Report - mlbb-shop.event-redeem.com/index.php?aToken=verifiedverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.php

Report Overview

Visited public
2025-01-07 08:18:17
Tags
URL
mlbb-shop.event-redeem.com/index.php?aToken=verifiedverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.php
Finishing URL
mlbb-shop.event-redeem.com/verify.php
IP / ASN
104.21.32.1
#13335 CLOUDFLARENET
Title
Confirmation: Mobile Legends Bang Bang

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mlbb-shop.event-redeem.com	unknown	2025-01-01	2025-01-05	2025-01-05	1.7 kB	38 kB	104.21.48.1
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-01-01	997 B	61 kB	151.101.193.229
akmweb.youngjoygame.com	283991	2016-02-25	2021-06-16	2024-12-31	480 B	2.3 kB	23.201.43.80

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-01-05	medium	mlbb-shop.event-redeem.com/	Mobile Legends
2025-01-05	medium	mlbb-shop.event-redeem.com/	Mobile Legends
2025-01-06	medium	mlbb-shop.event-redeem.com/verify.php	Mobile Legends

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/js/bootstrap.bundle.min.js	ScriptElement	81 kB	2023-08-05	2025-06-12
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/js/bootstrap.bundle.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-05 00:21 Last Seen2025-06-12 11:01 Times Seen2100 Hash e2b09c06f0e714b6144a6788a28e3950 ce54f85f278fbcd5cb2292f9c186eedf63cdcf88 d2ea6c1e0cabca20d18e924b25a1cd0187c38ba7c33f60ab06e1b0402b9bcdb5 Loading...

HTTP Transactions (6)

URL IP Response Size

mlbb-shop.event-redeem.com/img/style-img/app_icon.png

104.21.48.1

200 OK

31 kB

URL GET HTTP/3
mlbb-shop.event-redeem.com/img/style-img/app_icon.png
IP
104.21.48.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mlbb-shop.event-redeem.com/verify.php
Certificate
IssuerGoogle Trust Services
Subjectevent-redeem.com
Fingerprint88:D2:F3:B0:56:AA:6F:5B:A8:05:61:DF:6D:2B:BB:85:44:B6:06:EB
ValidityWed, 01 Jan 2025 16:11:48 GMT - Tue, 01 Apr 2025 17:08:10 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 400x400, components 3
Size
31 kB (31082 bytes)
Hash
fb854bfa717133d49abc60ecefa5cab1
0aa4a0ef72e42aa83fe20bff9fcd57a7437c9c4a
b2132b26950dd2bc1c04eea3f271230ce1ce2b97a6bcb1a9812b0c05d8552b8e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Mobile Legends

HTTP Headers

GET /img/style-img/app_icon.png HTTP/1.1
Host: mlbb-shop.event-redeem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mlbb-shop.event-redeem.com/verify.php
Cookie: PHPSESSID=ee99fe1601f58eda65189636b2511218
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 Jan 2025 08:17:52 GMT
content-type: image/png
content-length: 31082
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VFl%2FtZkHWOJ8SronYGR9uKrBshj1PehbE2OfoXs%2BvCHDa6ESPHmpQ4TVqICoU4Au%2B85kWWUUVvxFxQI0iQRCDLE%2FTXBcQMR1O%2B65umc5XHuZSjCNuQEJ7BWnRbDNKMe907hH8MrFimS5BbOEQg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
expires: Sun, 12 Jan 2025 05:50:17 GMT
last-modified: Sat, 21 Dec 2024 04:12:02 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 181655
accept-ranges: bytes
cf-ray: 8fe2838f8e880b3d-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/css/bootstrap.min.css

151.101.193.229

200 OK

35 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://mlbb-shop.event-redeem.com/verify.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
Unicode text, UTF-8 text, with very long lines (65342)
Size
35 kB (34728 bytes)
Hash
896192cc65e20f1fcc6d792b5b9a4626
b13ef70543d70c1ec7fdd56a5ebc9d7d64023851
d939d21f27010c09b6c2966681d8b4cfcd64ca418f240922518f967fded16ef6

HTTP Headers

GET /npm/bootstrap@5.3.1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mlbb-shop.event-redeem.com
DNT: 1
Connection: keep-alive
Referer: https://mlbb-shop.event-redeem.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.3.1
x-jsd-version-type: version
etag: W/"38d97-sT73BUPXDB7H/dVqXrydfWQCOFE"
content-encoding: br
accept-ranges: bytes
date: Tue, 07 Jan 2025 08:17:52 GMT
age: 4208275
x-served-by: cache-fra-eddf8230044-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 34728
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/js/bootstrap.bundle.min.js

151.101.193.229

200 OK

25 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/js/bootstrap.bundle.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://mlbb-shop.event-redeem.com/verify.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
25 kB (25082 bytes)
Hash
e2b09c06f0e714b6144a6788a28e3950
ce54f85f278fbcd5cb2292f9c186eedf63cdcf88
d2ea6c1e0cabca20d18e924b25a1cd0187c38ba7c33f60ab06e1b0402b9bcdb5

HTTP Headers

GET /npm/bootstrap@5.3.1/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mlbb-shop.event-redeem.com
DNT: 1
Connection: keep-alive
Referer: https://mlbb-shop.event-redeem.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.3.1
x-jsd-version-type: version
etag: W/"13b1c-zlT4XyePvNXLIpL5wYbu32PNz4g"
content-encoding: br
accept-ranges: bytes
date: Tue, 07 Jan 2025 08:17:52 GMT
age: 4159448
x-served-by: cache-fra-etou8220068-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25082
X-Firefox-Spdy: h2

akmweb.youngjoygame.com/web/gms/image/1d4439a2ab14e995b99fd8934adb34ee.svg

23.201.43.80

200 OK

1.2 kB

URL GET HTTP/2
akmweb.youngjoygame.com/web/gms/image/1d4439a2ab14e995b99fd8934adb34ee.svg
IP
23.201.43.80:443
ASN
#20940 Akamai International B.V.

Requested by
https://mlbb-shop.event-redeem.com/verify.php
Certificate
IssuerLet's Encrypt
Subjectact.gms.moontontech.com
FingerprintA3:3F:07:57:2F:7B:7B:43:60:80:86:58:24:55:66:E2:15:D3:63:80
ValidityThu, 02 Jan 2025 05:30:57 GMT - Wed, 02 Apr 2025 05:30:56 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1240 bytes)
Hash
dbb6f5cabfb92b02ed3a7f55491b2acc
687ca97efc14adc00f1aa4ce8a1d4bc65edc678d
8da14fad7313ab0a024414c81cedb1c1686fb4541ac5fc5ed959e106fd9c7644

HTTP Headers

GET /web/gms/image/1d4439a2ab14e995b99fd8934adb34ee.svg HTTP/1.1
Host: akmweb.youngjoygame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mlbb-shop.event-redeem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: pZqzdhIOMdC/Y3UA9Dw5DKST6HyGqRNQfiQtIMWYrRSjLsrRAS0ld4YXFkIbnXJnhJZT1AhTMSlx8gJtNXceQg==
x-amz-request-id: 39DWVX10YCAZ9PSJ
last-modified: Tue, 10 Dec 2024 07:23:35 GMT
etag: "dbb6f5cabfb92b02ed3a7f55491b2acc"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
content-type: image/svg+xml
server: AmazonS3
x-origin-response-time: 626,23.73.1.77
content-encoding: gzip
content-length: 1240
cache-control: max-age=2578822
expires: Thu, 06 Feb 2025 04:38:14 GMT
date: Tue, 07 Jan 2025 08:17:52 GMT
vary: Accept-Encoding
akamai-mon-iucid-del: 1172575
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-expose-headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC
access-control-allow-headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
X-Firefox-Spdy: h2

mlbb-shop.event-redeem.com/index.php?aToken=verifiedverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.php

104.21.48.1

302 Found

2.2 kB

URL User Request GET HTTP/2
mlbb-shop.event-redeem.com/index.php?aToken=verifiedverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.php
IP
104.21.48.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectevent-redeem.com
Fingerprint88:D2:F3:B0:56:AA:6F:5B:A8:05:61:DF:6D:2B:BB:85:44:B6:06:EB
ValidityWed, 01 Jan 2025 16:11:48 GMT - Tue, 01 Apr 2025 17:08:10 GMT

File type

Size
2.2 kB (2187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Mobile Legends

HTTP Headers

GET /index.php?aToken=verifiedverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.phpverify.php HTTP/1.1
Host: mlbb-shop.event-redeem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 07 Jan 2025 08:17:52 GMT
content-type: text/html; charset=UTF-8
location: verify.php
cache-control: no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tD%2BAxFk6Mps3oUzTw17Td3c41TVqhPMxY9pCspWFUEDPl8GBZQjCyyO1iPZEeVFOfaeA0QbELuWp3LdNkUK2jgHCDqGy4DDL%2B5wi%2FsXAvUJlAa7JfX8awCnFqKF%2FRnuIdFB88gXHpnk%2Fdr87uw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fe2838a3a8c1c12-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6098&min_rtt=433&rtt_var=11319&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3288&recv_bytes=1373&delivery_rate=7252086&cwnd=254&unsent_bytes=0&cid=890d3b8342734819&ts=301&x=0"
X-Firefox-Spdy: h2

mlbb-shop.event-redeem.com/verify.php

104.21.48.1

200 OK

2.2 kB

URL User Request GET HTTP/2
mlbb-shop.event-redeem.com/verify.php
IP
104.21.48.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectevent-redeem.com
Fingerprint88:D2:F3:B0:56:AA:6F:5B:A8:05:61:DF:6D:2B:BB:85:44:B6:06:EB
ValidityWed, 01 Jan 2025 16:11:48 GMT - Tue, 01 Apr 2025 17:08:10 GMT

File type
HTML document, ASCII text, with very long lines (2324), with no line terminators
Size
2.2 kB (2187 bytes)
Hash
da133182dbc39542ce3a99f8c2717af2
5cd6a71db287329f0e79eb758ecc3d980f8a78a6
62e01ddb69984c7d7d4d43f5c3e7835dbe82bcdf00d6468956fd4fb26e115b1e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Mobile Legends

HTTP Headers

GET /verify.php HTTP/1.1
Host: mlbb-shop.event-redeem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 Jan 2025 08:17:52 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=ee99fe1601f58eda65189636b2511218; path=/; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AYKMJFl48BF6FDCBAGHIYl7Utc0jyyTz8bH98IA6bJJcvb1EWB4xDRwTGSROAzxCkARsEtY6gT5k3FCKuqXZ0ksctgHph4n3Z4gES5%2FvVck%2FvSA3UvlIm6NSzKE3LV3GGOd2ZM%2BrjMBptu2JTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fe2838c3cab1c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4782&min_rtt=433&rtt_var=8648&sent=10&recv=14&lost=0&retrans=0&sent_bytes=3998&recv_bytes=1448&delivery_rate=7252086&cwnd=256&unsent_bytes=0&cid=890d3b8342734819&ts=621&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers