| ransomsection.com/wynpzyna8i?adb=n&adb=n&adb=n&adb=n&adb=n&dev=r&key=c45f12193c544105ae2fa175a7362064&kw=[%22pmv%22,%22haven%22,%22wetkuchy%22,%22s%22,%22profile%22]&naiwtkq=8&psid=pmvhaven.com,pmvhaven.com&refer=https://pmvhaven.com/profile/WetKuchy&res=14.31&scrHeight=1440&scrWidth=2560&ship=&sub3=invoke_layer&tz=-4&uuid=c4e329c9-d2e0-4160-bd66-327ba6a21d89:2:1&v=24.5.6485 |  192.243.59.12 | 200 OK | 1.7 kB |
URL User Request GET HTTP/1.1ransomsection.com/wynpzyna8i?adb=n&adb=n&adb=n&adb=n&adb=n&dev=r&key=c45f12193c544105ae2fa175a7362064&kw=[%22pmv%22,%22haven%22,%22wetkuchy%22,%22s%22,%22profile%22]&naiwtkq=8&psid=pmvhaven.com,pmvhaven.com&refer=https://pmvhaven.com/profile/WetKuchy&res=14.31&scrHeight=1440&scrWidth=2560&ship=&sub3=invoke_layer&tz=-4&uuid=c4e329c9-d2e0-4160-bd66-327ba6a21d89:2:1&v=24.5.6485 IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectransomsection.com Fingerprint84:94:47:11:DF:24:53:02:E1:19:0F:B2:D9:9E:CB:83:86:65:FB:34 ValidityMon, 29 Apr 2024 08:05:40 GMT - Sun, 28 Jul 2024 08:05:39 GMT
File typeHTML document, ASCII text, with very long lines (842) Hash50acea895cf265228b71820fd785fbb0 bf8460f3c7520cdea5166976e2b06700c8f4f142 30f43fd8d4e6374bae0277a448e5b39d38b572a6b69c2c3bc866c28b83911b5a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /wynpzyna8i?adb=n&adb=n&adb=n&adb=n&adb=n&dev=r&key=c45f12193c544105ae2fa175a7362064&kw=[%22pmv%22,%22haven%22,%22wetkuchy%22,%22s%22,%22profile%22]&naiwtkq=8&psid=pmvhaven.com,pmvhaven.com&refer=https://pmvhaven.com/profile/WetKuchy&res=14.31&scrHeight=1440&scrWidth=2560&ship=&sub3=invoke_layer&tz=-4&uuid=c4e329c9-d2e0-4160-bd66-327ba6a21d89:2:1&v=24.5.6485 HTTP/1.1
Host: ransomsection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:08:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=23117823; expires=Sun, 05 May 2024 07:08:55 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzExNzgyMywiayI6ImM0NWYxMjE5M2M1NDQxMDVhZTJmYTE3NWE3MzYyMDY0Iiwic2lkIjoicG12aGF2ZW4uY29tLHBtdmhhdmVuLmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MzEzNTk4MSwicGlkIjoxMzU5MDQ1LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjI4LCJwdCI6NCwicGsiOiJ3eW5wenluYThpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3BtdmhhdmVuLmNvbS9wcm9maWxlL1dldEt1Y2h5IiwiYXIiOltdfX0.O52M9J8QxplZrXWcv7BR2Dui-rZubSIA15s0dQT7Qkc; expires=Sat, 04 May 2024 07:09:55 GMT
uid_id2=c4e329c9-d2e0-4160-bd66-327ba6a21d89:2:1; expires=Sat, 11 May 2024 07:08:55 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c776f782ef3469eb2f952667b4bda317
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|
| ransomsection.com/api/users?token=L3d5bnB6eW5hOGk_YWRiPW4mZGV2PXIma2V5PWM0NWYxMjE5M2M1NDQxMDVhZTJmYTE3NWE3MzYyMDY0Jmt3PSU1QiUyMnBtdiUyMiUyQyUyMmhhdmVuJTIyJTJDJTIyd2V0a3VjaHklMjIlMkMlMjJzJTIyJTJDJTIycHJvZmlsZSUyMiU1RCZuYWl3dGtxPTgmcHNpZD1wbXZoYXZlbi5jb20lMkNwbXZoYXZlbi5jb20mcHN0PTE3MTQ4MDY1OTUmcmVmZXI9aHR0cHMlM0ElMkYlMkZwbXZoYXZlbi5jb20lMkZwcm9maWxlJTJGV2V0S3VjaHkmcmVzPTE0LjMxJnJtdGM9dCZzY3JIZWlnaHQ9MTQ0MCZzY3JXaWR0aD0yNTYwJnNoaXA9JnNodT1jYTQ0ZTdmMWExOTY5YmQwOWMxOWUxMjQ3MTlhMzZkMDY2MTEyMDFlNjRjNTU2YmViNWE0MDhkZmVhY2Y3MTFlZGY5YTZhYjRmNzc3NGFkZTA5M2MwMjU5ZjQ5YTFlYmY2MTA2MGVhNjdkYzlkYzU5YTY3N2NlMmFjNWJjZjc0Y2QwNGEwZDQxM2QxZTkxYzUwOWYyYWFjOTNjM2FmZTM5MmVkZjVkOWFjMDAyYjEyZDQ2OTVlOWY5MjcyNWYyM2I5Y2E5Njgmc3ViMz1pbnZva2VfbGF5ZXImdHo9LTQmdXVpZD1jNGUzMjljOS1kMmUwLTQxNjAtYmQ2Ni0zMjdiYTZhMjFkODklM0EyJTNBMSZ2PTI0LjUuNjQ4NQ&uuid=c4e329c9-d2e0-4160-bd66-327ba6a21d89%3A2%3A1&pii=&in=false | 192.243.59.12 | 302 Found | 0 B |
URL User Request GET HTTP/1.1ransomsection.com/api/users?token=L3d5bnB6eW5hOGk_YWRiPW4mZGV2PXIma2V5PWM0NWYxMjE5M2M1NDQxMDVhZTJmYTE3NWE3MzYyMDY0Jmt3PSU1QiUyMnBtdiUyMiUyQyUyMmhhdmVuJTIyJTJDJTIyd2V0a3VjaHklMjIlMkMlMjJzJTIyJTJDJTIycHJvZmlsZSUyMiU1RCZuYWl3dGtxPTgmcHNpZD1wbXZoYXZlbi5jb20lMkNwbXZoYXZlbi5jb20mcHN0PTE3MTQ4MDY1OTUmcmVmZXI9aHR0cHMlM0ElMkYlMkZwbXZoYXZlbi5jb20lMkZwcm9maWxlJTJGV2V0S3VjaHkmcmVzPTE0LjMxJnJtdGM9dCZzY3JIZWlnaHQ9MTQ0MCZzY3JXaWR0aD0yNTYwJnNoaXA9JnNodT1jYTQ0ZTdmMWExOTY5YmQwOWMxOWUxMjQ3MTlhMzZkMDY2MTEyMDFlNjRjNTU2YmViNWE0MDhkZmVhY2Y3MTFlZGY5YTZhYjRmNzc3NGFkZTA5M2MwMjU5ZjQ5YTFlYmY2MTA2MGVhNjdkYzlkYzU5YTY3N2NlMmFjNWJjZjc0Y2QwNGEwZDQxM2QxZTkxYzUwOWYyYWFjOTNjM2FmZTM5MmVkZjVkOWFjMDAyYjEyZDQ2OTVlOWY5MjcyNWYyM2I5Y2E5Njgmc3ViMz1pbnZva2VfbGF5ZXImdHo9LTQmdXVpZD1jNGUzMjljOS1kMmUwLTQxNjAtYmQ2Ni0zMjdiYTZhMjFkODklM0EyJTNBMSZ2PTI0LjUuNjQ4NQ&uuid=c4e329c9-d2e0-4160-bd66-327ba6a21d89%3A2%3A1&pii=&in=false IP192.243.59.12:443 ASN#39572 DataWeb Global Group B.V.
CertificateIssuerLet's Encrypt Subjectransomsection.com Fingerprint84:94:47:11:DF:24:53:02:E1:19:0F:B2:D9:9E:CB:83:86:65:FB:34 ValidityMon, 29 Apr 2024 08:05:40 GMT - Sun, 28 Jul 2024 08:05:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /api/users?token=L3d5bnB6eW5hOGk_YWRiPW4mZGV2PXIma2V5PWM0NWYxMjE5M2M1NDQxMDVhZTJmYTE3NWE3MzYyMDY0Jmt3PSU1QiUyMnBtdiUyMiUyQyUyMmhhdmVuJTIyJTJDJTIyd2V0a3VjaHklMjIlMkMlMjJzJTIyJTJDJTIycHJvZmlsZSUyMiU1RCZuYWl3dGtxPTgmcHNpZD1wbXZoYXZlbi5jb20lMkNwbXZoYXZlbi5jb20mcHN0PTE3MTQ4MDY1OTUmcmVmZXI9aHR0cHMlM0ElMkYlMkZwbXZoYXZlbi5jb20lMkZwcm9maWxlJTJGV2V0S3VjaHkmcmVzPTE0LjMxJnJtdGM9dCZzY3JIZWlnaHQ9MTQ0MCZzY3JXaWR0aD0yNTYwJnNoaXA9JnNodT1jYTQ0ZTdmMWExOTY5YmQwOWMxOWUxMjQ3MTlhMzZkMDY2MTEyMDFlNjRjNTU2YmViNWE0MDhkZmVhY2Y3MTFlZGY5YTZhYjRmNzc3NGFkZTA5M2MwMjU5ZjQ5YTFlYmY2MTA2MGVhNjdkYzlkYzU5YTY3N2NlMmFjNWJjZjc0Y2QwNGEwZDQxM2QxZTkxYzUwOWYyYWFjOTNjM2FmZTM5MmVkZjVkOWFjMDAyYjEyZDQ2OTVlOWY5MjcyNWYyM2I5Y2E5Njgmc3ViMz1pbnZva2VfbGF5ZXImdHo9LTQmdXVpZD1jNGUzMjljOS1kMmUwLTQxNjAtYmQ2Ni0zMjdiYTZhMjFkODklM0EyJTNBMSZ2PTI0LjUuNjQ4NQ&uuid=c4e329c9-d2e0-4160-bd66-327ba6a21d89%3A2%3A1&pii=&in=false HTTP/1.1
Host: ransomsection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomsection.com/api/users?token=L3d5bnB6eW5hOGk_a2V5PTljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2JnN1Ym1ldHJpYz0yMzExNzgyMw
Cookie: u_pl=23117823; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzExNzgyMywiayI6ImM0NWYxMjE5M2M1NDQxMDVhZTJmYTE3NWE3MzYyMDY0Iiwic2lkIjoicG12aGF2ZW4uY29tLHBtdmhhdmVuLmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MzEzNTk4MSwicGlkIjoxMzU5MDQ1LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjI4LCJwdCI6NCwicGsiOiJ3eW5wenluYThpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3BtdmhhdmVuLmNvbS9wcm9maWxlL1dldEt1Y2h5IiwiYXIiOltdfX0.O52M9J8QxplZrXWcv7BR2Dui-rZubSIA15s0dQT7Qkc; uid_id2=c4e329c9-d2e0-4160-bd66-327ba6a21d89:2:1; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Sat, 04 May 2024 07:08:56 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://track.trackingtraffo.com/pop/imp?auth=jvpu18&c=POk4bsUSMPr8jsUsUtIxJTrkke15v1oZcEygYMvsR11O9KzMUqGnPtu_vUUxPVIVdRmm7pLIvxb00VbAXs4AHF4nNB1L6TFjkx8TYINwvXQJN16wR-PZ8xx1TiO1o0JoAiPs3SMjGFHG5940KLMlFAErAMXQUqmRJw16LfgBTGkC3AHeAUFKWLE-sXjohOSdoH_gc_5u_vKz78jbL2dcMI41Twda2ndWTK24SC2KRc2_TuChcmEWCyJVcRtgFQVgubaiBjzXjtSHc4OIswQe5LWQs0UmwbiQtmBJjW0EFVv0VeoUDxLYx8-NWSMRVrPJoNG2TIjenqnWS9VwksrDJBWZ07ICwLw3_Q3P8SjtGrFDomSEiGu4j18j03-uqNt1opV6x--tpMpbiJr5--WlWtySM6pkmTOhtvyS4886BOYUIr3kkGvCAeFUpxGjiR_rSFG8wSFYmT67UzG9vbD8SSt5coP_g593x5mCQhCxI9E8dGH6ZNFiOaKWCN3gnPbmbM_ticd7hK0Ynbtq7bGUB9BReciZ5-064qDf77GeKtDv1dFiBE7bmMwTqF3FfI0QYW0PFfu_gJ-6lTrGPPauzISTD60ZxTSNYDFUrjy0PAeTL9WAmYERvmR3cmJIGStbUswFydb9tSqGRcDD6tsMkkkmdVBkvTobbA255f9Vm-QupeeL7wgy0MfbgX_eh4Indn_75uQ7Tqw9fWblf7d5_Q
Set-Cookie: uid_id2=c4e329c9-d2e0-4160-bd66-327ba6a21d89:2:1; expires=Sat, 11 May 2024 07:08:55 GMT
pdhtkv=true; expires=Sun, 05 May 2024 07:08:56 GMT
uncs=1; expires=Sun, 05 May 2024 07:08:56 GMT
pdhtkv28=true; expires=Sun, 05 May 2024 07:08:56 GMT
uncs28=1; expires=Sun, 05 May 2024 07:08:56 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ff435e50924827a3199c7b65adfa8461
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| ransomsection.com/favicon.ico | 192.243.61.225 | 200 OK | 0 B |
URL GET HTTP/1.1ransomsection.com/favicon.ico IP192.243.61.225:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://ransomsection.com/wynpzyna8i?adb=n&adb=n&adb=n&adb=n&adb=n&dev=r&key=c45f12193c544105ae2fa175a7362064&kw=[%22pmv%22,%22haven%22,%22wetkuchy%22,%22s%22,%22profile%22]&naiwtkq=8&psid=pmvhaven.com,pmvhaven.com&refer=https://pmvhaven.com/profile/WetKuchy&res=14.31&scrHeight=1440&scrWidth=2560&ship=&sub3=invoke_layer&tz=-4&uuid=c4e329c9-d2e0-4160-bd66-327ba6a21d89:2:1&v=24.5.6485 CertificateIssuerLet's Encrypt Subjectransomsection.com Fingerprint84:94:47:11:DF:24:53:02:E1:19:0F:B2:D9:9E:CB:83:86:65:FB:34 ValidityMon, 29 Apr 2024 08:05:40 GMT - Sun, 28 Jul 2024 08:05:39 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: ransomsection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ransomsection.com/api/users?token=L3d5bnB6eW5hOGk_a2V5PTljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2JnN1Ym1ldHJpYz0yMzExNzgyMw
Cookie: u_pl=23117823; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzExNzgyMywiayI6ImM0NWYxMjE5M2M1NDQxMDVhZTJmYTE3NWE3MzYyMDY0Iiwic2lkIjoicG12aGF2ZW4uY29tLHBtdmhhdmVuLmNvbSIsImlzaWQiOjIsImFzaWQiOjEsInppZCI6MzEzNTk4MSwicGlkIjoxMzU5MDQ1LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjI4LCJwdCI6NCwicGsiOiJ3eW5wenluYThpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3BtdmhhdmVuLmNvbS9wcm9maWxlL1dldEt1Y2h5IiwiYXIiOltdfX0.O52M9J8QxplZrXWcv7BR2Dui-rZubSIA15s0dQT7Qkc; uid_id2=c4e329c9-d2e0-4160-bd66-327ba6a21d89:2:1; cjs=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:08:56 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: eb47be928d1083cf2530d6a2f9c6c524
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| track.trackingtraffo.com/pop/imp?auth=jvpu18&c=POk4bsUSMPr8jsUsUtIxJTrkke15v1oZcEygYMvsR11O9KzMUqGnPtu_vUUxPVIVdRmm7pLIvxb00VbAXs4AHF4nNB1L6TFjkx8TYINwvXQJN16wR-PZ8xx1TiO1o0JoAiPs3SMjGFHG5940KLMlFAErAMXQUqmRJw16LfgBTGkC3AHeAUFKWLE-sXjohOSdoH_gc_5u_vKz78jbL2dcMI41Twda2ndWTK24SC2KRc2_TuChcmEWCyJVcRtgFQVgubaiBjzXjtSHc4OIswQe5LWQs0UmwbiQtmBJjW0EFVv0VeoUDxLYx8-NWSMRVrPJoNG2TIjenqnWS9VwksrDJBWZ07ICwLw3_Q3P8SjtGrFDomSEiGu4j18j03-uqNt1opV6x--tpMpbiJr5--WlWtySM6pkmTOhtvyS4886BOYUIr3kkGvCAeFUpxGjiR_rSFG8wSFYmT67UzG9vbD8SSt5coP_g593x5mCQhCxI9E8dGH6ZNFiOaKWCN3gnPbmbM_ticd7hK0Ynbtq7bGUB9BReciZ5-064qDf77GeKtDv1dFiBE7bmMwTqF3FfI0QYW0PFfu_gJ-6lTrGPPauzISTD60ZxTSNYDFUrjy0PAeTL9WAmYERvmR3cmJIGStbUswFydb9tSqGRcDD6tsMkkkmdVBkvTobbA255f9Vm-QupeeL7wgy0MfbgX_eh4Indn_75uQ7Tqw9fWblf7d5_Q | 88.214.206.175 | 204 No Content | 0 B |
URL User Request GET HTTP/1.1track.trackingtraffo.com/pop/imp?auth=jvpu18&c=POk4bsUSMPr8jsUsUtIxJTrkke15v1oZcEygYMvsR11O9KzMUqGnPtu_vUUxPVIVdRmm7pLIvxb00VbAXs4AHF4nNB1L6TFjkx8TYINwvXQJN16wR-PZ8xx1TiO1o0JoAiPs3SMjGFHG5940KLMlFAErAMXQUqmRJw16LfgBTGkC3AHeAUFKWLE-sXjohOSdoH_gc_5u_vKz78jbL2dcMI41Twda2ndWTK24SC2KRc2_TuChcmEWCyJVcRtgFQVgubaiBjzXjtSHc4OIswQe5LWQs0UmwbiQtmBJjW0EFVv0VeoUDxLYx8-NWSMRVrPJoNG2TIjenqnWS9VwksrDJBWZ07ICwLw3_Q3P8SjtGrFDomSEiGu4j18j03-uqNt1opV6x--tpMpbiJr5--WlWtySM6pkmTOhtvyS4886BOYUIr3kkGvCAeFUpxGjiR_rSFG8wSFYmT67UzG9vbD8SSt5coP_g593x5mCQhCxI9E8dGH6ZNFiOaKWCN3gnPbmbM_ticd7hK0Ynbtq7bGUB9BReciZ5-064qDf77GeKtDv1dFiBE7bmMwTqF3FfI0QYW0PFfu_gJ-6lTrGPPauzISTD60ZxTSNYDFUrjy0PAeTL9WAmYERvmR3cmJIGStbUswFydb9tSqGRcDD6tsMkkkmdVBkvTobbA255f9Vm-QupeeL7wgy0MfbgX_eh4Indn_75uQ7Tqw9fWblf7d5_Q IP88.214.206.175:443
CertificateIssuerSectigo Limited Subjecttrackingtraffo.com Fingerprint66:CE:68:F3:6C:8A:98:F0:D8:02:5B:C4:5E:2E:C7:B0:C7:73:5B:A8 ValidityThu, 23 Nov 2023 00:00:00 GMT - Fri, 22 Nov 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=jvpu18&c=POk4bsUSMPr8jsUsUtIxJTrkke15v1oZcEygYMvsR11O9KzMUqGnPtu_vUUxPVIVdRmm7pLIvxb00VbAXs4AHF4nNB1L6TFjkx8TYINwvXQJN16wR-PZ8xx1TiO1o0JoAiPs3SMjGFHG5940KLMlFAErAMXQUqmRJw16LfgBTGkC3AHeAUFKWLE-sXjohOSdoH_gc_5u_vKz78jbL2dcMI41Twda2ndWTK24SC2KRc2_TuChcmEWCyJVcRtgFQVgubaiBjzXjtSHc4OIswQe5LWQs0UmwbiQtmBJjW0EFVv0VeoUDxLYx8-NWSMRVrPJoNG2TIjenqnWS9VwksrDJBWZ07ICwLw3_Q3P8SjtGrFDomSEiGu4j18j03-uqNt1opV6x--tpMpbiJr5--WlWtySM6pkmTOhtvyS4886BOYUIr3kkGvCAeFUpxGjiR_rSFG8wSFYmT67UzG9vbD8SSt5coP_g593x5mCQhCxI9E8dGH6ZNFiOaKWCN3gnPbmbM_ticd7hK0Ynbtq7bGUB9BReciZ5-064qDf77GeKtDv1dFiBE7bmMwTqF3FfI0QYW0PFfu_gJ-6lTrGPPauzISTD60ZxTSNYDFUrjy0PAeTL9WAmYERvmR3cmJIGStbUswFydb9tSqGRcDD6tsMkkkmdVBkvTobbA255f9Vm-QupeeL7wgy0MfbgX_eh4Indn_75uQ7Tqw9fWblf7d5_Q HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ransomsection.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 04 May 2024 07:08:56 GMT
Connection: keep-alive
|
|
| ransomsection.com/api/users?token=L3d5bnB6eW5hOGk_a2V5PTljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2JnN1Ym1ldHJpYz0yMzExNzgyMw | 172.240.127.234 | | 1.3 kB |
URL ransomsection.com/api/users?token=L3d5bnB6eW5hOGk_a2V5PTljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2JnN1Ym1ldHJpYz0yMzExNzgyMw IP172.240.127.234:0
CertificateIssuerLet's Encrypt Subjectransomsection.com Fingerprint84:94:47:11:DF:24:53:02:E1:19:0F:B2:D9:9E:CB:83:86:65:FB:34 ValidityMon, 29 Apr 2024 08:05:40 GMT - Sun, 28 Jul 2024 08:05:39 GMT
File typeHTML document, ASCII text, with very long lines (438) Hash8915cd60501a7aa65267d12b33a3c466 b1e663394a975ac4d0ff9ce6dcaf76d2f1cec1b2 f2b077e35a80877e2580d3ba4f8b7709815ecae581fc79e7231a9b652de8f5f8
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /api/users?token=L3d5bnB6eW5hOGk_a2V5PTljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2JnN1Ym1ldHJpYz0yMzExNzgyMw HTTP/1.1
Host: ransomsection.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 07:09:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=14892299; expires=Sun, 05 May 2024 07:09:19 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNDg5MjI5OSwiayI6IjljYTYwMWE5ZjQ3YzczNWRmNzZkNWNhNDZmYTI2YTY2Iiwic2lkIjoiMjMxMTc4MjMiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjEwMzczOCwicGlkIjo4MzMyMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyOCwicHQiOjQsInBrIjoibW03M2FqZzQiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6IiIsImFyIjpbXX19.z66-iVHM3A-UwMtsJh92eqS9a__oJeolg3j2KYO38k4; expires=Sat, 04 May 2024 07:10:19 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4882b399fce42438e3ac27fb6b2f0fc9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
|
|