20.113.188.243302 Found 466 B URL User Request GET HTTP/1.1 IP 20.113.188.243:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerLet's Encrypt
Subjectapp.secads.club
FingerprintBD:DE:53:85:01:8C:EA:AF:64:CD:60:55:7A:E0:15:1B:26:09:60:25
ValidityMon, 17 Apr 2023 06:31:06 GMT - Sun, 16 Jul 2023 06:31:05 GMT
File type HTML document, ASCII text, with very long lines (464)
Hash 27e89a17d867ca3b897627c2e906fc58
62e8d5433e899d5a1aff61b6c56467f415facd1f
9d8da27da1a550a40ba9332d82eac5adca077c6a84066761239563001835bd3b
Analyzer Verdict Alert fortinet Phishing
GET /15GBdn HTTP/1.1
Host: app.secads.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Sun, 28 May 2023 17:59:45 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 466
Connection: keep-alive
Location: http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
Set-Cookie: 15GBdnl=1; Path=/; Domain=app.secads.club; Max-Age=1685383185; Secure; SameSite=None
pc-cid=8d26a71fbbce05866c0dbef3276c445c-10342-0528; Path=/; Domain=app.secads.club; Max-Age=1685383185; Secure; SameSite=None
pc-campaign=15GBdn; Path=/; Domain=app.secads.club; Max-Age=1685383185; Secure; SameSite=None
pc-linf=eyIxIjoiMTVHQmRuIiwiMTIiOjc3MzMsIjIiOjk4NDc4MCwiMyI6IldpdGhvdXQgcmVmZXJlciIsIjQiOnt9LCI1IjoyMjcxMDAsIjExIjoyMTk2MTksIjkiOjE2ODUyOTY3ODUwNzAxNzI1NjIsIjEwIjowLCIxMyI6MCwiMTQiOjEsIjYiOjEsIjciOjAsIjE1IjowLCJDaWQiOiI4ZDI2YTcxZmJiY2UwNTg2NmMwZGJlZjMyNzZjNDQ1Yy0xMDM0Mi0wNTI4In0=; Path=/; Domain=app.secads.club; Max-Age=1685383185; Secure; SameSite=None
nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
172.67.157.207200 OK 6.9 kB URL User Request GET HTTP/1.1 nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
IP 172.67.157.207:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, Unicode text, UTF-8 text
Hash b42a547811bd12d04e8b3f81f8295454
f073b37b34ed15d67d39ae8c2d012c41791b6638
b533388a3e324d3c03a87d5af05b9c43496814ed590421d5cb54b5b1405eb6fe
GET /ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 28 May 2023 17:59:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERwUNE%2BkSS7NY7eWW6bxFzsb37m0oV0Ot7Ju01FFz3gU640azKGO7pg6ICET8AOXGTxhi5qVKXmVH6BB4bvav19MBBXwsfjd9Wa6snKh2PsSFlf0iMuhfHzECArmPGI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ce864aade1f0b59-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
nine3app.xyz/ef494c32/gp2.png
104.21.8.187200 OK 6.6 kB URL GET HTTP/1.1 nine3app.xyz/ef494c32/gp2.png
IP 104.21.8.187:80
Requested by http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
File type PNG image data, 646 x 250, 8-bit colormap, non-interlaced\012- data
Hash 1f12a6762bc48d9b8718238d2da2c41d
c349b997c783fcefe385f1c5e88c4836d2a84cd5
decc3938dfd47c68d5dfbd2e9e30286b4664382d3938145ed7e16bb1b33fb08f
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /ef494c32/gp2.png HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 28 May 2023 17:59:45 GMT
Content-Type: image/png
Content-Length: 6567
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 19:42:43 GMT
ETag: "641b5a33-19a7"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qFHkpYgPu8oHFpUulZp7RJd7SljMKQj8st0HihDEwOv9IRALgbk6jFzEXzhKFhjoZp2TXujJrOrlLGeQ%2BizcfLujshumWhfbbteo1Y20z%2BUITwhypSbET7WTS8x6mAE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ce864acdab3b4eb-OSL
alt-svc: h2=":443"; ma=60
nine3app.xyz/ef494c32/icon.png
104.21.8.187200 OK 8.7 kB URL GET HTTP/1.1 nine3app.xyz/ef494c32/icon.png
IP 104.21.8.187:80
Requested by http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
File type PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash db0156e7646f17debf44c9ce4e79b3f1
a0dbacd714b52e9d360b21ea47022dc6124be88c
935bea814a879495307745976751ff1e1003721c4d2e0d5e3487a5111fb2efff
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /ef494c32/icon.png HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 28 May 2023 17:59:45 GMT
Content-Type: image/png
Content-Length: 8730
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 19:42:43 GMT
ETag: "641b5a33-221a"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nEEnc0IaUnxzYKHBw65XPxlJbak3h3qyK2RxGgC22SvvcnA99y5Cfiw7rp%2BIOqTOJSrAs6kbDcHj8T8VdIlzSusxT%2FzvNmf3tJC6apckCwKUoTdVPv8kSYR%2BBzq7IfM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ce864ae4d13b4eb-OSL
alt-svc: h2=":443"; ma=60
nine3app.xyz/ef494c32/logo.gif
172.67.157.207200 OK 576 kB URL GET HTTP/1.1 nine3app.xyz/ef494c32/logo.gif
IP 172.67.157.207:80
Requested by http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
File type GIF image data, version 89a, 600 x 450\012- data
Size 576 kB (576506 bytes)
Hash 20c9b05df6f1f4e49cc480f38192843c
731f14c0ca99e86273befea9fa0c01e35bf56dfa
9ffb1d0edcd4f997bb8dc7265dd66531a70bb9da30e46e1b9018ebab141cbefe
Analyzer Verdict Alert urlquery fraud Fraud - Fake AntiVirus / Security software
GET /ef494c32/logo.gif HTTP/1.1
Host: nine3app.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nine3app.xyz/ef494c32/?clickid=8d26a71fbbce05866c0dbef3276c445c-10342-0528&device_name=Desktop&device_brand=Desktop&device_model=Desktop&domain=app.secads.club&pr_key=0d764156ec2ef84b16a4b9a2520a3525$QlPpSnklTInivjGZ8nlSnA--y21dvNQ59PbiJ_s0nEv59eAbXII2j2qMqNjWP25yAARRFSpF1flRYtvncdzJsGXGnZFxir8BBnPOFqju10RDs8JOKqnhNeBdD96Mj2YDgHOCTERb2MeTpzUTW6J7JC438CSXiLx91iJajjsPFM9MYEvlKlw3Zxas7MLYc7riH5qx6l1K_Y.qCfKRJoeiV1gD
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 28 May 2023 17:59:45 GMT
Content-Type: image/gif
Content-Length: 576506
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 19:42:43 GMT
ETag: "641b5a33-8cbfa"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YtQNoaIJ0X6ZrduJbIa8M8enXUbTeyi5fnZHgE7g0ml9a9A141914VOYL0TxhA4dMP4zCLY3Wnoe2VuaCMVUVZBRs%2FLdIBe8iObBmythAPMKDFL9j3CdS2NTjQ1vDw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ce864acd8fd0b59-OSL
alt-svc: h2=":443"; ma=60