1WKZuQu1kunDUCetZF%2F0DNIKC%2Bgo9o293G8%2BlmnfLCs5zzzz6C5l0hv6Z1SBHwA3ib3tBnUkgFacvA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ccc59ded871b4ee-OSL
alt-svc: h2=":443"; ma=60
nine3app.xyz/ef494c32/logo.gif
188.114.97.1200 OK 576 kB URL GET HTTP/1.1 nine3app.xyz/ef494c32/logo.gif
IP 188.114.97.1:80
Requested by http://nine3app.xyz/ef494c32/?clickid=ed7aa7a334acffeef6044bb78e332d41-10342-0525&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=ac3892fe1f385d25ccd2bc0ca3a143ed$buP5xd5OqQ191jl4yIM9Hw--pBJNh39Tx.8_oUQNb0k__i3AYuk1IU6LDDzNxOhLGIwrQo1FefV0morJs6Z5uy3hMYbWV3AQPUWzHRuNQ8O.T0vBVRSrylwi4IP23k9m1ySIzbUN7qfFuLiqgjNUGz9tQwKY8QZZSzkQwvHLZXtWBTHD2.v1bQbHGqNZfDAz02XIJzrBQfwGCxy19So8A1yL
File type GIF image data, version 89a, 600 x 450\012- data
Size 576 kB (576506 bytes)
Hash 20c9b05df6f1f4e49cc480f38192843c
731f14c0ca99e86273befea9fa0c01e35bf56dfa
9ffb1d0edcd4f997bb8dc7265dd66531a70bb9da30e46e1b9018ebab141cbefe
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /ef494c32/logo.gif HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=ed7aa7a334acffeef6044bb78e332d41-10342-0525&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=ac3892fe1f385d25ccd2bc0ca3a143ed$buP5xd5OqQ191jl4yIM9Hw--pBJNh39Tx.8_oUQNb0k__i3AYuk1IU6LDDzNxOhLGIwrQo1FefV0morJs6Z5uy3hMYbWV3AQPUWzHRuNQ8O.T0vBVRSrylwi4IP23k9m1ySIzbUN7qfFuLiqgjNUGz9tQwKY8QZZSzkQwvHLZXtWBTHD2.v1bQbHGqNZfDAz02XIJzrBQfwGCxy19So8A1yL
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 May 2023 08:19:01 GMT
Content-Type: image/gif
Content-Length: 576506
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 19:42:43 GMT
ETag: "641b5a33-8cbfa"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4liujVBbKfz%2FA%2BwZqqq8JWjvSfymGVQ3qUdffil76D2lEdC3evhQHfMoIU4XCeJonxcrIn%2BJC0c8Q6uc%2Bz%2Bfqh4WRFHE1Z0JPZ%2FEuuIduXuOwWmFkb7YPNnC%2BapXvNQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ccc59dd7dc1b505-OSL
alt-svc: h2=":443"; ma=60