Report - www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media

Report Overview

Submitted URL
www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream
IP
94.237.26.82
ASN
#202053 UpCloud Ltd
Submitted
2024-05-07 04:51:28
Access
public
Website Title
Video
Final URL
www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.megawinner.xyz	unknown	2024-04-19	2021-06-19	2021-10-03	1.8 kB	71 kB	94.237.26.82
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-06	445 B	4.9 kB	142.250.74.106
use.fontawesome.com	942	2012-10-18	2017-01-30	2024-05-05	455 B	7.9 kB	104.21.27.152

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	megawinner.xyz	Sinkholed
2024-05-07	medium	megawinner.xyz	Sinkholed
2024-05-07	medium	megawinner.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream	2.5 kB	2023-10-23	2024-05-07
Pretty URL www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream IP 94.237.26.82 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-23 03:41:20 Last Seen2024-05-07 06:51:28 Times Seen31 Hash dfbc1276e634701cc42b5c5eadcbbe59 d4edbe02626449ce7c7570e67c33b2096f34aa10 e641d1c6b2c4def3c58078b68f49e1c1de8493feeb16cc6b2a4bb348332190b6 Loading...

	www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream	444 B	2023-10-23	2024-05-07
Pretty URL www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream IP 94.237.26.82 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-23 03:41:20 Last Seen2024-05-07 06:51:28 Times Seen38 Hash 03067204cfc2850ac8060b87581ead97 8c8441b7bb0b54b911069bd2a27d4b601adb4942 0a63e82b0be34ab73d087f3afe3276d40f353f8bcd38fa2f78108872f41d85e1 Loading...

	www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream	1.7 kB	2024-05-07	2024-05-07
Pretty URL www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream IP 94.237.26.82 ASN #202053 UpCloud Ltd Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 06:51:29 Last Seen2024-05-07 06:51:29 Times Seen1 Hash 71477f9701877b467965aea9f4b26672 ac95110928188107ee578ed73c348e78ea1a5e9a e5a8f3bfbf412499849fa225d5dfdb2ca83aad25e9e6ebd2628135dc161321bc Loading...

HTTP Transactions (5)

URL IP Response Size

use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css

104.21.27.152

200 OK

7.2 kB

URL GET HTTP/2
use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (30343)
Size
7.2 kB (7226 bytes)
Hash
36082410df2ef7f83932219089dc1443
7961402d7d01e19387fe609a38454b0bc8c6cca4
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

HTTP Headers

GET /releases/v4.7.0/css/font-awesome-css.min.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.megawinner.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 04:51:03 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"36082410df2ef7f83932219089dc1443"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 559475
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y%2BiLXHVj3r7hYkVvHWbEBUSweczbmWkwnoyBZrxzS1fS5k0mBds7kpbkuhe0cKF5UZS7zy4oXWkwyAG6K%2F%2B5X8pIcXMHt%2BHCWxnh%2BkO7IOUVLMZ%2BfUGxlSwDX8X8K9xFxoE2x%2FRs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87fe97bd0a5d56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.megawinner.xyz/dl/all/offer/sub/video/style.css

94.237.26.82

200 OK

40 kB

URL GET HTTP/2
www.megawinner.xyz/dl/all/offer/sub/video/style.css
IP
94.237.26.82:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.megawinner.xyz
FingerprintE1:3F:35:F8:78:45:55:BE:FA:4F:C2:BE:D0:9B:8A:89:8A:6E:FE:37
ValidityFri, 19 Apr 2024 07:20:12 GMT - Thu, 18 Jul 2024 07:20:11 GMT

File type
gzip compressed data, from Unix
Size
40 kB (40268 bytes)
Hash
6761a4eb4388de0401b536a2dd049be9
f7e0427a7a144f84bc925a324738ee934ae26c87
641e087c7a36ed3030a84538ee17716b0990de10523d6aed973bb599e749b56b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dl/all/offer/sub/video/style.css HTTP/1.1
Host: www.megawinner.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 04:51:03 GMT
content-type: text/css
last-modified: Fri, 05 Apr 2024 10:38:01 GMT
vary: Accept-Encoding
etag: W/"660fd489-3fe83"
expires: Wed, 07 May 2025 04:51:03 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream

94.237.26.82

200 OK

29 kB

URL User Request GET HTTP/2
www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream
IP
94.237.26.82:443
ASN
#202053 UpCloud Ltd

Certificate
IssuerLet's Encrypt
Subject*.megawinner.xyz
FingerprintE1:3F:35:F8:78:45:55:BE:FA:4F:C2:BE:D0:9B:8A:89:8A:6E:FE:37
ValidityFri, 19 Apr 2024 07:20:12 GMT - Thu, 18 Jul 2024 07:20:11 GMT

File type

Size
29 kB (29321 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream HTTP/1.1
Host: www.megawinner.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
date: Tue, 07 May 2024 04:51:03 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

www.megawinner.xyz/dl/all/offer/sub/video/font.css

94.237.26.82

200 OK

1.0 kB

URL GET HTTP/2
www.megawinner.xyz/dl/all/offer/sub/video/font.css
IP
94.237.26.82:443
ASN
#202053 UpCloud Ltd

Requested by
https://www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream
Certificate
IssuerLet's Encrypt
Subject*.megawinner.xyz
FingerprintE1:3F:35:F8:78:45:55:BE:FA:4F:C2:BE:D0:9B:8A:89:8A:6E:FE:37
ValidityFri, 19 Apr 2024 07:20:12 GMT - Thu, 18 Jul 2024 07:20:11 GMT

File type
ASCII text, with very long lines (1052), with no line terminators
Size
1.0 kB (1031 bytes)
Hash
bdf4ad58efd8c7a67df5bf5c698aa26a
6726e13361ecbdc14eba7d1f02ae30903e0ce194
ee348b108b05b9e9a91a472f3c4937c1ddc264ab23992c6c356879bbfe227837

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dl/all/offer/sub/video/font.css HTTP/1.1
Host: www.megawinner.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 04:51:03 GMT
content-type: text/css
last-modified: Fri, 05 Apr 2024 10:38:01 GMT
vary: Accept-Encoding
etag: W/"660fd489-407"
expires: Wed, 07 May 2025 04:51:03 GMT
pragma: public
cache-control: max-age=31536000, public
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Muli:300,400,700,800

142.250.74.106

200 OK

4.3 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Muli:300,400,700,800
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://www.megawinner.xyz/dl/all/offer/sub/video/?tid=lvvww74dbqfpg4ryvv48cs4g8,17414631,5,8553&flow=app&ctrack=1715057399.763826298&p=8553&pi=nonmob&media_type=mainstream
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text, with very long lines (4408), with no line terminators
Size
4.3 kB (4312 bytes)
Hash
157627e6a6500a7afb22fd8b021455c8
d5ebccc6e2974a1504e67784c50897c52c24c560
e9fd212d9fcd2c67db2a10523a1a17b1e795fa343a0859c01b224b970dda766f

HTTP Headers

GET /css?family=Muli:300,400,700,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.megawinner.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 04:51:03 GMT
date: Tue, 07 May 2024 04:51:03 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (5)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by