Report - usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8

Report Overview

URL

usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8
IP

65.109.18.14

ASN

#24940 Hetzner Online GmbH
Submitted

2022-12-15T19:04:08Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

29

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com (1)	75	2013-05-22T04:07:37Z	2023-03-09T05:28:04Z	383	44341	172.217.21.168
fonts.googleapis.com (2)	8877	2013-06-10T22:14:26Z	2023-03-09T06:38:15Z	835	3014	142.250.74.106
pagead2.googlesyndication.com (3)	101	2021-02-20T16:52:05Z	2023-03-09T07:26:06Z	1855	62947	172.217.21.162
www.google-analytics.com (1)	40	2012-10-03T03:04:21Z	2023-03-09T05:50:21Z	370	20685	216.58.207.206
www.googletagservices.com (1)	169	2021-02-14T04:54:38Z	2023-03-09T07:18:23Z	422	48666	142.250.74.2
r3.o.lencr.org (7)	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2366	6206	23.36.76.226
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	333	391	34.117.237.239
adservice.google.com (1)	76	2021-02-20T17:10:48Z	2023-03-09T07:22:42Z	394	779	142.250.74.34
partner.googleadservices.com (1)	798	2012-10-03T03:04:21Z	2023-03-09T05:12:35Z	458	913	216.58.207.194
usaupload.com (29)	285005	2020-04-09T20:14:51Z	2023-03-09T01:14:47Z	15197	991313	65.109.18.14
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	606	127	35.163.49.154
www.gstatic.com (2)	unknown	2016-07-26T11:37:06Z	2023-03-09T06:28:40Z	867	10497	142.250.74.3
googleads.g.doubleclick.net (1)	42	2021-02-20T16:43:32Z	2023-03-09T06:52:56Z	521	5016	142.250.74.130
tpc.googlesyndication.com (2)	126	2020-01-16T09:35:32Z	2023-03-09T06:37:58Z	860	18548	172.217.21.161
ocsp.pki.goog (24)	175	2018-07-01T08:43:07Z	2023-03-09T05:09:50Z	8232	16791	216.58.211.3
fonts.gstatic.com (3)	unknown	2014-09-09T02:40:21Z	2023-03-09T06:38:59Z	1573	93810	142.250.74.35
adservice.google.no (2)	96969	2018-06-20T01:38:38Z	2023-03-09T05:13:18Z	800	2208	142.250.74.66
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-09T05:09:25Z	3245	47389	34.120.237.76
www.google.com (3)	7	2015-05-10T13:11:19Z	2023-03-09T05:48:12Z	1351	1617	142.250.74.164
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	782	2374	35.241.9.150
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	413	5843	34.160.144.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed

HTTP Transactions (94)

URL IP Response Size

usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8

65.109.18.14

301 Moved Permanently

162

URL HTTP/1.1

usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8
IP

65.109.18.14:0
ASN

#24940 Hetzner Online GmbH

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

162
Hash

4f8e702cc244ec5d4de32740c0ecbd97

3adb1f02d5b6054de0046e367c1d687b6cdf7aff

9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 15 Dec 2022 19:03:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

96367f956a4177aec7e7e80221539d58

8dcad10fde96c139d1ef212388cb6755fe3fe077

f4f9bdb5180359dfd734cef1e6f1b54bc9d8f72cae557366eb74f22100b94dc4

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4F9BDB5180359DFD734CEF1E6F1B54BC9D8F72CAE557366EB74F22100B94DC4"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8717
Expires: Thu, 15 Dec 2022 21:29:14 GMT
Date: Thu, 15 Dec 2022 19:03:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

4a5e9bc8b7891ac5f4552c29bcbaedb0

39735081eeb64eae477c61c1147daeb68fb37b22

c465efaf205ff2992af02c16187ca14a658cd5335b892903374f3adab32a8cd9

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C465EFAF205FF2992AF02C16187CA14A658CD5335B892903374F3ADAB32A8CD9"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8576
Expires: Thu, 15 Dec 2022 21:26:53 GMT
Date: Thu, 15 Dec 2022 19:03:57 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

bf0c602d32b3c14606f22a86183b5e3c

6eabd8d83475eba731968abe1a05a8bfd272f160

6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 15 Dec 2022 18:33:55 GMT
content-type: application/json
age: 1802
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

51bd0cc75ed746fd33c950eb12936b7e

4a1007ea6c6e4f5e8b4a7d1f85f7a3e329dc8f50

188d4a0d544f40048dc7476cb4f5e478f1eb49a8ef1d51699fb155d2ae258655

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "188D4A0D544F40048DC7476CB4F5E478F1EB49A8EF1D51699FB155D2AE258655"
Last-Modified: Tue, 13 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6264
Expires: Thu, 15 Dec 2022 20:48:21 GMT
Date: Thu, 15 Dec 2022 19:03:57 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

53341dea33f4f3d9b4966f80589f429a

20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d

651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: Lkj93tmTxHix6SaeMw5rq8G4eCRfIipW3CpsMkgikGFSfvQYkT7WzsOfKciRcvnN8L77ekpWTzc=
x-amz-request-id: WZ903A691J6144SZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 15 Dec 2022 18:51:01 GMT
age: 776
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:03:57 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

usaupload.com/themes/spirit/assets/frontend/css/bootstrap.min.css

65.109.18.14

200 OK

76917

URL HTTP/2

usaupload.com/themes/spirit/assets/frontend/css/bootstrap.min.css
IP

65.109.18.14:0
ASN

#24940 Hetzner Online GmbH

Magic

ASCII text, with very long lines (65324)

Size

76917
Hash

bc48830f50049b0cbbe3dd417755a347

e5cdb6545f9b4bce4eeda78f64a714e2de4d0e09

7d56baeec9679114562cdc56d3f28cb9a43263cada11b1f64809851e7a8b1419

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /themes/spirit/assets/frontend/css/bootstrap.min.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=5v5od7dojn1s87bkj5cqe6pgt3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:03:57 GMT
content-type: text/css
content-length: 76917
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-12c75"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css

65.109.18.14

200 OK

3082

URL HTTP/2

usaupload.com/themes/spirit/assets/frontend/css/stack-interface.css
IP

65.109.18.14:0
ASN

#24940 Hetzner Online GmbH

Magic

Unicode text, UTF-8 text

Size

3082
Hash

6406d626f8bfc1e6815698bfecf9a2f8

a918901be3ab1b9bb4ce9980db521eb4731bb82b

f620d1bf10d3f45a7b19edd4f863090c5dd5031411918508493634c4018e81b7

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /themes/spirit/assets/frontend/css/stack-interface.css HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://usaupload.com/error?e=File+can+not+be+located%2C+please+try+again+later.
Cookie: filehosting=5v5od7dojn1s87bkj5cqe6pgt3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:03:57 GMT
content-type: text/css
content-length: 3082
last-modified: Mon, 28 Sep 2020 14:26:44 GMT
etag: "5f71f2a4-c0a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471

URL HTTP/1.1

ocsp.pki.goog/gts1c3
IP

216.58.211.3:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

0fbe3d80eaa6623da753aece08c3a818

d3c6fe97e3154f00f681647a3c74800008ac2d2f

cab890482eacc4298414a2aa0e41ea5bce399eccd4d5e50c9cdc55c735c83b1e

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (186)

#1 JS:Script (size: 69604)

#2 JS:Script (size: 10309)

#3 JS:Script (size: 10199)

#4 JS:Script (size: 3905)

#5 JS:Script (size: 36629)

#6 JS:Script (size: 9700)

#7 JS:Script (size: 865)

#8 JS:Script (size: 154112)

#9 JS:Script (size: 4434)

#10 JS:Script (size: 815)

#11 JS:Script (size: 832)

#12 JS:Script (size: 13857)

#13 JS:Script (size: 44)

#14 JS:Script (size: 148957)

#15 JS:Script (size: 614)

#16 JS:Script (size: 111597)

#17 JS:Script (size: 9)

#18 JS:Script (size: 2689)

#19 JS:Script (size: 10337)

#20 JS:Script (size: 10634)

#21 JS:Script (size: 50230)

#22 JS:Script (size: 3796)

#23 JS:Script (size: 457)

#24 JS:Script (size: 12763)

#25 JS:Script (size: 155)

#26 JS:Script (size: 156532)

#27 JS:Script (size: 19464)

#28 JS:Script (size: 111905)

#29 JS:Script (size: 47)

#30 JS:Script (size: 3949)

#31 JS:Script (size: 436)

#32 JS:Script (size: 1553)

#33 JS:Script (size: 292)

#34 JS:Script (size: 46)

#35 JS:Script (size: 679)

#36 JS:Script (size: 18)

#37 JS:Script (size: 17693)

#38 JS:Script (size: 10361)

#39 JS:Script (size: 107)

#40 JS:Script (size: 29)

#41 JS:Script (size: 8380)

#42 JS:Script (size: 9492)

#43 JS:Script (size: 91)

#44 JS:Script (size: 457)

#45 JS:Script (size: 8368)

#46 JS:Script (size: 2130)

#47 JS:Script (size: 363610)

#48 JS:Script (size: 19)

#49 JS:Script (size: 18093)

#50 JS:Script (size: 114999)

#51 JS:Script (size: 17314)

#52 JS:Script (size: 20975)

#53 JS:Script (size: 1836)

#54 JS:Script (size: 822)

#55 JS:Script (size: 393)

#56 JS:Script (size: 104361)

#57 JS:Script (size: 202)