Report - rdqzxlk.vk.com/away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%A3%E2%82%AC%E2%80%9A

Report Overview

Visited public
2024-07-28 09:26:03
Tags
URL
rdqzxlk.vk.com/away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%A3%E2%82%AC%E2%80%9A
Finishing URL
about:neterror?e=dnsNotFound&u=https%3A//en.wiki77pedia.org/&c=UTF-8&d=We%20can%E2%80%99t%20connect%20to%20the%20server%20at%20en.wiki77pedia.org.
IP / ASN
87.240.132.72
#47541 VKontakte Ltd
Title
Server Not Found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-27 18:12:19	2.0 kB	5.3 kB	23.33.119.27
vk.com	2243	1997-06-24	2012-05-21 17:01:19	2024-07-27 19:21:24	641 B	1.2 kB	93.186.225.194
lamachado.com.br	unknown	2012-09-12	2016-04-19 19:34:35	2023-11-19 08:25:09	658 B	345 B	191.252.139.170
e6.o.lencr.org	unknown	2020-06-29	2024-06-07 08:35:09	2024-07-27 18:13:30	326 B	727 B	23.33.119.57
microsoft-microsoft-microsoft-microsoft.marzolaservice.com.br	unknown	unknown	No data	No data	667 B	201 B	167.71.38.96
en.wiki77pedia.org	unknown	unknown	No data	No data	475 B	0 B	0.0.0.0
rdqzxlk.vk.com	unknown	unknown	No data	No data	635 B	577 B	93.186.225.194
away.vk.com	92855	1997-06-24	2017-04-11 13:32:47	2024-07-08 13:19:24	856 B	1.2 kB	93.186.225.194
brandequity.economictimes.indiatimes.com	734553	1996-11-22	2015-06-26 16:35:01	2024-04-30 15:36:47	1.4 kB	1.8 kB	96.6.16.163
aus5.mozilla.org	2548	1998-01-24	2015-10-27 08:06:24	2024-07-27 18:13:28	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-28	medium	wiki77pedia.org	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	about:neterror?e=dnsNotFound&u=https%3A//en.wiki77pedia.org/&c=UTF-8&d=We%20can%E2%80%99t%20connect%20to%20the%20server%20at%20en.wiki77pedia.org.	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL about:neterror?e=dnsNotFound&u=https%3A//en.wiki77pedia.org/&c=UTF-8&d=We%20can%E2%80%99t%20connect%20to%20the%20server%20at%20en.wiki77pedia.org. IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 04:53 Times Seen4650779 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (16)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1923cde36555abe065c52a358521a6f5
1cfff065ff7d9706aa7142cc99855769a50f642e
9bdc1a9c47d76dc96134b04996050573491d15a2d8b6be4157791b9d6f0766c9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9BDC1A9C47D76DC96134B04996050573491D15A2D8B6BE4157791B9D6F0766C9"
Last-Modified: Sat, 27 Jul 2024 06:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16220
Expires: Sun, 28 Jul 2024 13:55:57 GMT
Date: Sun, 28 Jul 2024 09:25:37 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b8e31d15afcf09f5bb82859001dd8709
9cbcde3c0dfe955fa6116416d94a7a18746b50c7
552c092e8f81ebcd4575f45f58dbbc32e2813e6e6a988adf173122916658ae47

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "552C092E8F81EBCD4575F45F58DBBC32E2813E6E6A988ADF173122916658AE47"
Last-Modified: Sat, 27 Jul 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16218
Expires: Sun, 28 Jul 2024 13:55:55 GMT
Date: Sun, 28 Jul 2024 09:25:37 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b4e7d529107c1c5044860fb7b56942ca
dceacb49fd49caaa8aaa4e403f2516696467fe24
d5e5dfe382059e479448fbd9adc4d0130f6fa669a454173c6fbc377f23397312

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D5E5DFE382059E479448FBD9ADC4D0130F6FA669A454173C6FBC377F23397312"
Last-Modified: Sat, 27 Jul 2024 06:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2748
Expires: Sun, 28 Jul 2024 10:11:26 GMT
Date: Sun, 28 Jul 2024 09:25:38 GMT
Connection: keep-alive

rdqzxlk.vk.com/away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%A3%E2%82%AC%E2%80%9A

93.186.225.194

0 B

URL
rdqzxlk.vk.com/away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%A3%E2%82%AC%E2%80%9A
IP
93.186.225.194:0
ASN
#47541 VKontakte Ltd

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1
Host: rdqzxlk.vk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: kittenx
date: Sun, 28 Jul 2024 09:25:38 GMT
content-type: text/html; charset=windows-1251
content-length: 0
location: https://vk.com/away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%A3%E2%82%AC%E2%80%9A
x-powered-by: KPHP/7.4.117748
x-frontend: front661502
strict-transport-security: max-age=15768000
access-control-expose-headers: X-Frontend
origin-agent-cluster: ?0
x-trace-id: aHy0JkfBwDYqNq5A1ipH9MME-aSw7A
X-Firefox-Spdy: h2

vk.com/away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%A3%E2%82%AC%E2%80%9A

93.186.225.194

20 B

URL
vk.com/away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%A3%E2%82%AC%E2%80%9A
IP
93.186.225.194:0
ASN
#47541 VKontakte Ltd

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /away.php?to=https://brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%A3%E2%82%AC%E2%80%9A HTTP/1.1
Host: vk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: kittenx
date: Sun, 28 Jul 2024 09:25:38 GMT
content-type: text/html; charset=windows-1251
content-length: 20
location: https://away.vk.com/away.php?rh=bca82b31-3fd7-4610-9e71-490b20f9eb4f
x-powered-by: KPHP/7.4.117748
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly
remixlang=3; expires=Fri, 01 Aug 2025 04:38:22 GMT; path=/; domain=.vk.com
remixstlid=9106035679103874981_GcZb4lU9NIh4HS3eQhS0ApiGyCQqSOxehYVc7MqPLa8; expires=Mon, 28 Jul 2025 09:25:38 GMT; path=/; domain=.vk.com; secure
remixsec_redir=https%3A%2F%2Fbrandequity.economictimes.indiatimes.com%2Fetl.php%3Furl%3Dlamachado.com.br%2Fdayo%2Fmdfte%2FZmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ%3D%3D%24%C3%A3%E2%82%AC%E2%80%9A; path=/; domain=.vk.com
remixua=-1%7C-1%7C331%7C3502452718; expires=Sat, 26 Jul 2025 12:31:39 GMT; path=/; domain=.vk.com; secure
cache-control: no-store
x-frame-options: DENY
content-encoding: gzip
x-frontend: front661502
strict-transport-security: max-age=15768000
access-control-expose-headers: X-Frontend
origin-agent-cluster: ?0
x-trace-id: 76-lAlpGKlhFbq-G4TihFrwEenYg-A
X-Firefox-Spdy: h2

away.vk.com/away.php?rh=bca82b31-3fd7-4610-9e71-490b20f9eb4f

93.186.225.194

439 B

URL
away.vk.com/away.php?rh=bca82b31-3fd7-4610-9e71-490b20f9eb4f
IP
93.186.225.194:0
ASN
#47541 VKontakte Ltd

File type
HTML document, ASCII text, with very long lines (993), with no line terminators
Size
439 B (439 bytes)
Hash
75e38778758f82ebe350c96b05c7c967
148fc3d594d760ceed0a19a70fea2168ffa83910
a0afb45c283bbfb0c79151e0053074ef70128582c54da2f049a3da91ba82a266

HTTP Headers

GET /away.php?rh=bca82b31-3fd7-4610-9e71-490b20f9eb4f HTTP/1.1
Host: away.vk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: remixlang=3; remixstlid=9106035679103874981_GcZb4lU9NIh4HS3eQhS0ApiGyCQqSOxehYVc7MqPLa8; remixsec_redir=https%3A%2F%2Fbrandequity.economictimes.indiatimes.com%2Fetl.php%3Furl%3Dlamachado.com.br%2Fdayo%2Fmdfte%2FZmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ%3D%3D%24%C3%A3%E2%82%AC%E2%80%9A; remixua=-1%7C-1%7C331%7C3502452718
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: kittenx
date: Sun, 28 Jul 2024 09:25:38 GMT
content-type: text/html; charset=windows-1251
content-length: 439
x-powered-by: KPHP/7.4.117748
set-cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly
remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; domain=.vk.com
remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=away.vk.com
remixsec_redir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/
cache-control: no-store
x-frame-options: DENY
content-encoding: gzip
x-frontend: front661502
access-control-expose-headers: X-Frontend
x-trace-id: HQ_nMsmYi6Z9XiDlKwH5DtTTh9t4Bw
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
2bbb9df0effcb09007d949dedb72bf88
c0c6874d2c46c45fd00b07f8dc1af1ab49e533fd
ca29b570412e8165c9d0e49e57e540fcfdf4aacf9cf00dc10ee8b476edeadb8d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CA29B570412E8165C9D0E49E57E540FCFDF4AACF9CF00DC10EE8B476EDEADB8D"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13839
Expires: Sun, 28 Jul 2024 13:16:17 GMT
Date: Sun, 28 Jul 2024 09:25:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0b1ec2ddc6f2bdcb53c4a68f0dadfffa
6e2cca0a8a8c68f778c60628583b1c944c3cc2fc
7d7df3345b5736ccce59d0996a373c2ccc915b51d725a47131936cb170207467

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7D7DF3345B5736CCCE59D0996A373C2CCC915B51D725A47131936CB170207467"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6928
Expires: Sun, 28 Jul 2024 11:21:06 GMT
Date: Sun, 28 Jul 2024 09:25:38 GMT
Connection: keep-alive

brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==%24%D0%93%D0%88%D0%B2%E2%80%9A%C2%AC%D0%B2%D0%82%D1%99

96.6.16.163

0 B

URL
brandequity.economictimes.indiatimes.com/etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==%24%D0%93%D0%88%D0%B2%E2%80%9A%C2%AC%D0%B2%D0%82%D1%99
IP
96.6.16.163:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /etl.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==%24%D0%93%D0%88%D0%B2%E2%80%9A%C2%AC%D0%B2%D0%82%D1%99 HTTP/1.1
Host: brandequity.economictimes.indiatimes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://away.vk.com/
DNT: 1
Connection: keep-alive
Cookie: optout=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: Bhoot
content-type: text/html; charset=UTF-8
content-length: 0
access-control-allow-origin: *
pragma: no-cache
location: ./etlr.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==%24%D0%93%D0%88%D0%B2%E2%80%9A%C2%AC%D0%B2%D0%82%D1%99
x-cool: 22.59
content-language: en
access-control-allow-credentials: true
strict-transport-security: max-age=25920000; includeSubdomains
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: no-cache, no-store, must-revalidate
expires: Sun, 28 Jul 2024 09:25:39 GMT
date: Sun, 28 Jul 2024 09:25:39 GMT
set-cookie: PHPSESSID=a0c300e8ea1939a9e7060658978c3912; expires=Sun, 04-Aug-2024 09:25:39 GMT; Max-Age=604800; path=/; secure; HttpOnly
pmUsr=1722158739; expires=Mon, 28-Jul-2025 10:32:19 GMT; Max-Age=31540000; path=/; secure; HttpOnly; SameSite=None
x-frame-options: sameorigin, SAMEORIGIN
X-Firefox-Spdy: h2

brandequity.economictimes.indiatimes.com/etlr.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==%24%D0%93%D0%88%D0%B2%E2%80%9A%C2%AC%D0%B2%D0%82%D1%99

96.6.16.163

0 B

URL
brandequity.economictimes.indiatimes.com/etlr.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==%24%D0%93%D0%88%D0%B2%E2%80%9A%C2%AC%D0%B2%D0%82%D1%99
IP
96.6.16.163:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /etlr.php?url=lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==%24%D0%93%D0%88%D0%B2%E2%80%9A%C2%AC%D0%B2%D0%82%D1%99 HTTP/1.1
Host: brandequity.economictimes.indiatimes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://away.vk.com/
DNT: 1
Connection: keep-alive
Cookie: optout=1; PHPSESSID=a0c300e8ea1939a9e7060658978c3912; pmUsr=1722158739
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: Bhoot
content-type: text/html; charset=UTF-8
content-length: 0
access-control-allow-origin: *
pragma: no-cache
location: https://lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$ГЈв‚¬вЂљ?utm_source=promotions&utm_medium=email&utm_campaign=
x-cool: 22.59
content-language: en
access-control-allow-credentials: true
strict-transport-security: max-age=25920000; includeSubdomains
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: no-cache, no-store, must-revalidate
expires: Sun, 28 Jul 2024 09:25:39 GMT
date: Sun, 28 Jul 2024 09:25:39 GMT
set-cookie: brandequity_subscription_source=email; expires=Sun, 04-Aug-2024 09:25:39 GMT; Max-Age=604800; path=/
brandequity_pop_user_sub=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
x-frame-options: sameorigin, SAMEORIGIN
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
fe86340c305817b173f7c0f3f59c795b
bae41a5fad9f6cf6e13281eb7d567d6103f292b3
310ca992570f568ed449d579727a026e44e75f4dd6a609897a3fba0bc7cbce57

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "310CA992570F568ED449D579727A026E44E75F4DD6A609897A3FBA0BC7CBCE57"
Last-Modified: Sat, 27 Jul 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15679
Expires: Sun, 28 Jul 2024 13:46:59 GMT
Date: Sun, 28 Jul 2024 09:25:40 GMT
Connection: keep-alive

lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%D0%93%D0%88%D0%B2%E2%80%9A%C2%AC%D0%B2%D0%82%D1%99?utm_source=promotions&utm_medium=email&utm_campaign=

191.252.139.170

0 B

URL
lamachado.com.br/dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%D0%93%D0%88%D0%B2%E2%80%9A%C2%AC%D0%B2%D0%82%D1%99?utm_source=promotions&utm_medium=email&utm_campaign=
IP
191.252.139.170:0
ASN
#27715 Locaweb Servicos de Internet SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dayo/mdfte/Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%D0%93%D0%88%D0%B2%E2%80%9A%C2%AC%D0%B2%D0%82%D1%99?utm_source=promotions&utm_medium=email&utm_campaign= HTTP/1.1
Host: lamachado.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://away.vk.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 28 Jul 2024 09:25:41 GMT
Server: Apache
refresh: 0;url=https://microsoft-microsoft-microsoft-microsoft.marzolaservice.com.br/?offi=Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$ГЈв‚¬вЂљ
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

e6.o.lencr.org/

23.33.119.57

344 B

URL
e6.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
7720eaecac06eae24f5381434f9ff376
571cf30f1d6c1e7d6ec6d165e97b6afec75fdd1b
f1977831d7ed8fef037e41448261b3ecfdd613c2105929500cb9a4aeeaa787b0

HTTP Headers

POST / HTTP/1.1
Host: e6.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "F1977831D7ED8FEF037E41448261B3ECFDD613C2105929500CB9A4AEEAA787B0"
Last-Modified: Sat, 27 Jul 2024 19:04:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5827
Expires: Sun, 28 Jul 2024 11:02:49 GMT
Date: Sun, 28 Jul 2024 09:25:42 GMT
Connection: keep-alive

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2024-09-02-22-40-36.chain; p384ecdsa=0dl6WvdLcXRUGD4ad4bS0Y09EbrvawHsLegQJVQtcTqbJYVjaVtYA2UrwrdCtbpcyfGnSUoCajhFjrZlO-cveF2_92daGZxCdbJDTrrRLlM9HLJbtOWu9GcsBuGbglJV
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Sun, 28 Jul 2024 09:25:19 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 38
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

microsoft-microsoft-microsoft-microsoft.marzolaservice.com.br/?offi=Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%90%C2%93%C3%90%C2%88%C3%90%C2%B2%C3%A2%C2%80%C2%9A%C3%82%C2%AC%C3%90%C2%B2%C3%90%C2%82%C3%91%C2%99

167.71.38.96

302 Found

0 B

URL User Request GET HTTP/2
microsoft-microsoft-microsoft-microsoft.marzolaservice.com.br/?offi=Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%90%C2%93%C3%90%C2%88%C3%90%C2%B2%C3%A2%C2%80%C2%9A%C3%82%C2%AC%C3%90%C2%B2%C3%90%C2%82%C3%91%C2%99
IP
167.71.38.96:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjectmarzolaservice.com.br
Fingerprint88:5F:64:1B:6D:66:51:B7:50:DA:0A:B5:32:D2:7E:07:3D:6D:A9:71
ValidityThu, 25 Jul 2024 05:36:11 GMT - Wed, 23 Oct 2024 05:36:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?offi=Zmxvcmlhbi5yZWlzZXJAcmVpc2VyLXN0LmNvbQ==$%C3%90%C2%93%C3%90%C2%88%C3%90%C2%B2%C3%A2%C2%80%C2%9A%C3%82%C2%AC%C3%90%C2%B2%C3%90%C2%82%C3%91%C2%99 HTTP/1.1
Host: microsoft-microsoft-microsoft-microsoft.marzolaservice.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sun, 28 Jul 2024 09:25:42 GMT
content-type: text/html; charset=utf-8
location: https://en.wiki77pedia.org/
referrer-policy: no-referrer
X-Firefox-Spdy: h2

en.wiki77pedia.org/

0.0.0.0

0 B

URL User Request GET
en.wiki77pedia.org/
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: en.wiki77pedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (16)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN