Report - s4.sendfile.su/download/1336179/u3R8rzxT7KuOz5zOegycQkkC5PgoGxBAPlyE5xBs/

Report Overview

Submitted URL
s4.sendfile.su/download/1336179/u3R8rzxT7KuOz5zOegycQkkC5PgoGxBAPlyE5xBs/
IP
5.196.71.37
ASN
#16276 OVH SAS
Submitted
2024-05-10 20:41:50
Access
public
Website Title
sendfile.su :: Бесплатный сервис размещения файлов
Final URL
sendfile.su/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
34
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s4.sendfile.su	unknown	2009-04-16	2016-10-26	2023-03-22	828 B	373 B	5.196.71.37
sendfile.su	255968	unknown	2015-01-18	2024-03-23	715 B	4.8 kB	93.185.165.72
s.sendfile.su	unknown	2009-04-16	2017-02-12	2024-02-26	4.5 kB	73 kB	93.185.165.72
mtrcss.com	296817	unknown	2015-05-13	2024-03-16	311 B	340 B	103.224.212.214
ww25.mtrcss.com	unknown	unknown	2023-12-26	2024-03-23	360 B	1.9 kB	199.59.243.225
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-09	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-10 20:41:26	medium	Client IP	5.196.71.37	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	5.196.71.37	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	5.196.71.37	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	5.196.71.37	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:26	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2024-05-10 20:41:27	medium	Client IP	93.185.165.72	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	s.sendfile.su/jquery.cookie-min.js	732 B	2023-03-07	2024-06-03
Pretty URL s.sendfile.su/jquery.cookie-min.js IP 93.185.165.72 ASN #201670 S.c. Infotech-Grup S.r.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:22:05 Last Seen2024-06-03 11:41:06 Times Seen902 Hash ce56bb0d2daafc993b2866ccc1af86fc fe46733587f81da245f6b3e16d6bbbd8a1cb2fea 874d19eae19d9f20a884d976ccca6092c91da6ee8c71d8be1c5c893acbad9159 Loading...

	sendfile.su/	0 B	2023-03-07	2024-06-03
Pretty URL sendfile.su/ IP 93.185.165.72 ASN #201670 S.c. Infotech-Grup S.r.l. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-06-03 22:00:28 Times Seen38911126 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	sendfile.su/	0 B	2023-03-07	2024-06-03
Pretty URL sendfile.su/ IP 93.185.165.72 ASN #201670 S.c. Infotech-Grup S.r.l. Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-06-03 22:00:28 Times Seen38911126 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	s.sendfile.su/jquery.js	57 kB	2023-03-07	2024-06-02
Pretty URL s.sendfile.su/jquery.js IP 93.185.165.72 ASN #201670 S.c. Infotech-Grup S.r.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:03 Last Seen2024-06-02 23:12:44 Times Seen4986 Hash bb381e2d19d8eace86b34d20759491a5 3dc9f7c2642efff4482e68c9d9df874bf98f5bcb c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899 Loading...

	unknown	29 B	2024-05-10	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 22:41:51 Last Seen2024-05-10 22:41:51 Times Seen1 Hash 725c812c541a1e9423a05c0f986b3a30 0a123ffd748573faff03d1298d438eafb43e7ffc 5fbbe195aa180fbdc11318896b9b1aa0d776dc4206434efce46e4f5e6b088892 Loading...

		Size	First Seen	Last Seen
	#1 Write - 5397750d2c973f2c5203a067cfad838e	227 B	2024-05-10	2024-05-10
Pretty Observations First Seen2024-05-10 22:41:51 Last Seen2024-05-10 22:41:51 Times Seen1 Hash 5397750d2c973f2c5203a067cfad838e 0028e4d97ffcff77c011b20cc172e6f84992a209 3e9c512408dffed715f4d1b89d545d9ba566e3a2cbc6d74af2a3bafafb42b415 Loading...

HTTP Transactions (20)

URL IP Response Size

s4.sendfile.su/download/1336179/u3R8rzxT7KuOz5zOegycQkkC5PgoGxBAPlyE5xBs/

5.196.71.37

302 Found

0 B

URL User Request GET HTTP/1.1
s4.sendfile.su/download/1336179/u3R8rzxT7KuOz5zOegycQkkC5PgoGxBAPlyE5xBs/
IP
5.196.71.37:80
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /download/1336179/u3R8rzxT7KuOz5zOegycQkkC5PgoGxBAPlyE5xBs/ HTTP/1.1
Host: s4.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: /

s4.sendfile.su/

5.196.71.37

2 B

URL User Request GET
s4.sendfile.su/
IP
5.196.71.37:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
2 B (2 bytes)
Hash
d784fa8b6d98d27699781bd9a7cf19f0
dd122581c8cd44d0227f9c305581ffcb4b6f1b46
e16f1596201850fd4a63680b27f603cb64e67176159be3d8ed78a4403fdb1700

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET / HTTP/1.1
Host: s4.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://sendfile.su

sendfile.su/

93.185.165.72

4.1 kB

URL User Request GET
sendfile.su/
IP
93.185.165.72:0
ASN
#201670 S.c. Infotech-Grup S.r.l.

File type
HTML document, Unicode text, UTF-8 text, with very long lines (582)
Size
4.1 kB (4134 bytes)
Hash
5869384bf6ebf770142747fcbdfac823
e1d5b7c8caf58b57d0f9f608832b7a84f80604ee
4ce5472925defa6a3db7760295904048ba5c576bfb0651553ee00042938eb545

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET / HTTP/1.1
Host: sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

s.sendfile.su/jquery.cookie-min.js

93.185.165.72

200 OK

732 B

URL GET HTTP/1.1
s.sendfile.su/jquery.cookie-min.js
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
JavaScript source, ASCII text, with very long lines (732), with no line terminators
Size
732 B (732 bytes)
Hash
ce56bb0d2daafc993b2866ccc1af86fc
fe46733587f81da245f6b3e16d6bbbd8a1cb2fea
874d19eae19d9f20a884d976ccca6092c91da6ee8c71d8be1c5c893acbad9159

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /jquery.cookie-min.js HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: application/javascript
Content-Length: 732
Last-Modified: Wed, 28 Feb 2024 22:43:40 GMT
Connection: keep-alive
ETag: "65dfb71c-2dc"
Expires: Sun, 09 Jun 2024 20:41:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

s.sendfile.su/default.css

93.185.165.72

200 OK

1.5 kB

URL GET HTTP/1.1
s.sendfile.su/default.css
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
ASCII text, with CRLF line terminators
Size
1.5 kB (1456 bytes)
Hash
5882b0ccc1486f6c3948472e3cf08014
8f9f2bed08e9969ab506bd10fe923a6c8c1e52f4
e019743d52267c6c79ef9bb640e84a50948aae1c340a9b2f90d06032f007ad4d

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /default.css HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: text/css
Last-Modified: Wed, 28 Feb 2024 22:43:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65dfb71c-1656"
Expires: Sun, 09 Jun 2024 20:41:26 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip

s.sendfile.su/jquery.js

93.185.165.72

200 OK

57 kB

URL GET HTTP/1.1
s.sendfile.su/jquery.js
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
JavaScript source, ASCII text, with very long lines (39660)
Size
57 kB (57254 bytes)
Hash
bb381e2d19d8eace86b34d20759491a5
3dc9f7c2642efff4482e68c9d9df874bf98f5bcb
c8370a2d050359e9d505acc411e6f457a49b21360a21e6cbc9229bad3a767899

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /jquery.js HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:26 GMT
Content-Type: application/javascript
Content-Length: 57254
Last-Modified: Wed, 28 Feb 2024 22:43:40 GMT
Connection: keep-alive
ETag: "65dfb71c-dfa6"
Expires: Sun, 09 Jun 2024 20:41:26 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

s.sendfile.su/images/add.png

93.185.165.72

200 OK

733 B

URL GET HTTP/1.1
s.sendfile.su/images/add.png
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
733 B (733 bytes)
Hash
1988c3cc1384a3ac9b9a4129183248f3
b6244b0027a8c9f702b311cb5b2ab8cc64f3b5f2
c06a52df3361df380a02a45159a0858d6f7cd8cbc3f71ff732a65d6c25ea6af6

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /images/add.png HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/png
Content-Length: 733
Last-Modified: Wed, 28 Feb 2024 22:43:48 GMT
Connection: keep-alive
ETag: "65dfb724-2dd"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

mtrcss.com/g/4683689575

103.224.212.214

302 Found

2 B

URL GET HTTP/1.1
mtrcss.com/g/4683689575
IP
103.224.212.214:80
ASN
#133618 Trellian Pty. Limited

Requested by
http://sendfile.su/

File type
ASCII text
Size
2 B (2 bytes)
Hash
e1c06d85ae7b8b032bef47e42e4c08f9
71853c6197a6a7f222db0f1978c7cb232b87c5ee
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

HTTP Headers

GET /g/4683689575 HTTP/1.1
Host: mtrcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
date: Fri, 10 May 2024 20:41:27 GMT
server: Apache
set-cookie: __tad=1715373687.3806016; expires=Mon, 08-May-2034 20:41:27 GMT; Max-Age=315360000
location: http://ww25.mtrcss.com/g/4683689575?subid1=20240511-0641-276b-8416-7e2c8a618329
content-length: 2
content-type: text/html; charset=UTF-8
connection: close

s.sendfile.su/images/img01.jpg

93.185.165.72

200 OK

752 B

URL GET HTTP/1.1
s.sendfile.su/images/img01.jpg
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 10x268, components 3
Size
752 B (752 bytes)
Hash
bfde2210d6b6f7b518d124fa184d7f3a
f363c126a34c56da8614cb84470e63244fdf4dd1
5a0541ad0b2704b2e47dc862100238f98b0b4361c093a23b46d6c7e49c5259e3

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /images/img01.jpg HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/jpeg
Content-Length: 752
Last-Modified: Wed, 28 Feb 2024 22:43:50 GMT
Connection: keep-alive
ETag: "65dfb726-2f0"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

s.sendfile.su/images/img14.gif

93.185.165.72

200 OK

155 B

URL GET HTTP/1.1
s.sendfile.su/images/img14.gif
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
GIF image data, version 89a, 1 x 29
Size
155 B (155 bytes)
Hash
2fd150872e42b089ce2092b345ac3e7d
9b9e885b61864924da9215f72ff2b9612021371d
da1baecc95db6201d56a1bc69ea4bbbea1bb20f5270999fff3be36d15614aee0

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /images/img14.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 155
Last-Modified: Wed, 28 Feb 2024 22:43:51 GMT
Connection: keep-alive
ETag: "65dfb727-9b"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

s.sendfile.su/images/img13.gif

93.185.165.72

200 OK

155 B

URL GET HTTP/1.1
s.sendfile.su/images/img13.gif
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
GIF image data, version 89a, 1 x 29
Size
155 B (155 bytes)
Hash
2a259309aaae19dadb1d0161aea236a4
7f1161a18d6ef466d32b1183c444a2b41e4bf550
187e1962363a1a514ce354557b82255cf718b4cb05ed258672e5239cf24fd17b

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /images/img13.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 155
Last-Modified: Wed, 28 Feb 2024 22:43:51 GMT
Connection: keep-alive
ETag: "65dfb727-9b"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

s.sendfile.su/images/img10.gif

93.185.165.72

200 OK

1.3 kB

URL GET HTTP/1.1
s.sendfile.su/images/img10.gif
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
GIF image data, version 89a, 301 x 50
Size
1.3 kB (1344 bytes)
Hash
48c9ad5a2d369bcb9d4c4507eab42a14
3a67685f8f4778c3d2bec4eb17be3c7d0e139460
25ed11f28000d1b33ee2893cfa190062281cf5301f4953a592a2dc6e5b5d89de

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /images/img10.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 1344
Last-Modified: Wed, 28 Feb 2024 22:43:50 GMT
Connection: keep-alive
ETag: "65dfb726-540"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

s.sendfile.su/images/img09.gif

93.185.165.72

200 OK

1.8 kB

URL GET HTTP/1.1
s.sendfile.su/images/img09.gif
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
GIF image data, version 89a, 301 x 65
Size
1.8 kB (1808 bytes)
Hash
62bd4f25ebb9c48aef8b0704e33966b0
9aac9d5e4590295e6092bdd2ec3b6595190ae9e5
4822c9f6294a9614a51a693f1551e9e8ac9f8f24a5b530e8a7ae65c1b8d3bde6

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /images/img09.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 1808
Last-Modified: Wed, 28 Feb 2024 22:43:49 GMT
Connection: keep-alive
ETag: "65dfb725-710"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

s.sendfile.su/images/img08.gif

93.185.165.72

200 OK

297 B

URL GET HTTP/1.1
s.sendfile.su/images/img08.gif
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
GIF image data, version 89a, 1 x 110
Size
297 B (297 bytes)
Hash
f26942510a1afbb837742412c852eaf5
f9d1be258775362debbe5e981efa5d4ad362c2bd
e64729ee3ef6868a1b9843fba605a5a489e6e884790707854cf3fd6b9636c0f2

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /images/img08.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 297
Last-Modified: Wed, 28 Feb 2024 22:43:49 GMT
Connection: keep-alive
ETag: "65dfb725-129"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

s.sendfile.su/images/img12.gif

93.185.165.72

200 OK

970 B

URL GET HTTP/1.1
s.sendfile.su/images/img12.gif
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
GIF image data, version 89a, 14 x 11
Size
970 B (970 bytes)
Hash
a980c0ab5439743428080f721a172b5b
ef838f77473c0fd419bb6a076da3d8783cc8ca55
4c15818e0d977dc74015a2442cd39032c60482bb24317750b1031ae1c7c543fb

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /images/img12.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 970
Last-Modified: Wed, 28 Feb 2024 22:43:49 GMT
Connection: keep-alive
ETag: "65dfb725-3ca"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

s.sendfile.su/images/img04.jpg

93.185.165.72

200 OK

3.3 kB

URL GET HTTP/1.1
s.sendfile.su/images/img04.jpg
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 152x30, components 3
Size
3.3 kB (3287 bytes)
Hash
7914eeda50fa6eb0d1b77daba1c2cd97
c216826d3d5afa6d1831d59d8b6077ea792910a5
1ac27ee83c92e878aa1df191fd976ef8d438c2a242d896f1459c34a74c3a2fce

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /images/img04.jpg HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/jpeg
Content-Length: 3287
Last-Modified: Wed, 28 Feb 2024 22:43:52 GMT
Connection: keep-alive
ETag: "65dfb728-cd7"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

s.sendfile.su/images/img11.gif

93.185.165.72

200 OK

289 B

URL GET HTTP/1.1
s.sendfile.su/images/img11.gif
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
GIF image data, version 89a, 7 x 12
Size
289 B (289 bytes)
Hash
3c0608c7691614f82b54185089f09853
75b2237ded1ef08ccb3dae823bea32f24cef317c
9dbdba0353530c96824908398e99a84cf3f24c51ae998cc61472a9572b3facc5

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /images/img11.gif HTTP/1.1
Host: s.sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://s.sendfile.su/default.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/gif
Content-Length: 289
Last-Modified: Wed, 28 Feb 2024 22:43:51 GMT
Connection: keep-alive
ETag: "65dfb727-121"
Expires: Sun, 09 Jun 2024 20:41:27 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

ww25.mtrcss.com/g/4683689575?subid1=20240511-0641-276b-8416-7e2c8a618329

199.59.243.225

200 OK

1.2 kB

URL GET HTTP/1.1
ww25.mtrcss.com/g/4683689575?subid1=20240511-0641-276b-8416-7e2c8a618329
IP
199.59.243.225:80
ASN
#16509 AMAZON-02

Requested by
http://sendfile.su/

File type
HTML document, ASCII text, with very long lines (494)
Size
1.2 kB (1226 bytes)
Hash
7d6b9f92bb171abaf811ff665f3b700c
3eb1080a85b554ecac28064e2e38977d579d42c9
0af876038a4801757cbeaf0edbfce9a8758f899c63bbf76fa3e01399f55d2c8b

HTTP Headers

GET /g/4683689575?subid1=20240511-0641-276b-8416-7e2c8a618329 HTTP/1.1
Host: ww25.mtrcss.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://sendfile.su/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
date: Fri, 10 May 2024 20:41:27 GMT
content-type: text/html; charset=utf-8
content-length: 1226
x-request-id: c4069a87-6b28-410f-afcb-ac8fa1232782
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_AO2zyMnUyf7bkYAvGLKJMShlt50iyZc6Y6ZGAVYTncu2uKHB7KR/2M8Fmzo9D9Je6BUh7hmevb+2YojX3CSfRg==
set-cookie: parking_session=c4069a87-6b28-410f-afcb-ac8fa1232782; expires=Fri, 10 May 2024 20:56:27 GMT; path=/

sendfile.su/favicon.ico

93.185.165.72

200 OK

198 B

URL GET HTTP/1.1
sendfile.su/favicon.ico
IP
93.185.165.72:80
ASN
#201670 S.c. Infotech-Grup S.r.l.

Requested by
http://sendfile.su/

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors
Size
198 B (198 bytes)
Hash
c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b

Detections

NIDS	Severity	Alert
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
suricata	medium	ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: sendfile.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://sendfile.su/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 10 May 2024 20:41:27 GMT
Content-Type: image/x-icon
Content-Length: 198
Last-Modified: Wed, 28 Feb 2024 22:43:36 GMT
Connection: keep-alive
ETag: "65dfb718-c6"
Accept-Ranges: bytes

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-29-17-33-45.chain; p384ecdsa=UM3y0rfeIknWUOsCU-7mLqkow8UzpS0x6qgeKP2AF06sfSMbJBieCjoxff40v8j-eAVnNJwNuNe-FZBOX_5WQ08LWj1m8fxfTm_TT03M26aY5tdzzH5sduSKr1fG7TyD
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Fri, 10 May 2024 20:41:03 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 42
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (20)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN