Report - vkmonline.com/away?url=//Multi-Net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/

Report Overview

Visited public
2023-10-21 06:28:45
Tags
URL
vkmonline.com/away?url=//Multi-Net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/
Finishing URL
multi-net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/
IP / ASN
64.140.168.10
#18450 WEBNX
Title
404 Not Found

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vkmonline.com	320681	2010-02-05	2012-10-30 23:36:30	2023-10-21 07:31:07	727 B	17 kB	64.140.168.10
multi-net.su	unknown	2020-01-29	2022-06-07 08:09:54	2023-10-19 04:56:21	824 B	977 B	92.118.134.252

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-10-21 06:28:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-10-21 06:28:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-10-21 06:28:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-10-21 06:28:32	medium	Client IP	92.118.134.252	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2023-10-21 06:28:32	medium	Client IP	Internal IP	ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2023-10-21 06:28:33	medium	Client IP	92.118.134.252	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

vkmonline.com/

64.140.168.10

16 kB

URL
vkmonline.com/
IP
64.140.168.10:0
ASN
#18450 WEBNX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Size
16 kB (15922 bytes)
Hash
d1f662d1caab54fadf7b20d7fdde0649
03756ff75efeb95211dc466bb499063586e4d692
0e60d43a600ce43a2f631e1b2800ed9ebeadce36786ea721536cf391f3d9416c

HTTP Headers

GET / HTTP/1.1
Host: vkmonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
X-AspNet-Version: 4.0.30319
Set-Cookie: language=1; expires=Mon, 21-Oct-2024 06:28:25 GMT; path=/
localeCode=en-US; expires=Mon, 21-Oct-2024 06:28:25 GMT; path=/
__RequestVerificationToken=NHtOenb4z693SQ-4nBJa3wFD4m5M8RSEr8o-X5RQPvTFjBb7fr2zVWYzuaLOkEC_gBmURcjKjqqJ9wnNyLzEjFSWHGg1; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 21 Oct 2023 06:28:25 GMT
Content-Length: 15922

vkmonline.com/away?url=//Multi-Net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/

64.140.168.10

302 Found

183 B

URL User Request GET HTTP/1.1
vkmonline.com/away?url=//Multi-Net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/
IP
64.140.168.10:80
ASN
#18450 WEBNX

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
183 B (183 bytes)
Hash
19abf44ad78608169aa3e15e66c717ff
cccfadf9794ef1d84ad49fec58c6fd60f6128058
c9fc5f72dad39c1c1638b9966622d91e482f7524eaa5a688e3db86b64005eae6

HTTP Headers

GET /away?url=//Multi-Net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/ HTTP/1.1
Host: vkmonline.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: //Multi-Net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: language=1; expires=Mon, 21-Oct-2024 06:28:26 GMT; path=/
localeCode=en-US; expires=Mon, 21-Oct-2024 06:28:26 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 21 Oct 2023 06:28:25 GMT
Content-Length: 183

multi-net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/

92.118.134.252

404 Not Found

274 B

URL User Request GET HTTP/1.1
multi-net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/
IP
92.118.134.252:80
ASN
#0

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
274 B (274 bytes)
Hash
3bf9c9dcb97496b78c0ef3076cb1ee20
9545658b55b966e6a343feca13b7479e75774436
4137dd7ffaeb5ee1bbf029898e3f9d0c2b39d6fdc76b88ba94082fc3ae06e5ae

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /user/LottieHoover///Multi-Net.su/user/LottieHoover/ HTTP/1.1
Host: multi-net.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sat, 21 Oct 2023 06:36:54 GMT
Server: Apache/2.4.10 (Debian)
Content-Length: 274
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

multi-net.su/favicon.ico

92.118.134.252

404 Not Found

274 B

URL GET HTTP/1.1
multi-net.su/favicon.ico
IP
92.118.134.252:80
ASN
#0

Requested by
http://multi-net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
274 B (274 bytes)
Hash
3bf9c9dcb97496b78c0ef3076cb1ee20
9545658b55b966e6a343feca13b7479e75774436
4137dd7ffaeb5ee1bbf029898e3f9d0c2b39d6fdc76b88ba94082fc3ae06e5ae

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: multi-net.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://multi-net.su/user/LottieHoover///Multi-Net.su/user/LottieHoover/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Sat, 21 Oct 2023 06:36:54 GMT
Server: Apache/2.4.10 (Debian)
Content-Length: 274
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (4)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers