| ocsp2.globalsign.com/gsorganizationvalsha2g2 |  104.18.21.226 | | 1.5 kB |
URL ocsp2.globalsign.com/gsorganizationvalsha2g2 IP104.18.21.226:0
Hash12e9574092990143ecc95d092eb8d702 959ee1037e4fd375d396401abf5f7a6cb7e6e009 56ddc5c42a4ff7154826e42e9f8991d7c7a4896bcb7099bccb3b202120ce9095
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 09 Dec 2023 11:06:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 13 Dec 2023 08:01:05 GMT
ETag: "959ee1037e4fd375d396401abf5f7a6cb7e6e009"
Last-Modified: Sat, 09 Dec 2023 08:01:06 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3482
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 832cc7405a4356c7-OSL
|
|
| vkontakte.ru/away.php?cc_key=ckEAEu&to=https://mobltrade.com/?utm_source=vk&utm_medium=rass |  93.186.225.194 | | 0 B |
URL vkontakte.ru/away.php?cc_key=ckEAEu&to=https://mobltrade.com/?utm_source=vk&utm_medium=rass IP93.186.225.194:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /away.php?cc_key=ckEAEu&to=https://mobltrade.com/?utm_source=vk&utm_medium=rass HTTP/1.1
Host: vkontakte.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: kittenx
date: Sat, 09 Dec 2023 11:06:22 GMT
content-type: text/html; charset=windows-1251
content-length: 0
location: https://vk.com/login?act=vkcomredirect&to=YXdheS5waHA/Y2Nfa2V5PWNrRUFFdSZ0bz1odHRwczovL21vYmx0cmFkZS5jb20vP3V0bV9zb3VyY2U9dmsmdXRtX21lZGl1bT1yYXNz
x-powered-by: KPHP/7.4.115265
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vkontakte.ru; secure; HttpOnly
remixstlid=9068297993468359979_Qm5xqRzLR8CtGD4zaTc18j7RnfDNAe0EENraXSdsDXc; expires=Sun, 08 Dec 2024 11:06:22 GMT; path=/; domain=.vkontakte.ru; secure
cache-control: no-store
x-frontend: front605110
strict-transport-security: max-age=15768000
access-control-expose-headers: X-Frontend
origin-agent-cluster: ?0
x-trace-id: sj_9s2A_TAWNTwNi_Jq8FMbuL5EIyw
X-Firefox-Spdy: h2
|
|
| ocsp2.globalsign.com/gsorganizationvalsha2g2 | 104.18.21.226 | | 1.5 kB |
URL ocsp2.globalsign.com/gsorganizationvalsha2g2 IP104.18.21.226:0
Hash12e9574092990143ecc95d092eb8d702 959ee1037e4fd375d396401abf5f7a6cb7e6e009 56ddc5c42a4ff7154826e42e9f8991d7c7a4896bcb7099bccb3b202120ce9095
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 09 Dec 2023 11:06:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 13 Dec 2023 08:01:05 GMT
ETag: "959ee1037e4fd375d396401abf5f7a6cb7e6e009"
Last-Modified: Sat, 09 Dec 2023 08:01:06 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3482
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 832cc7415b1156c7-OSL
|
|
| vk.com/login?act=vkcomredirect&to=YXdheS5waHA/Y2Nfa2V5PWNrRUFFdSZ0bz1odHRwczovL21vYmx0cmFkZS5jb20vP3V0bV9zb3VyY2U9dmsmdXRtX21lZGl1bT1yYXNz | 87.240.129.133 | | 20 B |
URL vk.com/login?act=vkcomredirect&to=YXdheS5waHA/Y2Nfa2V5PWNrRUFFdSZ0bz1odHRwczovL21vYmx0cmFkZS5jb20vP3V0bV9zb3VyY2U9dmsmdXRtX21lZGl1bT1yYXNz IP87.240.129.133:0
File typegzip compressed data, from Unix\012- data Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /login?act=vkcomredirect&to=YXdheS5waHA/Y2Nfa2V5PWNrRUFFdSZ0bz1odHRwczovL21vYmx0cmFkZS5jb20vP3V0bV9zb3VyY2U9dmsmdXRtX21lZGl1bT1yYXNz HTTP/1.1
Host: vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: kittenx
date: Sat, 09 Dec 2023 11:06:22 GMT
content-type: text/html; charset=windows-1251
content-length: 20
x-powered-by: KPHP/7.4.115265
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly
remixlang=3; expires=Sat, 14 Dec 2024 07:47:06 GMT; path=/; domain=.vk.com
remixstlid=9091660416535504250_8l3cOPofXvWyxjJfE2gZBP8EU0AVeqc8NMjcAKzum7X; expires=Sun, 08 Dec 2024 11:06:22 GMT; path=/; domain=.vk.com; secure
remixvkcom=1; path=/; domain=.vk.com; secure
cache-control: no-store
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-robots-tag: noindex
location: /away.php?cc_key=ckEAEu&to=https://mobltrade.com/?utm_source=vk&utm_medium=rass
content-encoding: gzip
x-frontend: front609304
strict-transport-security: max-age=15768000
access-control-expose-headers: X-Frontend
origin-agent-cluster: ?0
x-trace-id: uUnqcogpCg_VlZBCWRAq5Hh4v5lb9g
X-Firefox-Spdy: h2
|
|
| vk.com/away.php?cc_key=ckEAEu&to=https://mobltrade.com/?utm_source=vk&utm_medium=rass | 87.240.129.133 | | 20 B |
URL vk.com/away.php?cc_key=ckEAEu&to=https://mobltrade.com/?utm_source=vk&utm_medium=rass IP87.240.129.133:0
File typegzip compressed data, from Unix\012- data Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /away.php?cc_key=ckEAEu&to=https://mobltrade.com/?utm_source=vk&utm_medium=rass HTTP/1.1
Host: vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: remixlang=3; remixstlid=9091660416535504250_8l3cOPofXvWyxjJfE2gZBP8EU0AVeqc8NMjcAKzum7X; remixvkcom=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: kittenx
date: Sat, 09 Dec 2023 11:06:22 GMT
content-type: text/html; charset=windows-1251
content-length: 20
location: https://away.vk.com/away.php?rh=72ced1d9-d94e-4479-9c26-13f284008fd0
x-powered-by: KPHP/7.4.115265
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly
remixsec_redir=https%3A%2F%2Fmobltrade.com%2F%3Futm_source%3Dvk; path=/; domain=.vk.com
remixua=-1%7C-1%7C320%7C295475610; expires=Sun, 08 Dec 2024 03:15:02 GMT; path=/; domain=.vk.com; secure
cache-control: no-store
x-frame-options: DENY
content-encoding: gzip
x-frontend: front609304
strict-transport-security: max-age=15768000
access-control-expose-headers: X-Frontend
origin-agent-cluster: ?0
x-trace-id: SKc0ZSFDl44Fnuzk-xQavQ263WaY9Q
X-Firefox-Spdy: h2
|
|
| away.vk.com/away.php?rh=72ced1d9-d94e-4479-9c26-13f284008fd0 | 87.240.129.133 | | 275 B |
URL away.vk.com/away.php?rh=72ced1d9-d94e-4479-9c26-13f284008fd0 IP87.240.129.133:0
File typeHTML document, ASCII text, with very long lines (455), with no line terminators Hash92e367c5e3d9ef5ea721608c3b7bffa9 597fda3a923ef67c1286acfefc2080cb51bf8172 9bd1525dac4f30d35e39e94360987ef13b235a35ed4f91da038296b993f4a9fc
GET /away.php?rh=72ced1d9-d94e-4479-9c26-13f284008fd0 HTTP/1.1
Host: away.vk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: remixlang=3; remixstlid=9091660416535504250_8l3cOPofXvWyxjJfE2gZBP8EU0AVeqc8NMjcAKzum7X; remixvkcom=1; remixsec_redir=https%3A%2F%2Fmobltrade.com%2F%3Futm_source%3Dvk; remixua=-1%7C-1%7C320%7C295475610
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: kittenx
date: Sat, 09 Dec 2023 11:06:22 GMT
content-type: text/html; charset=windows-1251
content-length: 275
x-powered-by: KPHP/7.4.115265
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly
remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.vk.com
remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=away.vk.com
remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/
cache-control: no-store
x-frame-options: DENY
content-encoding: gzip
x-frontend: front609304
access-control-expose-headers: X-Frontend
x-trace-id: WacTJu4TGe-Ju_SSDtj2PXDNxyBbpw
X-Firefox-Spdy: h2
|
|
| mobltrade.com/?utm_source=vk | 0.0.0.0 | | 0 B |
URL User Request GET mobltrade.com/?utm_source=vk IP0.0.0.0:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?utm_source=vk HTTP/1.1
Host: mobltrade.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://away.vk.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|