Report - megaup.net/3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar

Report Overview

URL

megaup.net/3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar
IP

91.209.70.182

ASN

#43317 FNK LLC
Submitted

2023-05-05T17:52:59Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

24
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
kultingecauyuksehinkitw.info (11)	unknown	2023-04-27 23:05:28	2023-04-27 23:05:28	8317	26461	54.230.111.38
mp.4dex.io (1)	2629	2019-01-03 14:51:11	2023-05-05 13:30:17	453	456	104.18.2.114
prebid.a-mo.net (2)	1148	2020-07-14 19:45:55	2023-05-05 06:37:24	1000	517	147.75.84.158
6.adsco.re (1)	17812	2018-01-15 05:15:29	2023-05-05 11:56:07	403	433	104.17.166.186
engine.4dsply.com (1)	20491	2012-06-01 18:25:03	2023-05-05 13:30:17	767	3028	104.16.158.17
static.a-ads.com (1)	34827	2013-06-01 18:47:05	2023-05-05 13:30:15	452	61119	78.46.33.196
altowriestwispy.com (1)	951913	2021-02-24 11:44:10	2023-05-05 13:30:14	401	1506	172.255.6.153
s3t3d2y8.afcdn.net (1)	unknown	2022-08-09 00:22:56	2023-05-05 06:47:13	463	9922	185.76.9.19
cdn.engine.4dsply.com (1)	21418	2012-07-08 02:42:48	2023-05-05 13:30:15	451	74757	104.16.158.17
hb-api.omnitagjs.com (1)	4152	2017-06-26 17:14:21	2023-05-05 13:30:17	774	889	185.255.84.151
nativiser-prebid.smart-hub.io (1)	unknown	2022-12-14 13:53:24	2023-05-05 13:30:17	471	0	0.0.0.0
prebid-eu.creativecdn.com (1)	5570	2018-01-27 13:14:32	2023-05-05 13:30:17	481	251	185.184.8.90
dmmzkfd82wayn.cloudfront.net (7)	unknown	2021-03-18 18:00:47	2023-05-05 13:30:14	4163	194043	54.230.245.58
4.adsco.re (1)	19179	2021-01-04 17:47:52	2023-05-05 11:56:07	389	426	162.252.214.5
c.adsco.re (3)	16577	2017-11-29 19:42:15	2023-05-05 11:56:06	1441	138048	104.17.166.186
xml.serve-servee.com (2)	unknown	2022-06-18 09:06:23	2023-05-05 02:29:15	896	14568	172.64.131.18
a.exdynsrv.com (1)	40663	2019-05-21 07:34:42	2023-05-05 13:30:15	394	88751	205.185.216.42
platform.bidgear.com (2)	30367	2016-07-27 13:51:48	2023-05-05 13:30:14	881	4728	172.67.74.36
theharityhild.buzz (4)	unknown	2022-10-20 09:00:21	2023-05-05 13:30:14	1902	525	54.162.51.18
accounts.google.com (6)	81	2016-03-20 13:44:49	2023-05-05 07:11:19	3656	10752	142.250.74.109
api.purpleads.io (6)	146037	2020-02-18 07:59:38	2023-05-05 13:30:15	4556	5165	3.228.155.150
static.serve-servee.com (2)	unknown	2022-06-18 05:19:30	2023-05-05 02:29:15	901	14780	172.64.131.18
pogothere.xyz (8)	unknown	2022-09-04 21:11:25	2023-05-05 12:55:11	3264	416496	172.64.199.35
ad.a-ads.com (1)	26970	2013-04-19 23:54:57	2023-05-05 13:30:15	511	12794	78.46.33.196
workhovdiminatedi.info (8)	unknown	2023-04-27 10:35:04	2023-05-05 19:16:00	4402	4800	188.114.97.1
megaup.net (55)	179052	2017-09-01 20:45:15	2023-05-05 06:34:02	29974	1722866	91.209.70.182
keydawnawe.com (1)	586690	2020-10-08 16:33:32	2023-05-05 13:30:14	396	1507	172.255.6.95
imp9.bidgear.com (1)	34078	2021-03-15 12:09:09	2023-05-05 02:29:11	509	1115	172.67.74.36
syndication.exdynsrv.com (2)	34243	2016-04-20 20:35:15	2023-05-05 07:50:31	1304	2255	95.211.229.247
cdn.prplads.com (2)	unknown	2023-02-20 12:56:34	2023-05-05 13:30:16	974	123462	104.26.2.51
cdn.purpleads.io (1)	185817	2020-02-18 07:59:36	2023-05-05 13:30:15	564	75615	143.204.55.67
www.facebook.com (1)	99	2012-05-21 02:23:41	2021-02-04 00:31:35	473	2297	31.13.72.36
www.googletagmanager.com (1)	75	2013-05-22 04:07:37	2023-05-05 08:15:40	413	46521	142.250.74.168
parrecleftne.xyz (1)	unknown	2022-12-18 10:40:16	2023-05-05 13:30:15	449	737	54.230.111.9
script.4dex.io (2)	2135	2018-07-23 12:04:27	2023-05-05 13:30:17	804	25204	172.67.75.241

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-05-05T17:52:56Z	high	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	high	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	high	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	high	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	high	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	high	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2023-05-05T17:52:56Z	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (141)

	URL	IP	Response	Size
	megaup.net/3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar	91.209.70.182	301 Moved Permanently	162
Search urlquery URL megaup.net/3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar DOMAIN megaup.net FQDN megaup.net IP 91.209.70.182 Hash 4f8e702cc244ec5d4de32740c0ecbd97 External sources Mnemonic PDNS FQDN megaup.net DOMAIN megaup.net IP 91.209.70.182 VirusTotal HASH 3adb1f02d5b6054de0046e367c1d687b6cdf7aff FQDN megaup.net DOMAIN megaup.net IP 91.209.70.182 crt.sh FQDN megaup.net DOMAIN megaup.net URL User Request GET HTTP/1.1 megaup.net/3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar IP 91.209.70.182:80 ASN #43317 FNK LLC Magic HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Size 162 Hash 4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a HTTP Headers `GET /3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar HTTP/1.1 Host: megaup.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 301 Moved Permanently Server: nginx Date: Fri, 05 May 2023 17:52:39 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive Location: https://megaup.net/3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin X-Download-Options: noopen`

	dmmzkfd82wayn.cloudfront.net/?kzmmd=761186	54.230.245.58	200 OK	188764
Search urlquery URL dmmzkfd82wayn.cloudfront.net/?kzmmd=761186 DOMAIN dmmzkfd82wayn.cloudfront.net FQDN dmmzkfd82wayn.cloudfront.net IP 54.230.245.58 Hash e35adbbf9dd9ba898389b4a7ed26b5cd External sources Mnemonic PDNS FQDN dmmzkfd82wayn.cloudfront.net DOMAIN dmmzkfd82wayn.cloudfront.net IP 54.230.245.58 VirusTotal HASH 05d4abbd8e97aa87b78e10d5ad13ca0b374c311d FQDN dmmzkfd82wayn.cloudfront.net DOMAIN dmmzkfd82wayn.cloudfront.net IP 54.230.245.58 crt.sh FQDN dmmzkfd82wayn.cloudfront.net DOMAIN dmmzkfd82wayn.cloudfront.net Fingerprint BA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB URL GET HTTP/2 dmmzkfd82wayn.cloudfront.net/?kzmmd=761186 IP 54.230.245.58:443 ASN #16509 AMAZON-02 Requested by https://megaup.net/3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar Certificate IssuerAmazon Subject.cloudfront.net FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT Magic Unicode text, UTF-8 text, with very long lines (15948) Size 188764 Hash e35adbbf9dd9ba898389b4a7ed26b5cd 05d4abbd8e97aa87b78e10d5ad13ca0b374c311d 1dc469d507fbaaf1052e28f2618ac6e22f09e89f357db15cc8ab7d03b5355296 HTTP Headers `GET /?kzmmd=761186 HTTP/1.1 Host: dmmzkfd82wayn.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://megaup.net/ Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-length: 188764 date: Fri, 05 May 2023 17:50:51 GMT access-control-allow-origin: * cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform content-encoding: gzip pragma: no-cache x-cache: Hit from cloudfront via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: n-XKK6FgBNh3GZfOLp4u2kvz2aprETLoUzJaUbJQliHQkU45s4kktQ== age: 108 X-Firefox-Spdy: h2`

	megaup.net/themes/flow/images/main_logo_inverted.png	91.209.70.182	200 OK	7137
Search urlquery URL megaup.net/themes/flow/images/main_logo_inverted.png DOMAIN megaup.net FQDN megaup.net IP 91.209.70.182 Hash 5d15526be10b904a6b48d1af04a10cc3 External sources Mnemonic PDNS FQDN megaup.net DOMAIN megaup.net IP 91.209.70.182 VirusTotal HASH c09b6874359ac6d71db95593618a9acb55baa984 FQDN megaup.net DOMAIN megaup.net IP 91.209.70.182 crt.sh FQDN megaup.net DOMAIN megaup.net Fingerprint EE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A URL GET HTTP/2 megaup.net/themes/flow/images/main_logo_inverted.png IP 91.209.70.182:443 ASN #43317 FNK LLC Requested by https://megaup.net/3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar Certificate IssuerSectigo Limited Subject.megaup.net FingerprintEE:EF:A3:6B:57:FF:78:CA:ED:05:12:5B:C3:7F:36:53:C6:F9:53:2A ValiditySat, 17 Sep 2022 00:00:00 GMT - Wed, 18 Oct 2023 23:59:59 GMT Magic PNG image data, 203 x 40, 8-bit/color RGBA, non-interlaced\012- data Size 7137 Hash 5d15526be10b904a6b48d1af04a10cc3 c09b6874359ac6d71db95593618a9acb55baa984 894d25472e0f890edf235e8f66fbeda7ea75043632924ecb82691d76bd7db018 HTTP Headers GET /themes/flow/images/main_logo_inverted.png HTTP/1.1 Host: megaup.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://megaup.net/3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar Connection: keep-alive Cookie: filehosting=6mh6q8e5vn865sg7s2jg760ga3 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Fri, 05 May 2023 17:52:39 GMT content-type: image/png content-length: 7137 last-modified: Tue, 13 Apr 2021 12:31:48 GMT vary: Accept-Encoding etag: "60758f34-1be1" x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: no-referrer, strict-origin-when-cross-origin x-download-options: noopen accept-ranges: bytes X-Firefox-Spdy: h2`

	www.googletagmanager.com/gtag/js?id=UA-108868042-1	142.250.74.168	200 OK	45874
Search urlquery URL www.googletagmanager.com/gtag/js?id=UA-108868042-1 DOMAIN googletagmanager.com FQDN www.googletagmanager.com IP 142.250.74.168 Hash 913b5b968d66d66ac07ed7323928f5af External sources Mnemonic PDNS FQDN www.googletagmanager.com DOMAIN googletagmanager.com IP 142.250.74.168 VirusTotal HASH 576292db3bbf6513b5ec386eb53ead789dd37178 FQDN www.googletagmanager.com DOMAIN googletagmanager.com IP 142.250.74.168 crt.sh FQDN www.googletagmanager.com DOMAIN googletagmanager.com Fingerprint 07:22:19:79:30:9E:4C:35:4E:21:BD:55:7D:44:2F:A9:71:9E:4C:AA URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=UA-108868042-1 IP 142.250.74.168:443 ASN #15169 GOOGLE Requested by https://megaup.net/3fujo/DEMSLAY-KNY-THC-(USA)-NSwTcH-NSP-Update153-Ziperto.rar Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com Fingerprint07:22:19:79:30:9E:4C:35:4E:21:BD:55:7D:44:2F:A9:71:9E:4C:AA ValidityMon, 03 Apr 2023 08:16:11 GMT - Mon, 26 Jun 2023 08:16:10 GMT Magic ASCII text, with very long lines (2271) Size 45874 Hash 913b5b968d66d66ac07ed7323928f5af 576292db3bbf6513b5ec386eb53ead789dd37178 a21e34a1498fc50ebd80cf8549dce88d612e8888301d0c7bad497b050bf3e177 HTTP Headers `GET /gtag/js?id=UA-108868042-1 HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://megaup.net/ Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Fri, 05 May 2023 17:52:39 GMT expires: Fri, 05 May 2023 17:52:39 GMT cache-control: private, max-age=900 last-modified: Fri, 05 May 2023 15:00:00 GMT strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 45874 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	megaup.net/themes/flow/images/loading_small.gif	91.209.70.182	200 OK	184355
Search urlquery URL megaup.net/themes/flow/images/loading_small.gif DOMAIN megaup.net FQDN megaup.net IP 91.209.70.182 Hash b0dd5b3af9c4c0644d7bddee83716209 External sources Mnemonic PDNS FQDN megaup.net DOMAIN megaup.net IP 91.209.70.182 VirusTotal HASH 30002468d0266b893b3559b8d0d260c6cbf0ad7c

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (207)

#1 JS:Script (size: 2031)

#2 JS:Script (size: 971)

#3 JS:Script (size: 7391)

#4 JS:Script (size: 147)

#5 JS:Script (size: 8063)

#6 JS:Script (size: 58837)

#7 JS:Script (size: 2433)

#8 JS:Script (size: 29110)

#9 JS:Script (size: 6707)

#10 JS:Script (size: 815)

#11 JS:Script (size: 490)

#12 JS:Script (size: 1644)

#13 JS:Script (size: 148)

#14 JS:Script (size: 1821)

#15 JS:Script (size: 483)

#16 JS:Script (size: 117904)

#17 JS:Script (size: 3417)

#18 JS:Script (size: 79595)

#19 JS:Script (size: 435844)

#20 JS:Script (size: 614934)

#21 JS:Script (size: 4691)

#22 JS:Script (size: 8854)

#23 JS:Script (size: 1032)

#24 JS:Script (size: 15314)

#25 JS:Script (size: 25)

#26 JS:Script (size: 25)

#27 JS:Script (size: 9255)

#28 JS:Script (size: 5447)

#29 JS:Script (size: 5423)

#30 JS:Script (size: 63744)

#31 JS:Script (size: 2546)

#32 JS:Script (size: 4249)

#33 JS:Script (size: 69604)

#34 JS:Script (size: 595)

#35 JS:Script (size: 96381)

#36 JS:Script (size: 334516)

#37 JS:Script (size: 6)

#38 JS:Script (size: 17848)

#39 JS:Script (size: 197554)

#40 JS:Script (size: 306)

#41 JS:Script (size: 1478)

#42 JS:Script (size: 16045)

#43 JS:Script (size: 85185)

#44 JS:Script (size: 1326)

#45 JS:Script (size: 2204)

#46 JS:Script (size: 2969)

#47 JS:Script (size: 88340)

#48 JS:Script (size: 5152)

#49 JS:Script (size: 544)

#50 JS:Script (size: 59)

#51 JS:Script (size: 56276)

#52 JS:Script (size: 25071)

#53 JS:Script (size: 155)

#54 JS:Script (size: 75082)

#55 JS:Script (size: 25)

#56 JS:Script (size: 5)