Report - elkimie.com/bliss/web2/index.html

Report Overview

Visited public
2025-04-12 17:38:58
Tags
phishing
URL
elkimie.com/bliss/web2/index.html
Finishing URL
elkimie.com/bliss/web2/index.html
IP / ASN
198.54.126.6
#22612 NAMECHEAP-NET
Title
Email Server
Phishing - Generic phishing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
webmail.supremecluster.com	unknown	2007-08-09	2012-10-23	2025-03-27	4.5 kB	389 kB	94.136.171.57
elkimie.com	unknown	2021-01-19	2025-04-07	2025-04-07	894 B	8.3 kB	0.0.0.0
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-09	1.0 kB	110 kB	104.17.24.14
code.jquery.com	634	2005-12-10	2012-05-21	2025-04-09	406 B	90 kB	151.101.194.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-04-11	medium	elkimie.com/bliss/web2/index.html	Generic/Spear Phishing
2025-04-11	medium	elkimie.com/bliss/web2/index.html	Generic/Spear Phishing

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	elkimie.com/bliss/web2/index.html	ScriptElement	4.2 kB	2025-04-12	2025-04-19
Pretty URL elkimie.com/bliss/web2/index.html IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-12 17:38 Last Seen2025-04-19 12:17 Times Seen4 Hash b92c8382cdda86a6678b2063575546ff f3e835550fbc01e713a1b6ed923d8b3b71690e93 50ffb1c153514a6efae26e9de075c2027c1d4da1ce7aadb2a63d672d5ea4a472 Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-16
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-16 04:41 Times Seen206728 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

HTTP Transactions (14)

URL IP Response Size

webmail.supremecluster.com/skins/elastic/deps/bootstrap.min.css?s=1593860330

94.136.171.57

200 OK

160 kB

URL GET
webmail.supremecluster.com/skins/elastic/deps/bootstrap.min.css?s=1593860330
IP
94.136.171.57:443
ASN
#42831 UK Dedicated Servers Limited

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerLet's Encrypt
Subjectwebmail.supremecluster.com
Fingerprint72:06:4A:AD:0F:A9:56:97:31:90:3C:2F:B8:27:A4:12:C7:EE:84:BB
ValiditySun, 09 Feb 2025 23:52:21 GMT - Sat, 10 May 2025 23:52:20 GMT

File type
ASCII text, with very long lines (65326)
Size
160 kB (160347 bytes)
Hash
c19c75612682a6fa2491c27dee895acc
7344d84f61735eb9653b729e71d81b3431ad803c
3cb5b7ae5053d743996378c35733560214d3d896ade5c0de0d8b13a97f43039e

HTTP Headers

GET /skins/elastic/deps/bootstrap.min.css?s=1593860330 HTTP/1.1
Host: webmail.supremecluster.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://elkimie.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:38:39 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sat, 08 Feb 2025 08:47:47 GMT
ETag: "2725b-62d9d8784b2c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 23877
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

webmail.supremecluster.com/plugins/xframework/assets/styles/framework.css?s=1506327547

94.136.171.57

404 Not Found

0 B

URL GET
webmail.supremecluster.com/plugins/xframework/assets/styles/framework.css?s=1506327547
IP
94.136.171.57:443
ASN
#42831 UK Dedicated Servers Limited

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerLet's Encrypt
Subjectwebmail.supremecluster.com
Fingerprint72:06:4A:AD:0F:A9:56:97:31:90:3C:2F:B8:27:A4:12:C7:EE:84:BB
ValiditySun, 09 Feb 2025 23:52:21 GMT - Sat, 10 May 2025 23:52:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /plugins/xframework/assets/styles/framework.css?s=1506327547 HTTP/1.1
Host: webmail.supremecluster.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://elkimie.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sat, 12 Apr 2025 17:38:39 GMT
Server: Apache/2.4.59 (Debian)
Content-Length: 289
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

webmail.supremecluster.com/plugins/jqueryui/themes/elastic/jquery-ui.css?s=1593860316

94.136.171.57

200 OK

34 kB

URL GET
webmail.supremecluster.com/plugins/jqueryui/themes/elastic/jquery-ui.css?s=1593860316
IP
94.136.171.57:443
ASN
#42831 UK Dedicated Servers Limited

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerLet's Encrypt
Subjectwebmail.supremecluster.com
Fingerprint72:06:4A:AD:0F:A9:56:97:31:90:3C:2F:B8:27:A4:12:C7:EE:84:BB
ValiditySun, 09 Feb 2025 23:52:21 GMT - Sat, 10 May 2025 23:52:20 GMT

File type
ASCII text, with very long lines (2515)
Size
34 kB (34072 bytes)
Hash
00ce071a49b291ee199196c50f1459cf
862c740323d67e15b1f2140ff66f7285f45a6867
5587d48bf92e77d6abf71c25f39e248e6bc2e168595128b516b733e65eba1101

HTTP Headers

GET /plugins/jqueryui/themes/elastic/jquery-ui.css?s=1593860316 HTTP/1.1
Host: webmail.supremecluster.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://elkimie.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:38:39 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sat, 08 Feb 2025 08:47:42 GMT
ETag: "8518-62d9d87386780-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8107
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

webmail.supremecluster.com/skins/elastic/fonts/roboto-v19-regular.woff2

94.136.171.57

200 OK

16 kB

URL GET
webmail.supremecluster.com/skins/elastic/fonts/roboto-v19-regular.woff2
IP
94.136.171.57:443
ASN
#42831 UK Dedicated Servers Limited

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerLet's Encrypt
Subjectwebmail.supremecluster.com
Fingerprint72:06:4A:AD:0F:A9:56:97:31:90:3C:2F:B8:27:A4:12:C7:EE:84:BB
ValiditySun, 09 Feb 2025 23:52:21 GMT - Sat, 10 May 2025 23:52:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51116, version 1.0
Size
16 kB (15880 bytes)
Hash
2caa1ed07021dcc2b24241e657235e88
3e3d491ba5c1b7f40d7b3f1d96f82d6793249bb0
a22f1c5b3ed4bf216edd61a0ea19f9556da7df086b2c853ce0468a9205648836

HTTP Headers

GET /skins/elastic/fonts/roboto-v19-regular.woff2 HTTP/1.1
Host: webmail.supremecluster.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://elkimie.com
DNT: 1
Connection: keep-alive
Referer: https://webmail.supremecluster.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:38:39 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sat, 04 Jul 2020 10:58:37 GMT
ETag: "c7ac-5a99b86043140"
Accept-Ranges: bytes
Content-Length: 51116
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

webmail.supremecluster.com/skins/elastic/fonts/roboto-v19-regular.woff

94.136.171.57

200 OK

56 kB

URL GET
webmail.supremecluster.com/skins/elastic/fonts/roboto-v19-regular.woff
IP
94.136.171.57:443
ASN
#42831 UK Dedicated Servers Limited

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerLet's Encrypt
Subjectwebmail.supremecluster.com
Fingerprint72:06:4A:AD:0F:A9:56:97:31:90:3C:2F:B8:27:A4:12:C7:EE:84:BB
ValiditySun, 09 Feb 2025 23:52:21 GMT - Sat, 10 May 2025 23:52:20 GMT

File type
Web Open Font Format, TrueType, length 66044, version 1.1
Size
56 kB (55881 bytes)
Hash
c86ec720989194f7182e96b321ce266e
ae20beb69d24d84cbe134454d3c9b163abecec3b
64262eb594c87d9aa95ad3be4de2ff5dc4bfa092b4dc18a7b7614ef3ca51996d

HTTP Headers

GET /skins/elastic/fonts/roboto-v19-regular.woff HTTP/1.1
Host: webmail.supremecluster.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://elkimie.com
DNT: 1
Connection: keep-alive
Referer: https://webmail.supremecluster.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:38:39 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sat, 04 Jul 2020 10:58:37 GMT
ETag: "101fc-5a99b86043140"
Accept-Ranges: bytes
Content-Length: 66044
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: font/woff

elkimie.com/bliss/web2/index.html

0.0.0.0

0 B

URL User Request GET
elkimie.com/bliss/web2/index.html
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /bliss/web2/index.html HTTP/1.1
Host: elkimie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.24.14

200 OK

31 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
ASCII text, with very long lines (30837)
Size
31 kB (31000 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://elkimie.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 12 Apr 2025 17:38:38 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 146627
expires: Thu, 02 Apr 2026 17:38:38 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qNPU%2F3KBjTI%2B6qBtHrh6xjJjDO6dVcmoxjybvvlW56UWi2zJujKyqAi9mw%2BAq49hf99jwmuQV2m1GdYGAoRY6%2Bvo5ySR9SFUkgGggKDGAo5JfRNuirYSB4K95As%2BpmDXbfsnrcDD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92f47fa02f8d0b61-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

webmail.supremecluster.com/skins/elastic/styles/styles.css?s=1593860317

94.136.171.57

200 OK

103 kB

URL GET
webmail.supremecluster.com/skins/elastic/styles/styles.css?s=1593860317
IP
94.136.171.57:443
ASN
#42831 UK Dedicated Servers Limited

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerLet's Encrypt
Subjectwebmail.supremecluster.com
Fingerprint72:06:4A:AD:0F:A9:56:97:31:90:3C:2F:B8:27:A4:12:C7:EE:84:BB
ValiditySun, 09 Feb 2025 23:52:21 GMT - Sat, 10 May 2025 23:52:20 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
103 kB (103268 bytes)
Hash
9ad718baa6bb44cedccff353abacb07e
3cbd50035e741fa45cde495aadf8972396267f34
360bc4a9894bbd41134a2eea27ee9251f649e6aa395c1836caaa2f90e123f91a

HTTP Headers

GET /skins/elastic/styles/styles.css?s=1593860317 HTTP/1.1
Host: webmail.supremecluster.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://elkimie.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:38:39 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sat, 04 Jul 2020 10:58:37 GMT
ETag: "19364-5a99b86043140-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19569
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

webmail.supremecluster.com/skins/elastic/images/logo.svg?s=1593860317

94.136.171.57

200 OK

888 B

URL GET
webmail.supremecluster.com/skins/elastic/images/logo.svg?s=1593860317
IP
94.136.171.57:443
ASN
#42831 UK Dedicated Servers Limited

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerLet's Encrypt
Subjectwebmail.supremecluster.com
Fingerprint72:06:4A:AD:0F:A9:56:97:31:90:3C:2F:B8:27:A4:12:C7:EE:84:BB
ValiditySun, 09 Feb 2025 23:52:21 GMT - Sat, 10 May 2025 23:52:20 GMT

File type
SVG Scalable Vector Graphics image
Size
888 B (888 bytes)
Hash
ddeffd34eae92b1b9b9c636636e4b9c8
19cb881a5d08d31db933da6440595767d0a02d94
2b2d9c7a82f92976268b03e13c61f64ead91a3c63b97c59cef2acbf501f67618

HTTP Headers

GET /skins/elastic/images/logo.svg?s=1593860317 HTTP/1.1
Host: webmail.supremecluster.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://elkimie.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:38:39 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sat, 08 Feb 2025 08:47:42 GMT
ETag: "378-62d9d87386780-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 395
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

104.17.24.14

200 OK

77 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://elkimie.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 12 Apr 2025 17:38:39 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 77160
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "5eb03e5f-12d68"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 60465
expires: Thu, 02 Apr 2026 17:38:39 GMT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OBgA1Bu8y2stq2g1GGKPmYtRJmKdijEzka2ifAkjqoefkkP6UzCHLeNpCpB%2FFhWfjGwx4s06K5JlZz7z0Lyvnc2%2FHCtTKyCrtYgYaW0QX4fj7oR7Wo1oZ%2BsaNenCTXhTZJfn7ALV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 92f47fa57a2f56ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

webmail.supremecluster.com/skins/elastic/fonts/roboto-v19-regular.woff

94.136.171.57

200 OK

7.9 kB

URL GET
webmail.supremecluster.com/skins/elastic/fonts/roboto-v19-regular.woff
IP
94.136.171.57:443
ASN
#42831 UK Dedicated Servers Limited

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerLet's Encrypt
Subjectwebmail.supremecluster.com
Fingerprint72:06:4A:AD:0F:A9:56:97:31:90:3C:2F:B8:27:A4:12:C7:EE:84:BB
ValiditySun, 09 Feb 2025 23:52:21 GMT - Sat, 10 May 2025 23:52:20 GMT

File type
Web Open Font Format, TrueType, length 66044, version 1.1
Size
7.9 kB (7880 bytes)
Hash
6d79975a1e5cf4e90b59b113b3ddd6a9
d4aee48fa07d16e6dd0a78ff05d5835228609299
7df90c0c7c36792c0954c6823e9ee8565dad7b000840962e80943b62ca496fca

HTTP Headers

GET /skins/elastic/fonts/roboto-v19-regular.woff HTTP/1.1
Host: webmail.supremecluster.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://elkimie.com
DNT: 1
Connection: keep-alive
Referer: https://webmail.supremecluster.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:38:40 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sat, 04 Jul 2020 10:58:37 GMT
ETag: "101fc-5a99b86043140"
Accept-Ranges: bytes
Content-Length: 66044
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff

elkimie.com/bliss/web2/index.html

198.54.126.6

200 OK

8.0 kB

URL User Request GET
elkimie.com/bliss/web2/index.html
IP
198.54.126.6:80
ASN
#22612 NAMECHEAP-NET

File type
HTML document, ASCII text, with CRLF line terminators
Size
8.0 kB (8029 bytes)
Hash
6074582d0f2ccee9453f61af602aa691
41b49e3d1f8ef02915a7b69e86175b23687dcc97
27c3a393a859dce178aa90188b9988526d1c8fe9b192625fe64c54cf7aaf7a4a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
OpenPhish	phishing	Generic/Spear Phishing

HTTP Headers

GET /bliss/web2/index.html HTTP/1.1
Host: elkimie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Sat, 12 Apr 2025 17:38:38 GMT
server: Apache
last-modified: Mon, 07 Apr 2025 08:53:32 GMT
etag: "1f5d-6322c5ee6262d-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 2190
content-type: text/html

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://elkimie.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 12 Apr 2025 17:38:38 GMT
age: 3148723
x-served-by: cache-lga21931-LGA, cache-hel1410027-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 699244
x-timer: S1744479519.820955,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

webmail.supremecluster.com/skins/elastic/fonts/roboto-v19-regular.woff2

94.136.171.57

200 OK

7.9 kB

URL GET
webmail.supremecluster.com/skins/elastic/fonts/roboto-v19-regular.woff2
IP
94.136.171.57:443
ASN
#42831 UK Dedicated Servers Limited

Requested by
http://elkimie.com/bliss/web2/index.html
Certificate
IssuerLet's Encrypt
Subjectwebmail.supremecluster.com
Fingerprint72:06:4A:AD:0F:A9:56:97:31:90:3C:2F:B8:27:A4:12:C7:EE:84:BB
ValiditySun, 09 Feb 2025 23:52:21 GMT - Sat, 10 May 2025 23:52:20 GMT

File type
Web Open Font Format (Version 2), TrueType, length 51116, version 1.0
Size
7.9 kB (7880 bytes)
Hash
1d0ae1f7707d7016f8db567935578d5a
590667f0f1ea90e604eac7270c071f6d4981e230
98a377c474169871eefa39dcf94e01bacf16d0363d4b629cf005aad5bf6308d4

HTTP Headers

GET /skins/elastic/fonts/roboto-v19-regular.woff2 HTTP/1.1
Host: webmail.supremecluster.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://elkimie.com
DNT: 1
Connection: keep-alive
Referer: https://webmail.supremecluster.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 12 Apr 2025 17:38:40 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Sat, 04 Jul 2020 10:58:37 GMT
ETag: "c7ac-5a99b86043140"
Accept-Ranges: bytes
Content-Length: 51116
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: font/woff2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers