returndepositlink.com/Ref%2345233/
45.133.200.3302 Found 250 B URL User Request GET HTTP/2 returndepositlink.com/Ref%2345233/
IP 45.133.200.3:443
ASN #200313 WEB_GroupInternet INC
Certificate IssuerLet's Encrypt
Subject*.returndepositlink.com
Fingerprint13:B4:0F:25:6B:75:23:21:92:2C:86:D6:F4:39:09:BD:EA:04:30:35
ValidityTue, 25 Apr 2023 21:58:28 GMT - Mon, 24 Jul 2023 21:58:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 412f269940cf45fd5d46e7804a0f111a
c6df47793d82a956d1a9b816b16db73e2169b136
d4397db13ebdc19e228af82922bb58aed81f2e8e42acfe567890d64fcb9ed5c4
Analyzer Verdict Alert openphish Interac e-Transfer
fortinet Phishing
GET /Ref%2345233/ HTTP/1.1
Host: returndepositlink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 04 May 2023 01:54:38 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 250
Connection: keep-alive
Location: https://returndepositlink.com/Ref%2345233/
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: MISS
X-Server-Powered-By: Engintron
returndepositlink.com/Ref%2345233/
45.133.200.3302 Found 239 B URL User Request GET HTTP/2 returndepositlink.com/Ref%2345233/
IP 45.133.200.3:443
ASN #200313 WEB_GroupInternet INC
Certificate IssuerLet's Encrypt
Subject*.returndepositlink.com
Fingerprint13:B4:0F:25:6B:75:23:21:92:2C:86:D6:F4:39:09:BD:EA:04:30:35
ValidityTue, 25 Apr 2023 21:58:28 GMT - Mon, 24 Jul 2023 21:58:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a0322c6e4188040f0a43bdee241924d0
57a08847b2fb734a7796c8fa9a68aa3316d68340
6d05574ba261c89584d5524b3e41b8e55030b9514943c08fbcb2313a6472539c
Analyzer Verdict Alert openphish Interac e-Transfer
fortinet Phishing
GET /Ref%2345233/ HTTP/1.1
Host: returndepositlink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Thu, 04 May 2023 01:54:38 GMT
content-type: text/html; charset=iso-8859-1
content-length: 239
location: https://returndepositlink.com/cgi-sys/suspendedpage.cgi
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
X-Firefox-Spdy: h2
returndepositlink.com/favicon.ico
45.133.200.3302 Found 239 B URL GET HTTP/2 returndepositlink.com/favicon.ico
IP 45.133.200.3:443
ASN #200313 WEB_GroupInternet INC
Requested by https://returndepositlink.com/cgi-sys/suspendedpage.cgi
Certificate IssuerLet's Encrypt
Subject*.returndepositlink.com
Fingerprint13:B4:0F:25:6B:75:23:21:92:2C:86:D6:F4:39:09:BD:EA:04:30:35
ValidityTue, 25 Apr 2023 21:58:28 GMT - Mon, 24 Jul 2023 21:58:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a0322c6e4188040f0a43bdee241924d0
57a08847b2fb734a7796c8fa9a68aa3316d68340
6d05574ba261c89584d5524b3e41b8e55030b9514943c08fbcb2313a6472539c
GET /favicon.ico HTTP/1.1
Host: returndepositlink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://returndepositlink.com/cgi-sys/suspendedpage.cgi
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 04 May 2023 01:54:39 GMT
content-type: text/html; charset=iso-8859-1
content-length: 239
location: https://returndepositlink.com/cgi-sys/suspendedpage.cgi
expires: Mon, 03 Jul 2023 01:54:39 GMT
cache-control: max-age=5184000
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2
172.64.133.15200 OK 39 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.0.6/webfonts/fa-solid-900.woff2
IP 172.64.133.15:443
Requested by https://returndepositlink.com/cgi-sys/suspendedpage.cgi
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF8:B8:F9:45:BF:19:61:F1:60:E0:B4:AF:F4:E5:96:31:40:A4:84:69
ValidityMon, 06 Jun 2022 00:00:00 GMT - Mon, 05 Jun 2023 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 38784, version 1.0\012- data
Hash f9b85c9463af7103b9b24bbbf09a06ed
d28d7222bcbeb8ea701a771e85f7efe006e62fb1
62554277d07b20c6bfae7c6267b3198b4846f604a37d4085bf9f54c392210b56
GET /releases/v5.0.6/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://returndepositlink.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 04 May 2023 01:54:39 GMT
content-type: application/font-woff2
content-length: 38784
x-amz-id-2: U8Rt7BNZx5yc6g/s9fnx888EarDF/fwpVpR5jpjmduZikz8+xgNo14x2sDwqzPRmwcdmP0beO94=
x-amz-request-id: Z0MA5Q4G3NVYESXA
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:27:50 GMT
etag: "f9b85c9463af7103b9b24bbbf09a06ed"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 41339
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VfWgCZyUvXU6GuuiMCkzJ0%2BsYYA9De912VeUjUU%2BYAi6zDCjZ677TsXp4WZBEn5%2BuoIJ%2BoumVYWIF1h6Rxnrl591LnAN%2BauEpEwBTXhzIy8wflfoRAPuUfW0%2F2txRFq%2BsXDCdFou"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1d1df43ee623bf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
returndepositlink.com/cgi-sys/suspendedpage.cgi
45.133.200.3200 OK 7.6 kB URL User Request GET HTTP/2 returndepositlink.com/cgi-sys/suspendedpage.cgi
IP 45.133.200.3:443
ASN #200313 WEB_GroupInternet INC
Certificate IssuerLet's Encrypt
Subject*.returndepositlink.com
Fingerprint13:B4:0F:25:6B:75:23:21:92:2C:86:D6:F4:39:09:BD:EA:04:30:35
ValidityTue, 25 Apr 2023 21:58:28 GMT - Mon, 24 Jul 2023 21:58:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7806), with no line terminators
Hash f30c311b9f5f30fb1ac8afb9560f3d12
de5f4eb48af265ef7bfae8a18324fb8bf0e66d1b
0d58d0d964f58a5a7a45a0d51a130a636ed3c8018b5491a88c6520a07eec2a2f
Analyzer Verdict Alert fortinet Phishing
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: returndepositlink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 04 May 2023 01:54:38 GMT
content-type: text/html
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.0.6/css/all.css
172.64.133.15200 OK 35 kB URL GET HTTP/2 use.fontawesome.com/releases/v5.0.6/css/all.css
IP 172.64.133.15:443
Requested by https://returndepositlink.com/cgi-sys/suspendedpage.cgi
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF8:B8:F9:45:BF:19:61:F1:60:E0:B4:AF:F4:E5:96:31:40:A4:84:69
ValidityMon, 06 Jun 2022 00:00:00 GMT - Mon, 05 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (34556)
Hash 42eaa52604673b64d6b356c2fd7f87e3
6b59cb703b2d4a7a2691f13008062b46a6bc7fdb
ed0f122470c4d13d86bbabdc38046d743d0228204a56d786d2e17bd83fd358ce
GET /releases/v5.0.6/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://returndepositlink.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 04 May 2023 01:54:39 GMT
content-type: text/css
x-amz-id-2: H9hK29b5iFPEy8TCVIP5G7upJA9ACrAE7U0DxTvyHEokOqcJQDZk0RrIb6gPiJ2nNAhA+oTFP3U=
x-amz-request-id: ZPVHR3KYK4NCQZSJ
last-modified: Wed, 30 Jun 2021 15:27:49 GMT
etag: W/"42eaa52604673b64d6b356c2fd7f87e3"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 773960
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f9GjRrCh%2Fp8u6bS4UbMvbbZ9pWxJ%2FNEpyMFMSZLPJA%2BYOzLXya7Kglxj0qlqKa2UNUfVJxEYukEUK6xGZuBRlI0K97fu5EP8wlQQ1o2y4KJu2aawVvV8iNu9mmCHS5GEwQlbzztP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1d1df33d1688b5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
returndepositlink.com/cgi-sys/suspendedpage.cgi
45.133.200.3200 OK 7.6 kB URL GET HTTP/2 returndepositlink.com/cgi-sys/suspendedpage.cgi
IP 45.133.200.3:443
ASN #200313 WEB_GroupInternet INC
Requested by https://returndepositlink.com/cgi-sys/suspendedpage.cgi
Certificate IssuerLet's Encrypt
Subject*.returndepositlink.com
Fingerprint13:B4:0F:25:6B:75:23:21:92:2C:86:D6:F4:39:09:BD:EA:04:30:35
ValidityTue, 25 Apr 2023 21:58:28 GMT - Mon, 24 Jul 2023 21:58:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7806), with no line terminators
Hash f30c311b9f5f30fb1ac8afb9560f3d12
de5f4eb48af265ef7bfae8a18324fb8bf0e66d1b
0d58d0d964f58a5a7a45a0d51a130a636ed3c8018b5491a88c6520a07eec2a2f
Analyzer Verdict Alert fortinet Phishing
GET /cgi-sys/suspendedpage.cgi HTTP/1.1
Host: returndepositlink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://returndepositlink.com/cgi-sys/suspendedpage.cgi
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 04 May 2023 01:54:39 GMT
content-type: text/html
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: HIT
x-server-powered-by: Engintron
content-encoding: gzip
X-Firefox-Spdy: h2