secure-60-v4kryd89pu.nl Open in urlscan Pro
45.141.59.93 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.callcenter.freepornfidelity.com/
Effective URL:
https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL
Submission: On August 29 via api (August 29th 2024, 3:50:27 pm UTC) from US — Scanned from US

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 9 domains to perform 18 HTTP transactions. The main IP is 45.141.59.93, located in Victoria, Seychelles and belongs to IPCONNECT, SC. The main domain is secure-60-v4kryd89pu.nl.
TLS certificate: Issued by R11 on August 28th 2024. Valid for: 3 months.

This is the only time secure-60-v4kryd89pu.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fidelity (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4	104.247.81.111 104.247.81.111	206834 (TEAMINTER...) (TEAMINTERNET-CA-AS)
1	2600:9000:220... 2600:9000:2209:2200:1d:4618:5c80:21	16509 (AMAZON-02) (AMAZON-02)
1 2	54.235.253.219 54.235.253.219	14618 (AMAZON-AES) (AMAZON-AES)
1 1	104.251.111.203 104.251.111.203	6461 (ZAYO-6461) (ZAYO-6461)
3	45.141.59.93 45.141.59.93	213373 (IPCONNECT) (IPCONNECT)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81f::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80f::200a	15169 (GOOGLE) (GOOGLE)
4	2606:4700:20:... 2606:4700:20::681a:1e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:820::2003	15169 (GOOGLE) (GOOGLE)
18	9

4 104.247.81.111 (Canada)

ASN206834 (TEAMINTERNET-CA-AS, DE)

www.callcenter.freepornfidelity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2209:2200:1d:4618:5c80:21 (United States)

ASN16509 (AMAZON-02, US)

d38psrni17bvxu.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.235.253.219 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-253-219.compute-1.amazonaws.com

amalt-sqc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.251.111.203 (Toronto, Canada) 1 redirects

ASN6461 (ZAYO-6461, US)
PTR: cp3.hostsilo.com

pillowbedsheetsshop.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.141.59.93 (Victoria, Seychelles)

ASN213373 (IPCONNECT, SC)
PTR: WALOULEADTFO.INFO

secure-60-v4kryd89pu.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::200a (United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80f::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:1e (United States)

ASN13335 (CLOUDFLARENET, US)

app.ardalio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:820::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	ardalio.com app.ardalio.com — Cisco Umbrella Rank: 136700	8 KB
4	freepornfidelity.com www.callcenter.freepornfidelity.com	4 KB
3	secure-60-v4kryd89pu.nl secure-60-v4kryd89pu.nl	6 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641 fonts.googleapis.com — Cisco Umbrella Rank: 110	32 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1832	37 KB
2	amalt-sqc.com 1 redirects amalt-sqc.com — Cisco Umbrella Rank: 129423	4 KB
1	gstatic.com fonts.gstatic.com	16 KB
1	pillowbedsheetsshop.online 1 redirects pillowbedsheetsshop.online	208 B
1	cloudfront.net d38psrni17bvxu.cloudfront.net	1 KB
18	9

	Domain	Requested by
4	app.ardalio.com	secure-60-v4kryd89pu.nl app.ardalio.com
4	www.callcenter.freepornfidelity.com	d38psrni17bvxu.cloudfront.net www.callcenter.freepornfidelity.com
3	secure-60-v4kryd89pu.nl	amalt-sqc.com secure-60-v4kryd89pu.nl
2	maxcdn.bootstrapcdn.com	secure-60-v4kryd89pu.nl
2	amalt-sqc.com	1 redirects www.callcenter.freepornfidelity.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	secure-60-v4kryd89pu.nl
1	ajax.googleapis.com	secure-60-v4kryd89pu.nl
1	pillowbedsheetsshop.online	1 redirects
1	d38psrni17bvxu.cloudfront.net	www.callcenter.freepornfidelity.com
18	10

This site contains no links.

Subject Issuer	Validity	Valid
www.callcenter.freepornfidelity.com R10	`2024-08-09` - `2024-11-07`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
amalt-sqc.com Amazon RSA 2048 M03	`2024-05-10` - `2025-06-08`	a year	crt.sh
*.secure-60-v4kryd89pu.nl R11	`2024-08-28` - `2024-11-26`	3 months	crt.sh
bootstrapcdn.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
ardalio.com WE1	`2024-07-20` - `2024-10-18`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL
Frame ID: 8E83BEFF14C7425AD998200802980395
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

fidelity Login

Page URL History Show full URLs

https://www.callcenter.freepornfidelity.com/ Page URL
http://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a5... HTTP 307
https://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a5... Page URL
https://amalt-sqc.com/zclkredirect?visitid=658dd260-661e-11ef-922f-1282b195c4df&type=js&browserWid... HTTP 302
https://pillowbedsheetsshop.online/ HTTP 302
https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

60 %
IPv6

9
Domains

10
Subdomains

9
IPs

3
Countries

108 kB
Transfer

303 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.callcenter.freepornfidelity.com/ Page URL
http://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=7df6e7d0-54e2-11ef-aa5f-12832fc4c381 HTTP 307
https://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=7df6e7d0-54e2-11ef-aa5f-12832fc4c381 Page URL
https://amalt-sqc.com/zclkredirect?visitid=658dd260-661e-11ef-922f-1282b195c4df&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
https://pillowbedsheetsshop.online/ HTTP 302
https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

http://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=7df6e7d0-54e2-11ef-aa5f-12832fc4c381 HTTP 307
https://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=7df6e7d0-54e2-11ef-aa5f-12832fc4c381

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
www.callcenter.freepornfidelity.com/ 2 KB
2 KB 793ms
291ms Document
text/html 104.247.81.111
TEAMINTERNET-CA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.callcenter.freepornfidelity.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.247.81.111 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: 9bc80323ef1916a43144ade09ca4775d917a731294e9c2fdcd76247d91d45091

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ch: viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
Accept-Ch-Lifetime: 30
Content-Encoding: gzip
Content-Length: 1367
Content-Type: text/html; charset=UTF-8
Date: Thu, 29 Aug 2024 15:50:21 GMT
Server: nginx
Vary: Accept-Encoding
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_AHXSbhcfHU0uIJgLhM0R1kfOcQU/xHFLuqRQIi+J3K2Uh6TL1IfQuFvsgFIfrphnLBskTxGw8haMEwKXwoOT+g==
X-Buckets: bucket011,bucket077
X-Domain: freepornfidelity.com
X-Language: english
X-Redirect: zeropark_zeroclick
X-Subdomain: www.callcenter
X-Template: tpl_CleanPeppermintBlack_twoclick

GET
H2 200 js3.js Show response
d38psrni17bvxu.cloudfront.net/scripts/ 1 KB
1 KB 128ms
34ms Script
application/javascript 2600:9000:2209:2200:1d:4618:5c80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by: Host: www.callcenter.freepornfidelity.com
URL: https://www.callcenter.freepornfidelity.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:2200:1d:4618:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

Referer: https://www.callcenter.freepornfidelity.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 28 Aug 2024 18:06:52 GMT
via: 1.1 a034e5b3e703810e3023d56d31897ebc.cloudfront.net (CloudFront)
last-modified: Thu, 21 Mar 2024 11:48:11 GMT
server: nginx
x-amz-cf-pop: EWR53-P1
age: 78209
etag: "65fc1e7b-448"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 1096
x-amz-cf-id: JINPb-h2WfigrBMyHP4cntIxzdKFnyV7clEjQLg1LhIcUDBcv78u1g==

GET
H/1.1 200
OK track.php Show response
www.callcenter.freepornfidelity.com/ 0
565 B 60ms
59ms XHR
text/html 104.247.81.111
TEAMINTERNET-CA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.callcenter.freepornfidelity.com/track.php?domain=freepornfidelity.com&toggle=browserjs&uid=MTcyNDk0NjYyMS4wMDg6YTU0Mjg1N2E3NjJkZTdmZjY2YzI4Y2MxZTcxNTk0ZDI4NjZhNGQ0NDY3NGZkZTllYzZlMGQ1MGJlYTE3NDVlODo2NmQwOThiZDAxZjI0
Requested by: Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.247.81.111 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

device-memory: 8
rtt: 150
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
viewport-width: 1600
Referer: https://www.callcenter.freepornfidelity.com/
dpr: 1
downlink: 10
ect: 4g

Response headers

Date: Thu, 29 Aug 2024 15:50:21 GMT
Content-Encoding: gzip
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server: nginx
X-Custom-Track: browserjs
Vary: Accept-Encoding
Accept-Ch-Lifetime: 30
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Content-Length: 20

GET
H/1.1 201
Created ls.php
www.callcenter.freepornfidelity.com/ 16 B
863 B 93ms
93ms XHR
text/javascript 104.247.81.111
TEAMINTERNET-CA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.callcenter.freepornfidelity.com/ls.php?t=66d098bd&token=9cad1ea7d9519b459029d4e015a8b21fcc4eb939
Requested by: Host: www.callcenter.freepornfidelity.com
URL: https://www.callcenter.freepornfidelity.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.247.81.111 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

device-memory: 8
rtt: 150
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
viewport-width: 1600
Referer: https://www.callcenter.freepornfidelity.com/
dpr: 1
downlink: 10
ect: 4g

Response headers

Date: Thu, 29 Aug 2024 15:50:21 GMT
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, OPTIONS
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin
Accept-Ch-Lifetime: 30
Charset: utf-8
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_CAuY3TBgPD0NIMkKGkJFW+FH99KKBMnB10sarXQQuZ9X9HB3j9lBLrfxxhw53pfMDUzmyCRrJhYolaigEEoi/g==
X-Log-Success: 66d098bd4dfe5b095509f090
Content-Length: 16

GET
H/1.1 200
OK track.php
www.callcenter.freepornfidelity.com/ 0
580 B 165ms
72ms XHR
text/html 104.247.81.111
TEAMINTERNET-CA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.callcenter.freepornfidelity.com/track.php?click=4827ba4b358c9d045bada946d38b95571a149442&domain=freepornfidelity.com&uid=MTcyNDk0NjYyMS4wMDg6YTU0Mjg1N2E3NjJkZTdmZjY2YzI4Y2MxZTcxNTk0ZDI4NjZhNGQ0NDY3NGZkZTllYzZlMGQ1MGJlYTE3NDVlODo2NmQwOThiZDAxZjI0&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDc3fHx8fHx8NjZkMDk4YmQwMWVkYXx8fDE3MjQ5NDY2MjEuMTU4N3xjNGE1ZGNhYjljNzgxOTE1OTVmMjQ1YzBjMzBmNGVkZDEyMjNhNmFifHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18OWNhZDFlYTdkOTUxOWI0NTkwMjlkNGUwMTVhOGIyMWZjYzRlYjkzOXwwfHwwfDB8fHw%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by: Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.247.81.111 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

device-memory: 8
rtt: 150
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
viewport-width: 1600
Referer: https://www.callcenter.freepornfidelity.com/
dpr: 1
downlink: 10
ect: 4g

Response headers

Date: Thu, 29 Aug 2024 15:50:21 GMT
Content-Encoding: gzip
Accept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server: nginx
X-Custom-Track: none
Vary: Accept-Encoding
Accept-Ch-Lifetime: 30
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
X-View-Match: true
Content-Length: 20

GET
H2

200

1304ac30-8585-11eb-af9e-0a51339b19df Show response
amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/
Redirect Chain

http://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=7df6e7d0-54e2-11ef-aa5f-12832fc4c381
https://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=7df6e7d0-54e2-11ef-aa5f-12832fc4c381

3 KB
3 KB

117ms
26ms

Document
text/html

54.235.253.219
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=7df6e7d0-54e2-11ef-aa5f-12832fc4c381

Requested by

Host: www.callcenter.freepornfidelity.com
URL: https://www.callcenter.freepornfidelity.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.235.253.219 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-235-253-219.compute-1.amazonaws.com

Software

Resource Hash

581500b7522ebcd7f9f673d19a92932fc50c96dba63ad5af36ca5af62aa2efc2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer: https://www.callcenter.freepornfidelity.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: X-Requested-With,Content-Type
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 3088
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
content-type: text/html;charset=UTF-8
date: Thu, 29 Aug 2024 15:50:21 GMT

Redirect headers

Location: https://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=7df6e7d0-54e2-11ef-aa5f-12832fc4c381
Non-Authoritative-Reason: HttpsUpgrades

GET
H2

200

Primary Request / Show response
secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/
Redirect Chain

https://amalt-sqc.com/zclkredirect?visitid=658dd260-661e-11ef-922f-1282b195c4df&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel...
https://pillowbedsheetsshop.online/
https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL

10 KB
4 KB

589ms
227ms

Document
text/html

45.141.59.93
IPCONNECT

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL
Requested by: Host: amalt-sqc.com
URL: https://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=7df6e7d0-54e2-11ef-aa5f-12832fc4c381
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.141.59.93 Victoria, Seychelles, ASN213373 (IPCONNECT, SC),
Reverse DNS: WALOULEADTFO.INFO
Software: LiteSpeed /
Resource Hash: b88363fd20fccd65f847be39b718563c149a7bf3adb359d3c88469b768e0e2ba

Request headers

Referer: https://amalt-sqc.com/zclkvisitor/658dd260-661e-11ef-922f-1282b195c4df/1304ac30-8585-11eb-af9e-0a51339b19df?campaignid=7df6e7d0-54e2-11ef-aa5f-12832fc4c381
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 3379
content-type: text/html; charset=UTF-8
date: Thu, 29 Aug 2024 15:50:22 GMT
server: LiteSpeed
vary: Accept-Encoding

Redirect headers

cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 29 Aug 2024 15:50:22 GMT
location: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL
server: LiteSpeed
x-powered-by: PHP/7.4.33

GET
H3 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/ 119 KB
24 KB 137ms
53ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css

Requested by

Host: secure-60-v4kryd89pu.nl
URL: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure-60-v4kryd89pu.nl/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 15:50:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1069
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 14602647
cdn-cachedat: 10/31/2023 19:00:19
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"7f89537eaf606bff49f5cc1a7c24dbca"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 68f99bad1de318871fba1ea78118a1a8
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 8badb24a0ebc17c1-EWR
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.3/ 88 KB
31 KB 132ms
33ms Script
text/javascript 2607:f8b0:4006:81f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js

Requested by

Host: secure-60-v4kryd89pu.nl
URL: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://secure-60-v4kryd89pu.nl/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 22 Aug 2024 22:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580503
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31191
x-xss-protection: 0
last-modified: Wed, 11 Jan 2023 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Aug 2025 22:35:20 GMT

GET
H3 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/ 39 KB
13 KB 117ms
35ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js

Requested by

Host: secure-60-v4kryd89pu.nl
URL: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://secure-60-v4kryd89pu.nl/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 15:50:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 12847218
cdn-cachedat: 2021-08-01 19:19:12
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 6923066369371d6997c92d232b1a01f3
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 8badb24a0ebd17c1-EWR
cdn-requestpullsuccess: True

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
893 B 159ms
50ms Stylesheet
text/css 2607:f8b0:4006:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Quicksand&display=swap

Requested by

Host: secure-60-v4kryd89pu.nl
URL: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e8aa706d96df48dad9bcfdfdd590efb2d53a8650e85396f95ad3e3daff3db77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure-60-v4kryd89pu.nl/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 29 Aug 2024 15:50:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 29 Aug 2024 14:11:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 29 Aug 2024 15:50:23 GMT

GET
H2 200 logo.svg
secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/img/ 3 KB
1 KB 190ms
182ms Image
image/svg+xml 45.141.59.93
IPCONNECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/img/logo.svg
Requested by: Host: secure-60-v4kryd89pu.nl
URL: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 45.141.59.93 Victoria, Seychelles, ASN213373 (IPCONNECT, SC),
Reverse DNS: WALOULEADTFO.INFO
Software: LiteSpeed /
Resource Hash: 4a1410b4f4c92b57d938e22d6418dc173b4661805a231fdc567d357790ccebf8

Request headers

Referer: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 15:50:23 GMT
content-encoding: br
last-modified: Fri, 09 Aug 2024 06:16:04 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1127
expires: Thu, 05 Sep 2024 15:50:23 GMT

GET
H3 200 log7.js Show response
app.ardalio.com/ 19 KB
5 KB 142ms
60ms Script
text/javascript 2606:4700:20::681a:1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.ardalio.com/log7.js

Requested by

Host: secure-60-v4kryd89pu.nl
URL: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:1e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3a806817245e0347984fc56a3b07a6bc86438f1ca92d454f05a87a44ccbd9d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://secure-60-v4kryd89pu.nl/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 15:50:23 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
content-length: 4923
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 29 Aug 2024 15:19:42 GMT
server: cloudflare
etag: "4a63-620d40100fa49-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q9RM4tFNljMTpd1zz%2BF5PTlILKGNrsJ982kX97eM4I%2BCc%2BRjzjiChDVf6qF9kQ%2FQm%2B2tlAaNB1g7c6QcuDO3Dw1WTx%2Bt0Imix6zUTfgk3hVZmJ6SjxfA1J2a%2BNFfl%2BCtSKKVPPqsK6fvPyz%2B8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=300, must-revalidate, public
accept-ranges: bytes
cf-ray: 8badb24b5aeb437e-EWR

GET
H2 200 6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2
fonts.gstatic.com/s/quicksand/v31/ 15 KB
16 KB 117ms
30ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/quicksand/v31/6xK-dSZaM9iE8KbpRA_LJ3z8mH9BOJvgkP8o58a-wg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Quicksand&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

73b8057c918765ed1a41c6ca23e2c0530b51d396e12ce63071297c5a04178504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://secure-60-v4kryd89pu.nl
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 07:23:28 GMT
x-content-type-options: nosniff
age: 548815
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15788
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:17:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Aug 2025 07:23:28 GMT

POST
H3 200 LogServer Show response
app.ardalio.com/ 1 KB
1 KB 148ms
79ms Fetch
application/json 2606:4700:20::681a:1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.ardalio.com/LogServer

Requested by

Host: app.ardalio.com
URL: https://app.ardalio.com/log7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:1e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d889254e39108199f91d81a8e570d538a8d086cf8bd2d4b0fc6e3ad0d92425a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://secure-60-v4kryd89pu.nl/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 29 Aug 2024 15:50:23 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 799
referrer-policy: no-referrer-when-downgrade
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mz%2Bm3ukAi8OScuSB3QhDxMY%2BcG35ssV1%2BxWOQUnE4uo%2B5MrQCmICZl6slcyavgy6FHAErDcnC1%2BQher4GoDXOGr4J9L3pvHrSPrshDi3zdu%2BWSTlW6VwTU%2FwfKpbvBtQlPop%2B%2BSsJbHcf1xqVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8badb24c4c7b4223-EWR
access-control-allow-headers: Content-Type

GET
H3 404 favicon.ico
secure-60-v4kryd89pu.nl/ 1 KB
1 KB 118ms
115ms Other
text/html 45.141.59.93
IPCONNECT

General

Check archive.org

Show headers Download Go to

Full URL: https://secure-60-v4kryd89pu.nl/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 45.141.59.93 Victoria, Seychelles, ASN213373 (IPCONNECT, SC),
Reverse DNS: WALOULEADTFO.INFO
Software: LiteSpeed /
Resource Hash: 7becc0246aa4fcb8127b3459b2b8c6c04879c6855b0fcf370f8c83d2de88d319

Request headers

Referer: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Aug 2024 15:50:23 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 1163
content-type: text/html

POST
H3 200 PingServer Show response
app.ardalio.com/ 13 B
534 B 65ms
63ms Fetch
application/json 2606:4700:20::681a:1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.ardalio.com/PingServer

Requested by

Host: app.ardalio.com
URL: https://app.ardalio.com/log7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:1e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae95d608ee76e064ca676f3114fc5f48b0d5adac9ea3c9dbd137112f53c9b055

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://secure-60-v4kryd89pu.nl/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 29 Aug 2024 15:50:23 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 33
referrer-policy: no-referrer-when-downgrade
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=64g92pGUx42Z4fv2zgL9Js6kPxli%2FQP%2BDLmZEqO1GMJGhOIaUff2CkszC%2FAPyNT%2BVTNQbOA2YFvDx5sKOg21PETEoMuXwFltLeSF2335lS9hZnEWf6pODVf4Oq3g5Tfti8dmr1sFBdvSiKryew%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8badb24ccd094223-EWR
access-control-allow-headers: Content-Type

POST
H3 200 PingServer Show response
app.ardalio.com/ 13 B
537 B 71ms
69ms Fetch
application/json 2606:4700:20::681a:1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.ardalio.com/PingServer

Requested by

Host: app.ardalio.com
URL: https://app.ardalio.com/log7.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:1e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae95d608ee76e064ca676f3114fc5f48b0d5adac9ea3c9dbd137112f53c9b055

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

Referer: https://secure-60-v4kryd89pu.nl/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 29 Aug 2024 15:50:25 GMT
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 33
referrer-policy: no-referrer-when-downgrade
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zLGszYXfd6H2%2BXPCIixykIDszjah3cB%2FcuGvIDoyjMLbtTFHEIZktz%2FOlVlRoqiHA8U4zl4T0x75ABqIVduOnzxHrW6mZ8DWVgL%2Bptyxsl3EHfjQMO6CsVsOusjFKr2TZmIXJdl9iFk%2F4KvKRg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8badb2594d0a4223-EWR
access-control-allow-headers: Content-Type

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fidelity (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://secure-60-v4kryd89pu.nl/d6bZRawtiK-fidlty-login-com/?tk=KVAfJplcUaBYve9morn4Mw3O7NbSk5zL Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://secure-60-v4kryd89pu.nl/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
amalt-sqc.com
app.ardalio.com
d38psrni17bvxu.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
pillowbedsheetsshop.online
secure-60-v4kryd89pu.nl
www.callcenter.freepornfidelity.com
104.247.81.111
104.251.111.203
2600:9000:2209:2200:1d:4618:5c80:21
2606:4700:20::681a:1e
2606:4700::6812:bcf
2607:f8b0:4006:80f::200a
2607:f8b0:4006:81f::200a
2607:f8b0:4006:820::2003
45.141.59.93
54.235.253.219
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9
1e8aa706d96df48dad9bcfdfdd590efb2d53a8650e85396f95ad3e3daff3db77
4a1410b4f4c92b57d938e22d6418dc173b4661805a231fdc567d357790ccebf8
581500b7522ebcd7f9f673d19a92932fc50c96dba63ad5af36ca5af62aa2efc2
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
73b8057c918765ed1a41c6ca23e2c0530b51d396e12ce63071297c5a04178504
7becc0246aa4fcb8127b3459b2b8c6c04879c6855b0fcf370f8c83d2de88d319
8d889254e39108199f91d81a8e570d538a8d086cf8bd2d4b0fc6e3ad0d92425a
9bc80323ef1916a43144ade09ca4775d917a731294e9c2fdcd76247d91d45091
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
ae95d608ee76e064ca676f3114fc5f48b0d5adac9ea3c9dbd137112f53c9b055
b88363fd20fccd65f847be39b718563c149a7bf3adb359d3c88469b768e0e2ba
e3a806817245e0347984fc56a3b07a6bc86438f1ca92d454f05a87a44ccbd9d9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

secure-60-v4kryd89pu.nl Open in urlscan Pro 45.141.59.93 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

60 %IPv6

9 Domains

10 Subdomains

9 IPs

3 Countries

108 kBTransfer

303 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

secure-60-v4kryd89pu.nl Open in urlscan Pro
45.141.59.93 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

60 %
IPv6

9
Domains

10
Subdomains

9
IPs

3
Countries

108 kB
Transfer

303 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!