Report - s04.mydiv-downloads.net/download/ahr0chm6ly9zb2z0lm15zgl2lm5ldc93aw4vzg93bmxvywqtu3rhcnqttwvuds03lmh0bww=/2d5d9/6399243428bc6/soft/dfiles/ru/win/start-menu-7/277425/startmenux_setup_5

Report Overview

URL

s04.mydiv-downloads.net/download/ahr0chm6ly9zb2z0lm15zgl2lm5ldc93aw4vzg93bmxvywqtu3rhcnqttwvuds03lmh0bww=/2d5d9/6399243428bc6/soft/dfiles/ru/win/start-menu-7/277425/startmenux_setup_5_5.exe
IP

51.75.52.14

ASN

#16276 OVH SAS
Submitted

2022-12-15T18:37:46Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

2

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com (1)	8877	2013-06-10T22:14:26Z	2023-03-09T06:38:15Z	418	746	142.250.74.74
r3.o.lencr.org (9)	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	3042	7975	23.36.76.226
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	782	2374	35.241.9.150
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	333	391	34.117.237.239
soft.mydiv.net (39)	unknown	2012-05-23T14:34:42Z	2023-02-20T00:14:18Z	34057	60776	54.36.106.111
s04.mydiv-downloads.net (2)	unknown	2019-04-14T12:14:22Z	2023-03-06T21:30:10Z	1138	722	51.75.52.14
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	606	127	35.163.1.35
mc.yandex.ru (7)	2672	2012-05-21T11:38:30Z	2023-03-09T06:09:54Z	6044	5863	87.250.250.119
partner.googleadservices.com (1)	798	2012-10-03T03:04:21Z	2023-03-09T05:12:35Z	676	694	216.58.207.226
yandex.ru (1)	671	2012-05-21T23:15:36Z	2023-03-09T07:10:34Z	360	906	77.88.55.77
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	413	5844	34.160.144.191
mydiv.net (18)	42497	2012-06-30T13:54:15Z	2023-02-20T00:13:02Z	15835	207346	54.36.106.111
games.mydiv.net (9)	unknown	2012-10-19T12:35:47Z	2023-02-20T00:14:22Z	7803	117976	54.36.106.111
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-09T05:09:25Z	3245	47389	34.120.237.76
adservice.google.no (1)	96969	2018-06-20T01:38:38Z	2023-03-09T05:13:18Z	385	1104	142.250.74.66
ocsp.digicert.com (1)	86	2012-05-21T09:02:23Z	2023-03-09T05:22:46Z	341	796	93.184.220.29
ocsp.globalsign.com (8)	2075	2012-07-20T19:46:16Z	2023-03-09T05:09:04Z	2881	11786	104.18.21.226
ocsp.pki.goog (13)	175	2018-07-01T08:43:07Z	2023-03-09T05:09:50Z	4459	9094	142.250.74.131
yastatic.net (5)	72282	2014-03-11T08:15:28Z	2023-03-09T07:18:11Z	2117	166694	178.154.131.215

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-15	medium	s04.mydiv-downloads.net/download/ahr0chm6ly9zb2z0lm15zgl2lm5ldc93aw4vzg93bmxvywqtu3rhcnqttwvuds03lmh0bww=/2d5d9/6399243428bc6/soft/dfiles/ru/win/start-menu-7/277425/startmenux_setup_5_5.exe	Malware
2022-12-15	medium	s04.mydiv-downloads.net/download/ahr0chm6ly9zb2z0lm15zgl2lm5ldc93aw4vzg93bmxvywqtu3rhcnqttwvuds03lmh0bww=/2d5d9/6399243428bc6/soft/dfiles/ru/win/start-menu-7/277425/startmenux_setup_5_5.exe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

HTTP Transactions (126)

URL IP Response Size

s04.mydiv-downloads.net/download/ahr0chm6ly9zb2z0lm15zgl2lm5ldc93aw4vzg93bmxvywqtu3rhcnqttwvuds03lmh0bww=/2d5d9/6399243428bc6/soft/dfiles/ru/win/start-menu-7/277425/startmenux_setup_5_5.exe

51.75.52.14

301 Moved Permanently

185

URL HTTP/1.1

s04.mydiv-downloads.net/download/ahr0chm6ly9zb2z0lm15zgl2lm5ldc93aw4vzg93bmxvywqtu3rhcnqttwvuds03lmh0bww=/2d5d9/6399243428bc6/soft/dfiles/ru/win/start-menu-7/277425/startmenux_setup_5_5.exe
IP

51.75.52.14:0
ASN

#16276 OVH SAS

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators

Size

185
Hash

4c555068310076e85908835c721911f5

9ec990aabb4391e139034f68e5e657e0f1d0b74d

568b4de0ad30e85670e724dc30ccb675924353b77807356c5ad7f29c8c38f510

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /download/ahr0chm6ly9zb2z0lm15zgl2lm5ldc93aw4vzg93bmxvywqtu3rhcnqttwvuds03lmh0bww=/2d5d9/6399243428bc6/soft/dfiles/ru/win/start-menu-7/277425/startmenux_setup_5_5.exe HTTP/1.1
Host: s04.mydiv-downloads.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Thu, 15 Dec 2022 18:37:35 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://s04.mydiv-downloads.net/download/ahr0chm6ly9zb2z0lm15zgl2lm5ldc93aw4vzg93bmxvywqtu3rhcnqttwvuds03lmh0bww=/2d5d9/6399243428bc6/soft/dfiles/ru/win/start-menu-7/277425/startmenux_setup_5_5.exe

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

96367f956a4177aec7e7e80221539d58

8dcad10fde96c139d1ef212388cb6755fe3fe077

f4f9bdb5180359dfd734cef1e6f1b54bc9d8f72cae557366eb74f22100b94dc4

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F4F9BDB5180359DFD734CEF1E6F1B54BC9D8F72CAE557366EB74F22100B94DC4"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10299
Expires: Thu, 15 Dec 2022 21:29:14 GMT
Date: Thu, 15 Dec 2022 18:37:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

ae86164fd9297dfdc05d67d69284d70e

5e5f27e3fd492f715baa6820f05c0fafde4040b3

be20f6ae6a51d20611cb4d350b52a5d0a339af6722fe9b2482ef58826c1e9de0

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE20F6AE6A51D20611CB4D350B52A5D0A339AF6722FE9B2482EF58826C1E9DE0"
Last-Modified: Thu, 15 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2346
Expires: Thu, 15 Dec 2022 19:16:41 GMT
Date: Thu, 15 Dec 2022 18:37:35 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

bf0c602d32b3c14606f22a86183b5e3c

6eabd8d83475eba731968abe1a05a8bfd272f160

6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 15 Dec 2022 18:09:00 GMT
content-type: application/json
age: 1715
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

51bd0cc75ed746fd33c950eb12936b7e

4a1007ea6c6e4f5e8b4a7d1f85f7a3e329dc8f50

188d4a0d544f40048dc7476cb4f5e478f1eb49a8ef1d51699fb155d2ae258655

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "188D4A0D544F40048DC7476CB4F5E478F1EB49A8EF1D51699FB155D2AE258655"
Last-Modified: Tue, 13 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7846
Expires: Thu, 15 Dec 2022 20:48:21 GMT
Date: Thu, 15 Dec 2022 18:37:35 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

53341dea33f4f3d9b4966f80589f429a

20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d

651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: hgDHtklojA0YpZie4wZ6rW0DApLEmw8ibZtKsrc60Wo4R9Z6DBs09701dXby1cjrjSH0esKhLSI=
x-amz-request-id: HDCGDFS8VA5TJ4S3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 15 Dec 2022 17:52:52 GMT
age: 2683
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.76.226:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

55d59b8fc943a7ce20ab207331e2ddb0

dae2cc9095f92f8fb066df1a9d9dcd9824ab8761

9525694f556f6b670cbc07186b23bb786816ae58b333e51cedf171d3fbe337a9

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9525694F556F6B670CBC07186B23BB786816AE58B333E51CEDF171D3FBE337A9"
Last-Modified: Thu, 15 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4807
Expires: Thu, 15 Dec 2022 19:57:42 GMT
Date: Thu, 15 Dec 2022 18:37:35 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Thu, 15 Dec 2022 18:37:35 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 15 Dec 2022 18:08:00 GMT
age: 1776
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

b9f0adeb27a19629aeff6f34de67f3ad

3876d1b871d7da6d18de23c2edb301eb30728066

c5744a90c8f66629aa2331465a32afe0d430b36d16fd98bc821e370f1b24463c

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 896
Cache-Control: max-age=139460
Content-Type: application/ocsp-response
Date: Thu, 15 Dec 2022 18:37:36 GMT
Etag: "639ae3b4-1d7"
Expires: Sat, 17 Dec 2022 09:21:56 GMT
Last-Modified: Thu, 15 Dec 2022 09:07:00 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

mydiv.net/build/public/images/c141857003053201a2b0239f9c2571a4.svg

54.36.106.111

200 OK

3315

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (188)

#1 JS:Script (size: 8380)

#2 JS:Script (size: 392)

#3 JS:Script (size: 545)

#4 JS:Script (size: 3796)

#5 JS:Script (size: 679)

#6 JS:Script (size: 12)

#7 JS:Script (size: 437)

#8 JS:Script (size: 8368)

#9 JS:Script (size: 10217)

#10 JS:Script (size: 45)

#11 JS:Script (size: 194)

#12 JS:Script (size: 4634)

#13 JS:Script (size: 9649)

#14 JS:Script (size: 2130)

#15 JS:Script (size: 147436)

#16 JS:Script (size: 363682)

#17 JS:Script (size: 14617)

#18 JS:Script (size: 17693)

#19 JS:Script (size: 566)

#20 JS:Script (size: 1392)

#21 JS:Script (size: 396)

#22 JS:Script (size: 394)

#23 JS:Script (size: 3905)

#24 JS:Script (size: 154112)

#25 JS:Script (size: 777)

#26 JS:Script (size: 13993)

#27 JS:Script (size: 88)

#28 JS:Script (size: 433264)

#29 JS:Script (size: 107)

#30 JS:Script (size: 29)

#31 JS:Script (size: 91)

#32 JS:Script (size: 29)

#33 JS:Script (size: 46)

#34 JS:Script (size: 433)

#35 JS:Script (size: 17314)

#36 JS:Script (size: 614)

#37 JS:Script (size: 654)

#38 JS:Script (size: 18093)

#39 JS:Script (size: 2689)

#40 JS:Script (size: 10199)

#41 JS:Script (size: 1553)

#42 JS:Script (size: 50230)

#43 JS:Script (size: 110199)

#44 JS:Script (size: 794)

#45 JS:Script (size: 23985)

#46 JS:Script (size: 12763)

#47 JS:Script (size: 260)

#48 JS:Script (size: 9)

#49 JS:Script (size: 36629)

#50 JS:Script (size: 457)

#51 JS:Script (size: 14376)

#52 JS:Script (size: 6991)

#53 JS:Script (size: 51)

#54 JS:Script (size: 19464)

#55 JS:Script (size: 755)

#56 JS:Script (size: 425)

#57 JS:Script (size: 34699)