Report - app.secads.club/15GBdn

Report Overview

Submitted URL
app.secads.club/15GBdn
IP
20.113.188.243
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2023-05-28 18:00:02
Access
public
Website Title
Final URL
Tags
fake_software fraud
urlquery detections
Fraud - Fake AntiVirus / Security software

Detections

urlquery
4
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
app.secads.club	449868	2020-05-13	2020-09-29	2023-05-27	478 B	1.7 kB	20.113.188.243
nine3app.xyz	unknown	2022-09-19	2022-09-19	2023-05-28	3.0 kB	601 kB	172.67.157.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-05-28	medium	app.secads.club/15GBdn

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD	850 B	2023-03-07	2023-10-28
Pretty URL nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD IP 172.67.157.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:33 Last Seen2023-10-28 09:21:22 Times Seen30 Hash b5ce6f525300a02520c6e36c39d487f7 f852a841d3c2c7ee60277443be6df7d83097628f f510c1821e20996bb680669675e35e5549c6f0a9d1ec36088b0456de75fe3d91 Loading...

	nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD	2.6 kB	2023-04-07	2023-10-28
Pretty URL nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD IP 172.67.157.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 13:07:42 Last Seen2023-10-28 09:21:22 Times Seen16 Hash d25752950061d512fbc4e2c513264590 4bb1324828ba2d4223e10b84b5270d866dc7bed0 548a463f5bc925ffc2bfb10512f4c41447b66967b370cfdf5688e6e74d198299 Loading...

	nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD	808 B	2023-03-07	2023-10-28
Pretty URL nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD IP 172.67.157.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:33 Last Seen2023-10-28 09:21:22 Times Seen43 Hash 9387121d3b02292ab68ac53fdbfec83e 8407143bb45f31607f9d1321842a668e2fbf2e37 8b5f1f6a8e4d0a126a7931ee9bf67adfd00a80d5c5a96caea43eebaf709752aa Loading...

	nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD	123 B	2023-03-07	2024-01-23
Pretty URL nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD IP 172.67.157.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:12:09 Last Seen2024-01-23 13:14:28 Times Seen49 Hash 6cacb23aae6d334593347caa218ccb46 af11315302d0d545a613fe846e46bdb145872258 13f4ca4927ccce62dc067ec49023fb91d1cfbd6f007e0293e4790c8be61a09fc Loading...

	nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD	119 B	2023-03-07	2024-02-26
Pretty URL nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD IP 172.67.157.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:03 Last Seen2024-02-26 05:48:59 Times Seen319 Hash 40adfc7020eed6822d9a553b6f710bd5 282072495ab52126a4c5741743aa874c2ae640b8 d9b5e2b293f25653e320861bc6ecc82bf843ff04153c03ba1170ad15f5a87166 Loading...

	nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD	394 B	2023-03-07	2024-02-20
Pretty URL nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD IP 172.67.157.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:33 Last Seen2024-02-20 04:00:17 Times Seen198 Hash 77facbc307103b51a034521d35ad22b4 a9d8bbf441feac65ba68482313a8e854f3e2a369 143787357389ec269451a7aeee9a541fc06afbcacc0d507b66c449fa19107007 Loading...

HTTP Transactions (5)

URL IP Response Size

app.secads.club/15GBdn

20.113.188.243

302 Found

466 B

URL User Request GET HTTP/1.1
app.secads.club/15GBdn
IP
20.113.188.243:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerLet's Encrypt
Subjectapp.secads.club
FingerprintBD:DE:53:85:01:8C:EA:AF:64:CD:60:55:7A:E0:15:1B:26:09:60:25
ValidityMon, 17 Apr 2023 06:31:06 GMT - Sun, 16 Jul 2023 06:31:05 GMT

File type
HTML document, ASCII text, with very long lines (464)
Size
466 B (466 bytes)
Hash
27e89a17d867ca3b897627c2e906fc58
62e8d5433e899d5a1aff61b6c56467f415facd1f
9d8da27da1a550a40ba9332d82eac5adca077c6a84066761239563001835bd3b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /15GBdn HTTP/1.1
Host: app.secads.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Sun, 28 May 2023 17:59:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 466
Connection: keep-alive
Location: http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
Set-Cookie: 15GBdnl=1; Path=/; Domain=app.secads.club; Max-Age=1685383185; Secure; SameSite=None
pc-cid=8d26a71fbbce05866c0dbef3276c445c-10342-0528; Path=/; Domain=app.secads.club; Max-Age=1685383185; Secure; SameSite=None
pc-campaign=15GBdn; Path=/; Domain=app.secads.club; Max-Age=1685383185; Secure; SameSite=None
pc-linf=eyIxIjoiMTVHQmRuIiwiMTIiOjc3MzMsIjIiOjk4NDc4MCwiMyI6IldpdGhvdXQgcmVmZXJlciIsIjQiOnt9LCI1IjoyMjcxMDAsIjExIjoyMTk2MTksIjkiOjE2ODUyOTY3ODUwNzAxNzI1NjIsIjEwIjowLCIxMyI6MCwiMTQiOjEsIjYiOjEsIjciOjAsIjE1IjowLCJDaWQiOiI4ZDI2YTcxZmJiY2UwNTg2NmMwZGJlZjMyNzZjNDQ1Yy0xMDM0Mi0wNTI4In0=; Path=/; Domain=app.secads.club; Max-Age=1685383185; Secure; SameSite=None

nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD

172.67.157.207

200 OK

6.9 kB

URL User Request GET HTTP/1.1
nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
IP
172.67.157.207:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, Unicode text, UTF-8 text
Size
6.9 kB (6945 bytes)
Hash
b42a547811bd12d04e8b3f81f8295454
f073b37b34ed15d67d39ae8c2d012c41791b6638
b533388a3e324d3c03a87d5af05b9c43496814ed590421d5cb54b5b1405eb6fe

HTTP Headers

GET /ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 28 May 2023 17:59:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERwUNE%2BkSS7NY7eWW6bxFzsb37m0oV0Ot7Ju01FFz3gU640azKGO7pg6ICET8AOXGTxhi5qVKXmVH6BB4bvav19MBBXwsfjd9Wa6snKh2PsSFlf0iMuhfHzECArmPGI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ce864aade1f0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

nine3app.xyz/ef494c32/gp2.png

104.21.8.187

200 OK

6.6 kB

URL GET HTTP/1.1
nine3app.xyz/ef494c32/gp2.png
IP
104.21.8.187:80
ASN
#13335 CLOUDFLARENET

Requested by
http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD

File type
PNG image data, 646 x 250, 8-bit colormap, non-interlaced\012- data
Size
6.6 kB (6567 bytes)
Hash
1f12a6762bc48d9b8718238d2da2c41d
c349b997c783fcefe385f1c5e88c4836d2a84cd5
decc3938dfd47c68d5dfbd2e9e30286b4664382d3938145ed7e16bb1b33fb08f

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

GET /ef494c32/gp2.png HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 28 May 2023 17:59:45 GMT
Content-Type: image/png
Content-Length: 6567
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 19:42:43 GMT
ETag: "641b5a33-19a7"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qFHkpYgPu8oHFpUulZp7RJd7SljMKQj8st0HihDEwOv9IRALgbk6jFzEXzhKFhjoZp2TXujJrOrlLGeQ%2BizcfLujshumWhfbbteo1Y20z%2BUITwhypSbET7WTS8x6mAE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ce864acdab3b4eb-OSL
alt-svc: h2=":443"; ma=60

nine3app.xyz/ef494c32/icon.png

104.21.8.187

200 OK

8.7 kB

URL GET HTTP/1.1
nine3app.xyz/ef494c32/icon.png
IP
104.21.8.187:80
ASN
#13335 CLOUDFLARENET

Requested by
http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD

File type
PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
8.7 kB (8730 bytes)
Hash
db0156e7646f17debf44c9ce4e79b3f1
a0dbacd714b52e9d360b21ea47022dc6124be88c
935bea814a879495307745976751ff1e1003721c4d2e0d5e3487a5111fb2efff

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

GET /ef494c32/icon.png HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 28 May 2023 17:59:45 GMT
Content-Type: image/png
Content-Length: 8730
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 19:42:43 GMT
ETag: "641b5a33-221a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nEEnc0IaUnxzYKHBw65XPxlJbak3h3qyK2RxGgC22SvvcnA99y5Cfiw7rp%2BIOqTOJSrAs6kbDcHj8T8VdIlzSusxT%2FzvNmf3tJC6apckCwKUoTdVPv8kSYR%2BBzq7IfM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ce864ae4d13b4eb-OSL
alt-svc: h2=":443"; ma=60

nine3app.xyz/ef494c32/logo.gif

172.67.157.207

200 OK

576 kB

URL GET HTTP/1.1
nine3app.xyz/ef494c32/logo.gif
IP
172.67.157.207:80
ASN
#13335 CLOUDFLARENET

Requested by
http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD

File type
GIF image data, version 89a, 600 x 450\012- data
Size
576 kB (576506 bytes)
Hash
20c9b05df6f1f4e49cc480f38192843c
731f14c0ca99e86273befea9fa0c01e35bf56dfa
9ffb1d0edcd4f997bb8dc7265dd66531a70bb9da30e46e1b9018ebab141cbefe

Detections

Analyzer	Verdict	Alert
urlquery	fraud	Fraud - Fake AntiVirus / Security software

HTTP Headers

GET /ef494c32/logo.gif HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 28 May 2023 17:59:45 GMT
Content-Type: image/gif
Content-Length: 576506
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 19:42:43 GMT
ETag: "641b5a33-8cbfa"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YtQNoaIJ0X6ZrduJbIa8M8enXUbTeyi5fnZHgE7g0ml9a9A141914VOYL0TxhA4dMP4zCLY3Wnoe2VuaCMVUVZBRs%2FLdIBe8iObBmythAPMKDFL9j3CdS2NTjQ1vDw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ce864acd8fd0b59-OSL
alt-svc: h2=":443"; ma=60

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP