Report - usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8

Report Overview

URL

usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8
IP

65.109.18.14

ASN

#24940 Hetzner Online GmbH
Submitted

2022-12-15T19:06:05Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

30

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	333	391	34.117.237.239
ocsp.pki.goog (26)	175	2018-07-01T08:43:07Z	2023-03-09T05:09:50Z	8918	18190	142.250.74.131
www.googletagmanager.com (1)	75	2013-05-22T04:07:37Z	2023-03-09T05:28:04Z	383	44343	172.217.21.168
fonts.googleapis.com (2)	8877	2013-06-10T22:14:26Z	2023-03-09T06:38:15Z	835	2305	142.250.74.106
fonts.gstatic.com (2)	unknown	2014-09-09T02:40:21Z	2023-03-09T06:38:59Z	1022	64574	142.250.74.35
adservice.google.com (1)	76	2021-02-20T17:10:48Z	2023-03-09T07:22:42Z	394	779	142.250.74.130
adservice.google.no (2)	96969	2018-06-20T01:38:38Z	2023-03-09T05:13:18Z	800	2208	142.250.74.98
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	782	2374	35.241.9.150
tpc.googlesyndication.com (1)	126	2020-01-16T09:35:32Z	2023-03-09T06:37:58Z	374	7187	172.217.21.161
pagead2.googlesyndication.com (1)	101	2021-02-20T16:52:05Z	2023-03-09T07:26:06Z	454	11780	142.250.74.34
googleads.g.doubleclick.net (1)	42	2021-02-20T16:43:32Z	2023-03-09T06:52:56Z	521	5016	142.250.74.130
www.google.com (1)	7	2015-05-10T13:11:19Z	2023-03-09T05:48:12Z	482	1429	142.250.74.164
img-getpocket.cdn.mozilla.net (5)	1631	2018-06-22T01:36:00Z	2023-03-09T05:09:25Z	2704	41182	34.120.237.76
hal9000.redintelligence.net (1)	29599	2017-01-30T06:07:51Z	2023-03-09T07:01:44Z	2196	4348	78.46.23.46
hal900020.redintelligence.net (4)	223631	2017-01-30T07:56:20Z	2023-03-06T06:26:20Z	6421	6683	178.63.52.121
ajax.googleapis.com (1)	12905	2013-08-16T11:51:31Z	2023-03-09T07:18:27Z	405	33345	216.58.211.10
www.google-analytics.com (2)	40	2012-10-03T03:04:21Z	2023-03-09T05:50:21Z	1247	21317	142.250.74.46
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	606	127	52.38.139.17
r3.o.lencr.org (6)	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	2028	5318	23.36.76.226
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	413	5843	34.160.144.191
ocsp.digicert.com (1)	86	2012-05-21T09:02:23Z	2023-03-09T05:22:46Z	341	797	93.184.220.29
www.gstatic.com (3)	unknown	2016-07-26T11:37:06Z	2023-03-09T06:28:40Z	1346	17565	142.250.74.3
cdn.contentspread.net (1)	46302	2014-09-07T15:58:54Z	2023-03-09T07:01:46Z	427	24732	88.99.69.161
usaupload.com (30)	285005	2020-04-09T20:14:51Z	2023-03-09T01:14:47Z	15748	849318	65.109.18.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed
2022-12-15	medium	usaupload.com	Sinkholed

HTTP Transactions (97)

URL IP Response Size

usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8

65.109.18.14

301 Moved Permanently

162

URL HTTP/1.1

usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8
IP

65.109.18.14:0
ASN

#24940 Hetzner Online GmbH

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

162
Hash

4f8e702cc244ec5d4de32740c0ecbd97

3adb1f02d5b6054de0046e367c1d687b6cdf7aff

9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

                                        GET /5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8 HTTP/1.1
Host: usaupload.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 15 Dec 2022 19:05:54 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://usaupload.com/5zse/ganpower.7z?download_token=65fe119412d00c18caae08b490e743a6526b89bd2d8d95cc659de510fd1e71e8

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

96367f956a4177aec7e7e80221539d58

8dcad10fde96c139d1ef212388cb6755fe3fe077

f4f9bdb5180359dfd734cef1e6f1b54bc9d8f72cae557366eb74f22100b94dc4

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4F9BDB5180359DFD734CEF1E6F1B54BC9D8F72CAE557366EB74F22100B94DC4"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8600
Expires: Thu, 15 Dec 2022 21:29:14 GMT
Date: Thu, 15 Dec 2022 19:05:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

4a5e9bc8b7891ac5f4552c29bcbaedb0

39735081eeb64eae477c61c1147daeb68fb37b22

c465efaf205ff2992af02c16187ca14a658cd5335b892903374f3adab32a8cd9

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C465EFAF205FF2992AF02C16187CA14A658CD5335B892903374F3ADAB32A8CD9"
Last-Modified: Thu, 15 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8459
Expires: Thu, 15 Dec 2022 21:26:53 GMT
Date: Thu, 15 Dec 2022 19:05:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

51bd0cc75ed746fd33c950eb12936b7e

4a1007ea6c6e4f5e8b4a7d1f85f7a3e329dc8f50

188d4a0d544f40048dc7476cb4f5e478f1eb49a8ef1d51699fb155d2ae258655

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "188D4A0D544F40048DC7476CB4F5E478F1EB49A8EF1D51699FB155D2AE258655"
Last-Modified: Tue, 13 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6147
Expires: Thu, 15 Dec 2022 20:48:21 GMT
Date: Thu, 15 Dec 2022 19:05:54 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

bf0c602d32b3c14606f22a86183b5e3c

6eabd8d83475eba731968abe1a05a8bfd272f160

6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 15 Dec 2022 18:33:55 GMT
content-type: application/json
age: 1919
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

53341dea33f4f3d9b4966f80589f429a

20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d

651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: Lkj93tmTxHix6SaeMw5rq8G4eCRfIipW3CpsMkgikGFSfvQYkT7WzsOfKciRcvnN8L77ekpWTzc=
x-amz-request-id: WZ903A691J6144SZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 15 Dec 2022 18:51:01 GMT
age: 893
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 19:05:54 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

usaupload.com/themes/spirit/assets/frontend/css/bootstrap.min.css

65.109.18.14

200 OK

76917

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (199)

#1 JS:Script (size: 2425)

#2 JS:Script (size: 19)

#3 JS:Script (size: 679)

#4 JS:Script (size: 559)

#5 JS:Script (size: 2715)

#6 JS:Script (size: 0)

#7 JS:Script (size: 6006)

#8 JS:Script (size: 3796)

#9 JS:Script (size: 11660)

#10 JS:Script (size: 29)

#11 JS:Script (size: 5052)

#12 JS:Script (size: 18093)

#13 JS:Script (size: 28547)

#14 JS:Script (size: 2689)

#15 JS:Script (size: 292)

#16 JS:Script (size: 17314)

#17 JS:Script (size: 114454)

#18 JS:Script (size: 41610)

#19 JS:Script (size: 9)

#20 JS:Script (size: 9700)

#21 JS:Script (size: 162)

#22 JS:Script (size: 77787)

#23 JS:Script (size: 15140)

#24 JS:Script (size: 111905)

#25 JS:Script (size: 29)

#26 JS:Script (size: 30336)

#27 JS:Script (size: 2130)

#28 JS:Script (size: 337)

#29 JS:Script (size: 46)

#30 JS:Script (size: 6991)

#31 JS:Script (size: 460)

#32 JS:Script (size: 614)

#33 JS:Script (size: 34699)

#34 JS:Script (size: 44)

#35 JS:Script (size: 3949)

#36 JS:Script (size: 4434)

#37 JS:Script (size: 8368)

#38 JS:Script (size: 1246)

#39 JS:Script (size: 22836)

#40 JS:Script (size: 1836)

#41 JS:Script (size: 363691)

#42 JS:Script (size: 156532)

#43 JS:Script (size: 8380)

#44 JS:Script (size: 13993)

#45 JS:Script (size: 107)

#46 JS:Script (size: 4009)

#47 JS:Script (size: 460)

#48 JS:Script (size: 12763)

#49 JS:Script (size: 1553)

#50 JS:Script (size: 36629)

#51 JS:Script (size: 91556)

#52 JS:Script (size: 147975)

#53 JS:Script (size: 28)

#54 JS:Script (size: 19464)

#55 JS:Script (size: 50230)

#56 JS:Script (size: 154112)

#57 JS:Script (size: 17693)