Report - track.responsegift.com/cbd34e57-ef01-47ba-b82c-fa437f912456/2

Report Overview

Submitted URL
track.responsegift.com/cbd34e57-ef01-47ba-b82c-fa437f912456/2
IP
18.192.249.87
ASN
#16509 AMAZON-02
Submitted
2024-04-19 11:37:15
Access
public
Website Title
Zelle
Final URL
1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd#
Tags
zelle phishing financial
urlquery detections
Phishing - zelle

Detections

urlquery
19
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jouteetu.net	260109	2021-07-08	2021-07-15	2024-04-18	876 B	1.3 kB	139.45.197.251
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-19	996 B	1.1 kB	139.45.197.250
track.responsegift.com	unknown	unknown	No data	No data	515 B	1.4 kB	18.192.249.87
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-18	1.5 kB	1.9 kB	139.45.195.8
1.alkads.com	unknown	unknown	No data	No data	14 kB	579 kB	104.21.43.240
pentlyconger.com	unknown	2021-08-12	2021-08-13	2024-04-18	899 B	4.0 kB	18.192.249.87
ouphouch.com	278626	2021-09-14	2021-09-14	2024-03-27	1.0 kB	15 kB	139.45.197.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	amunfezanttor.com	Sinkholed
2024-04-19	medium	amunfezanttor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd	497 B	2024-04-19	2024-04-19
Pretty URL 1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd IP 104.21.43.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 13:37:21 Last Seen2024-04-19 13:37:21 Times Seen1 Hash ad5b4aa6af13ec2cc0d90a80ddbd4330 76503f9da697e286e9b6b2fba536e8f8a4d88282 edc7e796310140acdbc710a4f203ed07a034d7a9eb1d5c121664a9766e6bb4d5 Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=9c663d1007dec76d517c8d649a86f6072a79b5585ab25d14184327476f4627a8	697 B	2024-04-19	2024-04-19
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=9c663d1007dec76d517c8d649a86f6072a79b5585ab25d14184327476f4627a8 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 13:37:21 Last Seen2024-04-19 13:37:21 Times Seen2 Hash c0f0f92ca7ad5742bab3604a5edcead3 39a8119d6b9942d6676c0805fa41c931874df4f3 f7406dc2b25e60330427144a83f4f94fb15b2938347405f0648619e1bf7dbbc6 Loading...

	ouphouch.com/pfe/current/micro.tag.min.js?z=7354034&sw=/sw-check-permissions-73a3b.js	37 kB	2024-04-19	2024-04-24
Pretty URL ouphouch.com/pfe/current/micro.tag.min.js?z=7354034&sw=/sw-check-permissions-73a3b.js IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 11:01:02 Last Seen2024-04-24 10:13:15 Times Seen137 Hash a20bcaec96bee3dbd00db263a10489fd 2b938c0fe930489aab17567f78269f42d43e0555 b09a1860a090fc1aa1b482392060a3bb197d25044275dda41fdce5770ba758ba Loading...

	pentlyconger.com/d/.js?lpref=&lpurl=https%3A%2F%2F1.alkads.com%2Fze1%2F%3Fcep%3Dl-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN%26lptoken%3D176113c052f1840609fd%23&lpt=Zelle&vtm=1713526610550	3.7 kB	2024-04-19	2024-04-19
Pretty URL pentlyconger.com/d/.js?lpref=&lpurl=https%3A%2F%2F1.alkads.com%2Fze1%2F%3Fcep%3Dl-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN%26lptoken%3D176113c052f1840609fd%23&lpt=Zelle&vtm=1713526610550 IP 18.192.249.87 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 13:37:21 Last Seen2024-04-19 13:37:21 Times Seen2 Hash fa32ca933e6ece38dba06c4bff86f1d5 674ceba18018fe36a6e50a323acc1510f361771f a84b48d41c268e9d51ed7d9f3ab9deed726cae4e61774b15adb8d21aa6ef582d Loading...

	1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd	1.6 kB	2023-03-07	2024-05-02
Pretty URL 1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd IP 104.21.43.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:40:21 Last Seen2024-05-02 10:18:28 Times Seen465 Hash 88f1478c977eac6c59d28d1c7ddd80df 647aefa687a36f49bb7d25375da25718445dd31f 14c9a3ed05798d5a423b51ccb9b1e568a62e4b268e721a41c129de8b5df51ccd Loading...

	1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd	937 B	2024-04-19	2024-04-19
Pretty URL 1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd IP 104.21.43.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 13:37:21 Last Seen2024-04-19 13:37:21 Times Seen1 Hash a3bb336e4329d3b4cae418f8c5de344a 7526531205e0565976dd68d03ccf0016504007d0 8bf6cee96aac2b6e0611f5a6b1771616a88ee60e813138aa885f955450b68800 Loading...

	1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd	3.0 kB	2024-04-19	2024-04-19
Pretty URL 1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd IP 104.21.43.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 13:37:21 Last Seen2024-04-19 13:37:21 Times Seen1 Hash beb347ee2924d6f3a7573bb054a458e4 e9e5b3f0bd2841653e6d6a6f315113125c953782 9fbf623596ac57554e9c1cc04c720dbefa7114e652708b2a840a5523db3a19a6 Loading...

	1.alkads.com/ze1/js/jquery.min.js	86 kB	2023-03-07	2024-05-02
Pretty URL 1.alkads.com/ze1/js/jquery.min.js IP 104.21.43.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-02 12:27:42 Times Seen387228 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	1.alkads.com/ze1/js/bootstrap.min.js	58 kB	2023-03-07	2024-04-30
Pretty URL 1.alkads.com/ze1/js/bootstrap.min.js IP 104.21.43.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:41:57 Last Seen2024-04-30 21:10:32 Times Seen3307 Hash 0a958254db529f99f475080fe2a6dcdb eebc17246f2beda813dd3372593cc54a152f9cb4 3bcd802e9f77849e7c1e93c87279fbbb04d45949d2be79b03566ceacde29b158 Loading...

	1.alkads.com/ze1/js/notifications.js	1.6 kB	2024-04-19	2024-04-19
Pretty URL 1.alkads.com/ze1/js/notifications.js IP 104.21.43.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 13:37:21 Last Seen2024-04-19 13:37:21 Times Seen2 Hash f1b4e3ce2a538523f24a619343f25066 fc706dc6ace8416ceadbeefd56b35ead3bf61736 e2d1d112ada3c3cbc7e919e95b1090e08b7677044ad9256bb1046638f46571d7 Loading...

	1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd	402 B	2024-04-19	2024-04-19
Pretty URL 1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd IP 104.21.43.240 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 13:37:21 Last Seen2024-04-19 13:37:21 Times Seen1 Hash 78d7f0d8eafe6faa21495488e9e912bd bebd11b28dce5104641edf7f5d89c7ef36c424b5 566933ca340dd87b71fba780ac57842bee550dc41bee2f83baab63b48f8244fb Loading...

HTTP Transactions (28)

URL IP Response Size

track.responsegift.com/cbd34e57-ef01-47ba-b82c-fa437f912456/2

18.192.249.87

302 Found

0 B

URL User Request GET HTTP/2
track.responsegift.com/cbd34e57-ef01-47ba-b82c-fa437f912456/2
IP
18.192.249.87:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjecttrack.responsegift.com
FingerprintF0:87:A1:EF:55:28:F7:F4:84:AA:D2:13:2A:41:38:AD:67:D9:44:97
ValidityFri, 29 Mar 2024 06:54:04 GMT - Thu, 27 Jun 2024 06:54:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cbd34e57-ef01-47ba-b82c-fa437f912456/2 HTTP/1.1
Host: track.responsegift.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Fri, 19 Apr 2024 11:36:49 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
pragma: no-cache
set-cookie: cbd34e57-ef01-47ba-b82c-fa437f912456-v4=UyNVd2JnPqBHMbq5zssJwJCYF_GXbV1vKwR4TYik45U; Max-Age=86400; Expires=Sat, 20-Apr-2024 11:36:49 GMT; Domain=track.responsegift.com; Path=/; Secure; HttpOnly;SameSite=None
cep-v4=aD85dxIuS26NkagiI83toQkmKlbE1vWey8JzqpoaDFImpvrmjiyKHOlmF9ztJ_jiuJqVR6zT4sk5SaHMIWdKQXefK2XyP58u2RwpjWgt5kgJHe3pRXQzqxakDO59Rj_0ldkyFjlDdnDvply816KdP-J9KDtQPAOJ-2wQG27gP2ACt21XgGVVcI2aXOIQrFMSy_CGMKg-2WH0JKYH1Cb-ACbGiRkLLK5GQ6PZhiJyuwLe50OkV3BrOh7g07yNbpkfyKFyy2YhervJ9SaZi1vkb5l5ghxtQR_iLijpwltto1EL2PoaI0kSpHc-EuF2IZP__m4KBMD9xGSaVaC5ClTUCTiYSF5EmSKCNkGd7w2oCt2pHvoY-tHrDQggI333sdBN; Max-Age=86400; Expires=Sat, 20-Apr-2024 11:36:49 GMT; Domain=track.responsegift.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

my.rtmark.net/p.js?f=sync&lr=1&partner=9c663d1007dec76d517c8d649a86f6072a79b5585ab25d14184327476f4627a8

139.45.195.8

200 OK

697 B

URL GET HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=9c663d1007dec76d517c8d649a86f6072a79b5585ab25d14184327476f4627a8
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JavaScript source, ASCII text
Size
697 B (697 bytes)
Hash
c0f0f92ca7ad5742bab3604a5edcead3
39a8119d6b9942d6676c0805fa41c931874df4f3
f7406dc2b25e60330427144a83f4f94fb15b2938347405f0648619e1bf7dbbc6

HTTP Headers

GET /p.js?f=sync&lr=1&partner=9c663d1007dec76d517c8d649a86f6072a79b5585ab25d14184327476f4627a8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 11:36:49 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

1.alkads.com/ze1/png/logo.png

104.21.43.240

200 OK

3.0 kB

URL GET HTTP/3
1.alkads.com/ze1/png/logo.png
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
PNG image data, 144 x 60, 8-bit/color RGBA, non-interlaced
Size
3.0 kB (3049 bytes)
Hash
a47252e63c9de7bbb6f266986e991861
7f10420d29f0d0acb54e6b0e5ca0c4e9fb9c643c
6a159b41f9e3b1f4925c724ffbdb5d117d1a3de3d0cb8891271ab9cbde60cc6c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/png/logo.png HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: image/png
content-length: 3049
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
etag: "6620dff4-be9"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=af1bslgxzeqUi53PbQdh6nYZUHWangt2En82JFqpuGFIal89DV90Pj%2Ft9xjaCqmHZbpkCnvQ1MOEPGb4S7TjUor4bgauVIFLf4VLKD0usa2%2BfpBgJI1APor%2BoqmUAog%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c995f0df10b4d-OSL
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/png/_mark1.png

104.21.43.240

200 OK

9.8 kB

URL GET HTTP/3
1.alkads.com/ze1/png/_mark1.png
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
PNG image data, 257 x 184, 8-bit colormap, non-interlaced
Size
9.8 kB (9798 bytes)
Hash
5a1320306aa2e00c157ab7b393035ffe
954eebaf1272ecb737243c816cfafac36f086291
e7d4a4738b3217a9462c27825973bfd5b8083cdbc65e7dbfb460e8e82a113258

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/png/_mark1.png HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: image/png
content-length: 9798
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
etag: "6620dff4-2646"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j8mS7y6jvdwRAQ1drcq11ujfiq2N%2Bx9Qsr6GmKRwc4B%2BXoCwOJYt6UKiNnRMFO30ch1db%2BX24pLS5H8IrwSBPBNH5HwEPKWjzAX%2Bv3XvzQ1KjR0AdHyv3Dy5V5ZFQCI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c995f0df30b4d-OSL
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/jpg/comment-image.jpg

104.21.43.240

200 OK

7.4 kB

URL GET HTTP/3
1.alkads.com/ze1/jpg/comment-image.jpg
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 200x135, components 3
Size
7.4 kB (7447 bytes)
Hash
3e54062f3ac568f3bead01dc59ee82d5
23fd5c086c75c2a6bb851956c4f5c2a959a68ec5
1c37a7880e179fae774f6906842dad0239286b6df3aa97fc6d0da2bddfd9378b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/jpg/comment-image.jpg HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: image/jpeg
content-length: 7447
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
etag: "6620dff4-1d17"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HtHsXQ06hTCXyWesn%2BQxph9CnLU6bMzYw3eKBYS5aNRC5qzZCCkyY%2FDUi%2FvzVZ%2BGmAZNThui%2BguK8%2B8%2BVs7ImebfV435AcoUFioVucimZVfrkLxk6wF1Y55IP%2BrhDWg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c995f0df50b4d-OSL
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/png/samsung-s10.png

104.21.43.240

200 OK

16 kB

URL GET HTTP/3
1.alkads.com/ze1/png/samsung-s10.png
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
PNG image data, 250 x 158, 8-bit/color RGBA, non-interlaced
Size
16 kB (16143 bytes)
Hash
16779548cd28c219f6b7e6d8f9c295ea
ce04f611e506c5053cbfe95dc91c64ecb4d74295
8bfabc7e33f6acf8e094e8deb498d4e6f68fbdad46c624e5dad10c3667799cf1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/png/samsung-s10.png HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: image/png
content-length: 16143
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
etag: "6620dff4-3f0f"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bHImRDCqzAhmUPffL61sxD%2F6KoXCgL%2FCN3DOt8ai7NMeRQesbc01HDXz7vkKcuwt4FbxXNf4VtLR5RJXjfGs3nTlgXLH5TktTOufXrQ%2F5RVePMkTTy3KedNN10XHtls%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c995f1df90b4d-OSL
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/png/11.png

104.21.43.240

200 OK

20 kB

URL GET HTTP/3
1.alkads.com/ze1/png/11.png
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
PNG image data, 531 x 531, 8-bit/color RGBA, non-interlaced
Size
20 kB (19608 bytes)
Hash
1c7e1037a62b15dc080894acb7955aa7
4400836d965f60e0dc7f093ce50b2c869f0f5ab7
c379ce20c3e8081a24ee7f71d94ad73d88d2d2db94c99b1d33effd4d6849f31a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/png/11.png HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: image/png
content-length: 19608
last-modified: Thu, 18 Apr 2024 10:29:07 GMT
etag: "6620f5f3-4c98"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DKuzb8S%2BrlkYvE5zm%2FGKoW71nBxjDrIuYI4PdE0H7A3cveo5ZJIRabLC2e0URAPSuIrQoRLyAtgXvwlQmrFPwsR68UJzHxUvCq2oKi53I8VlxCXCzLC44tV4F622IVI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c995f1dfa0b4d-OSL
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/png/_mark3_samsung_s10.png

104.21.43.240

200 OK

16 kB

URL GET HTTP/3
1.alkads.com/ze1/png/_mark3_samsung_s10.png
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
PNG image data, 250 x 158, 8-bit/color RGBA, non-interlaced
Size
16 kB (16143 bytes)
Hash
951d92c6549976227824e2b46effdb7a
0c3b41fe6936be33fd954483dad85d7d73a85b6f
20cb874db642861945c7497100d70d60b6d8b0b83bf8139d21504faa2483d130

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/png/_mark3_samsung_s10.png HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: image/png
content-length: 16143
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
etag: "6620dff4-3f0f"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0iJb0YoJTQ%2BN%2F8CbkHCBF0cmlf1UIYcHiPibGeS%2BjmR0IyBJCZItJiTxvZDp99%2BnUwKDn4vyB29aYRi8l%2FCBnUO1w2iOmkWlz2xYCPHGaB9clI4hoiBHiIaJBPaimuQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c995f1df70b4d-OSL
alt-svc: h3=":443"; ma=86400

pentlyconger.com/d/.js?lpref=&lpurl=https%3A%2F%2F1.alkads.com%2Fze1%2F%3Fcep%3Dl-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN%26lptoken%3D176113c052f1840609fd%23&lpt=Zelle&vtm=1713526610550

18.192.249.87

200 OK

3.7 kB

URL GET HTTP/2
pentlyconger.com/d/.js?lpref=&lpurl=https%3A%2F%2F1.alkads.com%2Fze1%2F%3Fcep%3Dl-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN%26lptoken%3D176113c052f1840609fd%23&lpt=Zelle&vtm=1713526610550
IP
18.192.249.87:443
ASN
#16509 AMAZON-02

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerLet's Encrypt
Subjectpentlyconger.com
Fingerprint95:5B:7D:F6:FF:DE:FA:66:4E:48:88:35:D4:C3:41:42:A9:E7:CE:EB
ValidityThu, 21 Mar 2024 08:54:13 GMT - Wed, 19 Jun 2024 08:54:12 GMT

File type
JavaScript source, ASCII text, with very long lines (1680)
Size
3.7 kB (3711 bytes)
Hash
fa32ca933e6ece38dba06c4bff86f1d5
674ceba18018fe36a6e50a323acc1510f361771f
a84b48d41c268e9d51ed7d9f3ab9deed726cae4e61774b15adb8d21aa6ef582d

HTTP Headers

GET /d/.js?lpref=&lpurl=https%3A%2F%2F1.alkads.com%2Fze1%2F%3Fcep%3Dl-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN%26lptoken%3D176113c052f1840609fd%23&lpt=Zelle&vtm=1713526610550 HTTP/1.1
Host: pentlyconger.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: application/javascript;charset=UTF-8
content-length: 3711
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
X-Firefox-Spdy: h2

ouphouch.com/zone?&pub=0&zone_id=7354034&is_mobile=false&domain=1.alkads.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.501&trace_id=4e1863cf-0655-4044-9a86-3c138994ac5b&action=prerequest

139.45.197.250

200 OK

0 B

URL POST HTTP/2
ouphouch.com/zone?&pub=0&zone_id=7354034&is_mobile=false&domain=1.alkads.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.501&trace_id=4e1863cf-0655-4044-9a86-3c138994ac5b&action=prerequest
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerLet's Encrypt
Subjectouphouch.com
Fingerprint63:C9:F5:31:11:CD:03:30:E2:1D:68:D4:1F:4E:14:BF:08:BC:A2:EE
ValidityWed, 21 Feb 2024 05:51:35 GMT - Tue, 21 May 2024 05:51:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /zone?&pub=0&zone_id=7354034&is_mobile=false&domain=1.alkads.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.501&trace_id=4e1863cf-0655-4044-9a86-3c138994ac5b&action=prerequest HTTP/1.1
Host: ouphouch.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1.alkads.com
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 11:36:50 GMT
content-length: 0
x-trace-id: 39a5ad27a7cb611d73198edbf0893d6a
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://1.alkads.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

1.alkads.com/ze1/js/bootstrap.min.js

104.21.43.240

200 OK

17 kB

URL GET HTTP/3
1.alkads.com/ze1/js/bootstrap.min.js
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
JavaScript source, ASCII text, with very long lines (57791), with CRLF line terminators
Size
17 kB (17095 bytes)
Hash
0a958254db529f99f475080fe2a6dcdb
eebc17246f2beda813dd3372593cc54a152f9cb4
3bcd802e9f77849e7c1e93c87279fbbb04d45949d2be79b03566ceacde29b158

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/js/bootstrap.min.js HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: application/javascript
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
vary: Accept-Encoding
etag: W/"6620dff4-e2de"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uF%2B0AZAXey%2BCkfgHgkWEmEdDRb5ellKUDbX%2F0Ew4nw8X0pllrgnta%2F8Nh3EFaCZfdBJ0pbWgoqnFVWBf1B34EVt%2FcByct0bZhrj%2BNZJudEFG3Ime9OWdzeFTc7kQt1I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c995f1dfc0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/png/bg-new.png

104.21.43.240

200 OK

13 kB

URL GET HTTP/3
1.alkads.com/ze1/png/bg-new.png
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
PNG image data, 322 x 574, 8-bit colormap, non-interlaced
Size
13 kB (12815 bytes)
Hash
4e55a0c0f9c65bd0cfdc8e91dfcaa2ab
67f43a9577dbb57e57efc04c3c53733b91628131
26b649b3622d0b25d0283f55cbab37bf0252542cd4a8cb4fdd261368e895ba16

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/png/bg-new.png HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: image/png
content-length: 12815
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
etag: "6620dff4-320f"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wqtc7TiRKR%2Bh2XokUloi7qVC8ACsx4DhNg1vuo0%2F0D3yHFM4kpGukh6oQOOzQ%2BjyGU04umLMNiRj1JMQi%2FdLwndt4gpVYzAAWKDoMCEoPFmi3hDVqGccJsppxgi1n%2Bc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c996358f30b4d-OSL
alt-svc: h3=":443"; ma=86400

ouphouch.com/pfe/current/micro.tag.min.js?z=7354034&sw=/sw-check-permissions-73a3b.js

139.45.197.250

200 OK

14 kB

URL GET HTTP/2
ouphouch.com/pfe/current/micro.tag.min.js?z=7354034&sw=/sw-check-permissions-73a3b.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerLet's Encrypt
Subjectouphouch.com
Fingerprint63:C9:F5:31:11:CD:03:30:E2:1D:68:D4:1F:4E:14:BF:08:BC:A2:EE
ValidityWed, 21 Feb 2024 05:51:35 GMT - Tue, 21 May 2024 05:51:34 GMT

File type
gzip compressed data, max speed, from Unix
Size
14 kB (14547 bytes)
Hash
c1c1fbb5bc4a0fb5bab60612fcf1fd4d
b9b4065d7e668ee6243ad84c7b8d7d565b7f8f9e
6416d54c58b1afed27d6506c720e21729cca436d884a45b8d9ae83aa241f8fdb

HTTP Headers

GET /pfe/current/micro.tag.min.js?z=7354034&sw=/sw-check-permissions-73a3b.js HTTP/1.1
Host: ouphouch.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: application/javascript
last-modified: Fri, 19 Apr 2024 08:30:07 GMT
etag: W/"66222b8f-8eda"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 664
Origin: https://1.alkads.com
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 59b75c6f725eb55bdde29b4715cf25d7
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://1.alkads.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

jouteetu.net/custom

139.45.197.251

200 OK

39 B

URL POST HTTP/2
jouteetu.net/custom
IP
139.45.197.251:443
ASN
#9002 RETN Limited

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerLet's Encrypt
Subjectjouteetu.net
FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65
ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 665
Origin: https://1.alkads.com
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: bf78ffa8070c1d0a0137b542d51c7f40
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://1.alkads.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://1.alkads.com/
Origin: https://1.alkads.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://1.alkads.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

1.alkads.com/ze1/js/notifications.js

104.21.43.240

200 OK

21 kB

URL GET HTTP/3
1.alkads.com/ze1/js/notifications.js
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
21 kB (20569 bytes)
Hash
f1b4e3ce2a538523f24a619343f25066
fc706dc6ace8416ceadbeefd56b35ead3bf61736
e2d1d112ada3c3cbc7e919e95b1090e08b7677044ad9256bb1046638f46571d7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/js/notifications.js HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: application/javascript
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
vary: Accept-Encoding
etag: W/"6620dff4-61b"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2Bmhut1pGhwo9bmglSJpj8YbT%2BNXutQkw65iBHMBc4%2BB%2Ft4WWZKvqKLMhlww2tIV4f2gYjJYgS2M5DnzHS%2B8%2B9DktGq%2FYmZYQdzED8UIeE%2BJWBe98UWZPmzNFCVb7AM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c995f1dfe0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
1beb5b13088adfe1e55d7bcefe5eea90
c810e13e7d127b43ece2925b072efb9dce414097
afa825a98b9951a2dea4d5bc950d7b7427f0ea95c195dd47a75e2f9c0bd69ceb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1.alkads.com/
Content-Type: application/json
Content-Length: 1288
Origin: https://1.alkads.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://1.alkads.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&partner=9c663d1007dec76d517c8d649a86f6072a79b5585ab25d14184327476f4627a8&ttl=&rurl=https%3A%2F%2F1.alkads.com%2Fze1%2F%3Fcep%3Dl-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN%26lptoken%3D176113c052f1840609fd%23

139.45.195.8

200 OK

43 B

URL GET HTTP/2
my.rtmark.net/img.gif?f=sync&partner=9c663d1007dec76d517c8d649a86f6072a79b5585ab25d14184327476f4627a8&ttl=&rurl=https%3A%2F%2F1.alkads.com%2Fze1%2F%3Fcep%3Dl-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN%26lptoken%3D176113c052f1840609fd%23
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=9c663d1007dec76d517c8d649a86f6072a79b5585ab25d14184327476f4627a8&ttl=&rurl=https%3A%2F%2F1.alkads.com%2Fze1%2F%3Fcep%3Dl-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN%26lptoken%3D176113c052f1840609fd%23 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 19 Apr 2024 11:36:51 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=088043db1a764e56ec1da527104254bd; expires=Sat, 19 Apr 2025 11:36:51 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

1.alkads.com/sw-check-permissions-73a3b.js?zoneId=7354034

104.21.43.240

200 OK

12 kB

URL GET HTTP/3
1.alkads.com/sw-check-permissions-73a3b.js?zoneId=7354034
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
Java source, ASCII text
Size
12 kB (11910 bytes)
Hash
37ace0e9c77990ff0ad620ee462760b7
10de4f3d9ba9cd09b36accba0f675ba685177cd3
661e371212280f39915efeda30cbdfea821b4c26d213580c5a7d76efe2408792

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /sw-check-permissions-73a3b.js?zoneId=7354034 HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Cookie: vl-cep=cep=ZVZVVqT5UtRXXXnK6jwaVCOqujav-I4M25TfsFm69dX1V506LvHCHT7NwWaIiETH72UT4u6r2iDIJfVEK9cJWengxabdnsQi0BzDTIZ0NAkvDjdq0_IQLwOzFIJy45O_Pt9bGbCM4FrYLTUG9vcu0jsTI6E6mkFIQ-VYk1tF2OQM3L7RUkqMDyZuXx2AlJUiFq7joeW8g8OBnoOsJ23WKQs80JDJ1HOejDTIhixiHbsDiPSbAwfduLNE1ZzgK4WyMlpxhovZe-SyBBTWyC5M6Xf8uzgjf6qRGzYnwUdLbmvB_F6e_gJWHUMN05ZLOrgy3GKVUNQguY7hHPEn7WAOAW2MpUgNF2o6S26p1CWjMqZW9pX5HPHuCqhS5eBepWYE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:51 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 12:50:52 GMT
etag: W/"661e742c-236"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K6aYc48pkfD00Jya9jPUIkRfErc1IGGTn5gO9qCUp3Um5gF0Mjw4KaBrWksoiZAe2b%2B2A0JccCEKqnNQnzynH7QpjAdavknCHGfkoPTbsjdcU7thqt9jBD5hWdYJvPg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c9965eaaf0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/css/bootstrap.min.css

104.21.43.240

200 OK

201 kB

URL GET HTTP/3
1.alkads.com/ze1/css/bootstrap.min.css
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
ASCII text, with CRLF line terminators
Size
201 kB (200591 bytes)
Hash
825cd343a63648302d064a61c5bb46bf
30caab53f3c1d0ad49d9fe731aa85f279fd5b0ca
3f6425f45b45bd9b327e827a703bfef5a75aa8e8b11f7efa5a8501427468486e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/css/bootstrap.min.css HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/css/style.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: text/css
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
vary: Accept-Encoding
etag: W/"6620dff4-30f8f"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UfWhoc5smrIXbUGkbg9aogbCuzIziBMKXhWnh6SL%2B7x4eSVpsHeQheu8SavDx5HyEUFCpSpKLzfPAOt4HAXZZxBtqipvXQ4Agi%2BjlnOJad1Jsn6PU%2Bavdb4POig3rGU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c9960bef60b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/css/animate.css

104.21.43.240

200 OK

82 kB

URL GET HTTP/3
1.alkads.com/ze1/css/animate.css
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
ASCII text, with CRLF line terminators
Size
82 kB (81530 bytes)
Hash
110df922d0442ba4971d636f26e2dfc0
d0615f29fce34c802f84bddf79b02afab8012f13
54e45a0cb0fb522c4c3637e3fa2d6a7729bf8e9b2266d268cae0ca0583bf6d16

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/css/animate.css HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/css/style.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: text/css
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
vary: Accept-Encoding
etag: W/"6620dff4-13e7a"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZRrbuuf4c1Mx5ybu7gdlmDgQmSJ3yw4lbHbnQh80SelKs3%2FN3UcIi%2FvPslFbCNzwyiSlW%2BcflvuVdNLTc1ZcameMRhppunDpWBpCPjJwKEFZLjy8E%2Bs3AFTD89n7puM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c9960bef70b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/png/like.png

104.21.43.240

200 OK

1.2 kB

URL GET HTTP/3
1.alkads.com/ze1/png/like.png
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1211 bytes)
Hash
a883b7f87057bede4bf0a14fc6acdc76
613c5dc226d26dc64c4c95c882b2ca08a1d23122
e81147bf3f6fff18fae264b65604a7e91e0b490550b9243d9085037c6bc1c8dd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/png/like.png HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: image/png
content-length: 1211
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
etag: "6620dff4-4bb"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z53inR%2BKSZMYIPbZs%2BVsFEXi0mvRop5aO%2FY7ba%2B68CzSxllQ8yBuqTskAh1c8bcaOCHuzM4AXg6yUp%2FZ5c0x8MfL8WUueIcmffqg93aICgugNDTpEe1oqpI%2B1FyvuMs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c996358fa0b4d-OSL
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd

104.21.43.240

200 OK

25 kB

URL User Request GET HTTP/2
1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type

Size
25 kB (24764 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 11:36:49 GMT
content-type: text/html
last-modified: Thu, 18 Apr 2024 10:29:23 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G9AJvQEGxIx5oVABHCdeeW99FvAgtUr%2FtrVbJ%2BC%2BZ3Fl1UAjVAmx4dramLLih3tZvEIht%2B1DvvUf2OMgA13E9dld3WCAOgL36r7sVOU9swa2e%2F5S2hcFf047I5mwyCo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c995c4ba956ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1.alkads.com/ze1/css/style.css

104.21.43.240

200 OK

18 kB

URL GET HTTP/3
1.alkads.com/ze1/css/style.css
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
ASCII text, with CRLF line terminators
Size
18 kB (17617 bytes)
Hash
9470cfc2946d2cfb44ee7ffc792a95b7
1758f9011c323f8847321e2f81163c6802c4640a
9f1aafb101211d579c302d1bb3837fd97ca2fdab2f0a44e98bfafb76c577abe2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/css/style.css HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: text/css
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
vary: Accept-Encoding
etag: W/"6620dff4-44d1"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uZ10nUBkWB0zzxpIdcYLZDAZTd99JAqR%2BKOmjXtPrUVCnFqiTrnXN1uOjer5YMjHqPvZbh52KhGMe4PDBhAB4RGYrICwvPyKf%2Fji%2BgPKi3CwDHhuqWL5%2BgTbvSI%2BMH8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c995f0df00b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/jpg/profiles.jpg

104.21.43.240

200 OK

20 kB

URL GET HTTP/3
1.alkads.com/ze1/jpg/profiles.jpg
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 192x192, components 3
Size
20 kB (20026 bytes)
Hash
3785bc821af0a3234c8cb464eb303260
5661c934a6a28bbbb925d0e9344f909ca4b8d2b0
625fa7e238b94bf3b09fb40da3176bbbbfb1b3b76a60235e57018b6fad9560f8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/jpg/profiles.jpg HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: image/jpeg
content-length: 20026
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
etag: "6620dff4-4e3a"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1qsTR9laAvbfI0H90UKb4JQ112fGzWEiEQBS2YrHvBNjKu4VG%2Bmjh35nkKb5gVInwhUcxjDfeVFfE8kCQGMimN7EC0xsUpCyUgB%2FQsU4DgZ38L2hPqd2eJ8yvikbmrg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c996358f40b4d-OSL
alt-svc: h3=":443"; ma=86400

1.alkads.com/favicon.ico

104.21.43.240

404 Not Found

150 B

URL GET HTTP/3
1.alkads.com/favicon.ico
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
HTML document, ASCII text, with no line terminators
Size
150 B (150 bytes)
Hash
3975df6acd9bb32205823270e122bb3f
debbb3ecc9183ee7672f25d0f74eea74e3530298
13ed13454e3102135579e64775b002a66280f9eb99c31e4d8b59a69cf7e00425

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Cookie: vl-cep=cep=ZVZVVqT5UtRXXXnK6jwaVCOqujav-I4M25TfsFm69dX1V506LvHCHT7NwWaIiETH72UT4u6r2iDIJfVEK9cJWengxabdnsQi0BzDTIZ0NAkvDjdq0_IQLwOzFIJy45O_Pt9bGbCM4FrYLTUG9vcu0jsTI6E6mkFIQ-VYk1tF2OQM3L7RUkqMDyZuXx2AlJUiFq7joeW8g8OBnoOsJ23WKQs80JDJ1HOejDTIhixiHbsDiPSbAwfduLNE1ZzgK4WyMlpxhovZe-SyBBTWyC5M6Xf8uzgjf6qRGzYnwUdLbmvB_F6e_gJWHUMN05ZLOrgy3GKVUNQguY7hHPEn7WAOAW2MpUgNF2o6S26p1CWjMqZW9pX5HPHuCqhS5eBepWYE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 19 Apr 2024 11:36:51 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mVvZViaU3oIVzdIgtzxzd5p09Ix8ZkZ5Wk2rlVIReuL8SnoElo%2FHsHaNaGxHdKYdet4bHwPS0DWEHP4W390XfgEWbd%2FylHFfwNQFi%2FCbdnGZUZMbP5N%2FykA3sDV5gVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876c99668b080b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

1.alkads.com/ze1/js/jquery.min.js

104.21.43.240

200 OK

86 kB

URL GET HTTP/3
1.alkads.com/ze1/js/jquery.min.js
IP
104.21.43.240:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Certificate
IssuerGoogle Trust Services LLC
Subjectalkads.com
Fingerprint60:4C:0F:D9:51:E5:B0:B1:53:28:CE:7F:EA:41:2E:59:0C:22:BC:19
ValidityTue, 16 Apr 2024 09:04:40 GMT - Mon, 15 Jul 2024 09:04:39 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
86 kB (85578 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - zelle

HTTP Headers

GET /ze1/js/jquery.min.js HTTP/1.1
Host: 1.alkads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.alkads.com/ze1/?cep=l-UKBG_iIK_-X4WPNnPxOYwa7iBgVzRLvrcmLFeD9NXV_RDoAlnBrsjurdpa-7SdZAs2R9CJv7ZSWK4h8L_T8Zshci8ovcO9AUC8LJuYF1DWxIsIPlZfWSU68WHi5sH7lrZ36QGXI_439fg4Cu-AjQeqmV7bB_Qc178sfGacBHrO_sniQyXXfHuDHtUux-iBKJoxM7L_pxY5u3izyBLcKTbBTk0yNbOaY1ei-_guFsZsFO_uHDg4_UXALkgeX9DkJB8B2PhejOdUzngEmfRevR2wpfgTCUecyHABvh1Usxx9QaheIGr3K9rOcFP-x5A4itz8dzEYEuUxMOInRsAO1SthQzX5rk03fH4WIritslCa2ekUTnrQcgYB5eWQMLgN&lptoken=176113c052f1840609fd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 11:36:50 GMT
content-type: application/javascript
last-modified: Thu, 18 Apr 2024 08:55:16 GMT
vary: Accept-Encoding
etag: W/"6620dff4-14e4a"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vBFHyNyob23Vl1rk%2FJ2U%2F1HElctWtFBMDsE4jnctkBbsSKa%2FgOCT2pBGOtuedE%2Bn7sg2lf0NT02aIjskHKRxr39IhVs29v9hKDQE%2FyvgPi4Ifg3kTR1jwZHCUBnPJIg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876c995f1dfb0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML