Report - www.upload.ee/download/14855433/fc8cf81f74e31c5406b4/moon_proxy

Report Overview

URL

www.upload.ee/download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe
IP

51.91.30.159

ASN

#16276 OVH SAS
Submitted

2023-01-22T20:15:50Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

5

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
z.moatads.com (1)	374	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388	1412	23.38.201.146
googleads.g.doubleclick.net (1)	42	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	521	5016	142.250.74.130
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	54.200.117.177
adservice.google.com (1)	76	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	394	779	142.250.74.130
ocsp.sca1b.amazontrust.com (2)	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700	1947	54.230.245.39
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2374	35.241.9.150
ocsp.pki.goog (15)	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5145	10493	142.250.74.131
www.googletagmanager.com (1)	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381	45783	142.250.74.168
pagead2.googlesyndication.com (1)	101	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387	50414	142.250.74.98
m.addthis.com (1)	1448	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	983	362	2.18.172.123
serving.bepolite.eu (6)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4652	3697	212.47.222.21
www.google.com (1)	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	482	1432	142.250.74.164
s1.adform.net (10)	7226	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4522	160064	37.157.5.72
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5856	34.160.144.191
adservice.google.no (1)	96969	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393	1104	142.250.74.162
stats.g.doubleclick.net (1)	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	599	705	64.233.161.157
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	41935	34.120.237.76
dskwugy0u6y9l.cloudfront.net (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	892	139651	143.204.42.153
r3.o.lencr.org (8)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2704	7090	95.101.11.115
s7.addthis.com (3)	1504	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1308	144690	2.18.172.123
v1.addthisedge.com (1)	1721	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	408	338	2.18.172.123
banner.hookusbookus.com (5)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5992	56794	52.57.219.21
ajax.googleapis.com (1)	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	383	6535	172.217.21.170
hookusbookus.com (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	892	10277	52.57.219.21
static.bepolite.eu (2)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	796	4572	212.47.222.21
www.upload.ee (8)	981196	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3670	45495	51.91.30.159
ocsp.digicert.com (3)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1023	2209	93.184.220.29
www.google-analytics.com (1)	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370	20731	142.250.74.110
region1.google-analytics.com (1)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	802	560	216.239.34.36
tpc.googlesyndication.com (2)	126	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	888	13064	216.58.207.193
track.adform.net (5)	3564	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3628	6224	37.157.6.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-22	medium	serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF58sOhN9MIK2nimJxHE_E7ctAt-Yi6bvrwp_Ys0qTqkUXo0QWJWPAnUqzRAWVtLGAPKz02gMLuPpeppsglb3QtHHb7ufpMrtq721m_xvioVSJZCezXqP7k9FrqYn96Xst1JuqhSoKaAPXw_wpeAsar_zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0b0dUyM8D1aOQFuX4cpJtE8Bo--jtcKIisnYWLv7kmBsg0qhv6dRQgG6H_QjGabhna5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g	Phishing
2023-01-22	medium	serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF58sOhN9MIK2nimJxHE_E7ctAt-Yi6bvrwp_Ys0qTqkUXo0QWJWPAnUqzRAWVtLGAPKz02gMLuPpeppsglb3QtHHb7ufpMrtq721m_xvioVSJZCezXqP7k9FrqYn96Xst1JuqhSoKaAPXw_wpeAsar_zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1wt2MeNfTe_8MErV-1uE7uvKavkdgP3PvSDliwfwdC6Nb-oBgwvLl8nqDL0jWs1KPa5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g	Phishing
2023-01-22	medium	serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF58sOhN9MIK2nimJxHE_E7ctAt-Yi6bvrwp_Ys0qTqkUXo0QWJWPAnUqzRAWVtLGAPKz02gMLuPpeppsglb3QtHHb7ufpMrtq721m_xvioVSJZCezXqP7k9FrqYn96Xst1JuqhSoKaAPXw_wpeAsar_zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-2_gjwduxfemfQBp93uftKob9fd1llbzTSUu_CBzrs3cGe-H3hZ9-r8bIX8bXdr8jza5hY8OvOxWaQQS9P0iYfnf_8e5-90sra7UBdR4oM89g	Phishing
2023-01-22	medium	serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF58sOhN9MIK2nimJxHE_E7ctAt-Yi6bvrwp_Ys0qTqkUXo0QWJWPAnUqzRAWVtLGAPKz02gMLuPpeppsglb3QtHHb7ufpMrtq721m_xvioVSJZCezXqP7k9FrqYn96Xst1JuqhSoKaAPXw_wpeAsar_zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-0b0dUyM8D1aOQFuX4cpJtE8Bo--jtcKIisnYWLv7kmBsg0qhv6dRQgG6H_QjGabhna5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA	Phishing
2023-01-22	medium	serving.bepolite.eu/event?key=FYFWuDany3hwv6rfuoAYF58sOhN9MIK2nimJxHE_E7ctAt-Yi6bvrwp_Ys0qTqkUXo0QWJWPAnUqzRAWVtLGAPKz02gMLuPpeppsglb3QtHHb7ufpMrtq721m_xvioVSJZCezXqP7k9FrqYn96Xst1JuqhSoKaAPXw_wpeAsar_zp3ZdgWtH0MKue5p5AGKHXJxXiVJEh1Vfgxn38rgFo-tSrOiriedI-Oi3R5i8w-1wt2MeNfTe_8MErV-1uE7uvKavkdgP3PvSDliwfwdC6Nb-oBgwvLl8nqDL0jWs1KPa5hY8OvOxWaQQS9P0iYfnPQFkqynusZJvi-LzBjp4mA	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (97)

	URL	IP	Response	Size
	www.upload.ee/download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe	51.91.30.159	302 Found	0
Search urlquery URL www.upload.ee/download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe DOMAIN upload.ee FQDN www.upload.ee IP 51.91.30.159 Hash d41d8cd98f00b204e9800998ecf8427e External sources Mnemonic PDNS FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 VirusTotal HASH da39a3ee5e6b4b0d3255bfef95601890afd80709 FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 crt.sh FQDN www.upload.ee DOMAIN upload.ee URL HTTP/1.1 www.upload.ee/download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe IP 51.91.30.159:0 ASN #16276 OVH SAS Magic Size 0 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe HTTP/1.1 Host: www.upload.ee User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1` `HTTP/1.1 302 Found Server: nginx Date: Sun, 22 Jan 2023 20:15:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=5 Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1 Location: https://www.upload.ee/download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe`

	r3.o.lencr.org/	95.101.11.115	200 OK	503
Search urlquery URL r3.o.lencr.org/ DOMAIN lencr.org FQDN r3.o.lencr.org IP 95.101.11.115 Hash 20d267853e48ef7d476459ed67da5d97 External sources Mnemonic PDNS FQDN r3.o.lencr.org DOMAIN lencr.org IP 95.101.11.115 VirusTotal HASH 06d1bd08efd69c0e93486d3c423fa2640f372d29 FQDN r3.o.lencr.org DOMAIN lencr.org IP 95.101.11.115 crt.sh FQDN r3.o.lencr.org DOMAIN lencr.org URL HTTP/1.1 r3.o.lencr.org/ IP 95.101.11.115:0 ASN #20940 Akamai International B.V. Magic data Size 503 Hash 20d267853e48ef7d476459ed67da5d97 06d1bd08efd69c0e93486d3c423fa2640f372d29 24323cd45ca2ed01c63f908233d9b2ad5bb6f63394884c45bf6abb0221d0edd6 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "24323CD45CA2ED01C63F908233D9B2AD5BB6F63394884C45BF6ABB0221D0EDD6" Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3146 Expires: Sun, 22 Jan 2023 21:08:04 GMT Date: Sun, 22 Jan 2023 20:15:38 GMT Connection: keep-alive`

	r3.o.lencr.org/	95.101.11.115	200 OK	503
Search urlquery URL r3.o.lencr.org/ DOMAIN lencr.org FQDN r3.o.lencr.org IP 95.101.11.115 Hash 8a5e416451617846248067d72b675125 External sources Mnemonic PDNS FQDN r3.o.lencr.org DOMAIN lencr.org IP 95.101.11.115 VirusTotal HASH 995b0346adefaf5f2e167d1b81e60cc9afc4f19e FQDN r3.o.lencr.org DOMAIN lencr.org IP 95.101.11.115 crt.sh FQDN r3.o.lencr.org DOMAIN lencr.org URL HTTP/1.1 r3.o.lencr.org/ IP 95.101.11.115:0 ASN #20940 Akamai International B.V. Magic data Size 503 Hash 8a5e416451617846248067d72b675125 995b0346adefaf5f2e167d1b81e60cc9afc4f19e c5fafb9127b71cbd4f7b1a44f755fc4aa0e2f47bbc50de4b15c870a22bf160d9 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "C5FAFB9127B71CBD4F7B1A44F755FC4AA0E2F47BBC50DE4B15C870A22BF160D9" Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6096 Expires: Sun, 22 Jan 2023 21:57:14 GMT Date: Sun, 22 Jan 2023 20:15:38 GMT Connection: keep-alive`

	firefox.settings.services.mozilla.com/v1/	35.241.9.150	200 OK	939
Search urlquery URL firefox.settings.services.mozilla.com/v1/ DOMAIN mozilla.com FQDN firefox.settings.services.mozilla.com IP 35.241.9.150 Hash 14cd9a0afb6ba9a763651d5112760d1e External sources Mnemonic PDNS FQDN firefox.settings.services.mozilla.com DOMAIN mozilla.com IP 35.241.9.150 VirusTotal HASH 75d7b104ab9ab11fbb73c3f348b43b0119b5adfa FQDN firefox.settings.services.mozilla.com DOMAIN mozilla.com IP 35.241.9.150 crt.sh FQDN firefox.settings.services.mozilla.com DOMAIN mozilla.com URL HTTP/2 firefox.settings.services.mozilla.com/v1/ IP 35.241.9.150:0 ASN #15169 GOOGLE Magic JSON data\012- , ASCII text, with very long lines (939), with no line terminators Size 939 Hash 14cd9a0afb6ba9a763651d5112760d1e 75d7b104ab9ab11fbb73c3f348b43b0119b5adfa 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e HTTP Headers `GET /v1/ HTTP/1.1 Host: firefox.settings.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK access-control-allow-origin: * access-control-expose-headers: Content-Length, Alert, Retry-After, Content-Type, Backoff content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none'; strict-transport-security: max-age=31536000 x-content-type-options: nosniff content-length: 939 via: 1.1 google date: Sun, 22 Jan 2023 19:34:52 GMT content-type: application/json age: 2446 cache-control: max-age=3600,public alt-svc: clear X-Firefox-Spdy: h2`

	r3.o.lencr.org/	95.101.11.115	200 OK	503
Search urlquery URL r3.o.lencr.org/ DOMAIN lencr.org FQDN r3.o.lencr.org IP 95.101.11.115 Hash 17094b856fde02b2c8c2d3845ad325cf External sources Mnemonic PDNS FQDN r3.o.lencr.org DOMAIN lencr.org IP 95.101.11.115 VirusTotal HASH 26dc3f2ebf81faf5ab96eb75ffcbead6085528b8 FQDN r3.o.lencr.org DOMAIN lencr.org IP 95.101.11.115 crt.sh FQDN r3.o.lencr.org DOMAIN lencr.org URL HTTP/1.1 r3.o.lencr.org/ IP 95.101.11.115:0 ASN #20940 Akamai International B.V. Magic data Size 503 Hash 17094b856fde02b2c8c2d3845ad325cf 26dc3f2ebf81faf5ab96eb75ffcbead6085528b8 6547376c41dcaa352cc4e747291916902bcddc0032b750bd84c5e3b2fe6f7d16 HTTP Headers `POST / HTTP/1.1 Host: r3.o.lencr.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 503 ETag: "6547376C41DCAA352CC4E747291916902BCDDC0032B750BD84C5E3B2FE6F7D16" Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=16946 Expires: Mon, 23 Jan 2023 00:58:04 GMT Date: Sun, 22 Jan 2023 20:15:38 GMT Connection: keep-alive`

	content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain	34.160.144.191	200 OK	5348
Search urlquery URL content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain DOMAIN mozilla.net FQDN content-signature-2.cdn.mozilla.net IP 34.160.144.191 Hash 7b922915ebf1fa3639b333f994c74f24 External sources Mnemonic PDNS FQDN content-signature-2.cdn.mozilla.net DOMAIN mozilla.net IP 34.160.144.191 VirusTotal HASH 144a3f80b98fd0652d4614f24cf6cbbee40f8938 FQDN content-signature-2.cdn.mozilla.net DOMAIN mozilla.net IP 34.160.144.191 crt.sh FQDN content-signature-2.cdn.mozilla.net DOMAIN mozilla.net URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP 34.160.144.191:0 ASN #15169 GOOGLE Magic PEM certificate\012- , ASCII text Size 5348 Hash 7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c HTTP Headers `GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1 Host: content-signature-2.cdn.mozilla.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK x-amz-id-2: HzFvyzhp+E7LGhORJV2qjiv2I7/tzqvSr91H78oJrgsykCSpyY3lwh4XzvGt5ge/u0JT3ZEGIlIhj8NZM3LVxQ== x-amz-request-id: GGS1V8ES9MK88672 content-disposition: attachment accept-ranges: bytes server: AmazonS3 content-length: 5348 via: 1.1 google date: Sun, 22 Jan 2023 19:18:33 GMT age: 3425 last-modified: Mon, 09 Jan 2023 18:04:21 GMT etag: "7b922915ebf1fa3639b333f994c74f24" content-type: binary/octet-stream cache-control: public,max-age=3600 alt-svc: clear X-Firefox-Spdy: h2`

	ocsp.digicert.com/	93.184.220.29	200 OK	471
Search urlquery URL ocsp.digicert.com/ DOMAIN digicert.com FQDN ocsp.digicert.com IP 93.184.220.29 Hash 9b95b3d6d4fb4270bbaa7ee5c6478b5e External sources Mnemonic PDNS FQDN ocsp.digicert.com DOMAIN digicert.com IP 93.184.220.29 VirusTotal HASH 217c2dbb10916dc7ccc4c957d22dda286a0ca5cc FQDN ocsp.digicert.com DOMAIN digicert.com IP 93.184.220.29 crt.sh FQDN ocsp.digicert.com DOMAIN digicert.com URL HTTP/1.1 ocsp.digicert.com/ IP 93.184.220.29:0 ASN #15133 EDGECAST Magic data Size 471 Hash 9b95b3d6d4fb4270bbaa7ee5c6478b5e 217c2dbb10916dc7ccc4c957d22dda286a0ca5cc 743c317ffbfd516bd540499a18204ad144eb7d3d12067a924e93cdc7c0c43d68 HTTP Headers `POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Accept-Ranges: bytes Age: 17 Cache-Control: 'max-age=158059' Content-Type: application/ocsp-response Date: Sun, 22 Jan 2023 20:15:38 GMT Last-Modified: Sun, 22 Jan 2023 20:15:21 GMT Server: ECS (ska/F6FC) X-Cache: HIT Content-Length: 471`

	www.upload.ee/download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe	51.91.30.159	404 Not Found	385
Search urlquery URL www.upload.ee/download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe DOMAIN upload.ee FQDN www.upload.ee IP 51.91.30.159 Hash e4f19eab5113c94d361d10cdf3ada01b External sources Mnemonic PDNS FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 VirusTotal HASH c57a6772a7b5193372dfdd99fe3611ba0dc10129 FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 crt.sh FQDN www.upload.ee DOMAIN upload.ee URL HTTP/1.1 www.upload.ee/download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe IP 51.91.30.159:0 ASN #16276 OVH SAS Magic HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (385), with no line terminators Size 385 Hash e4f19eab5113c94d361d10cdf3ada01b c57a6772a7b5193372dfdd99fe3611ba0dc10129 8a6b0ca240139b420e916ba25610906aa23ed6dd3ef2399b9da23cc48c608a57 HTTP Headers `GET /download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe HTTP/1.1 Host: www.upload.ee User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1` `HTTP/1.1 404 Not Found Server: nginx Date: Sun, 22 Jan 2023 20:15:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 385 Connection: keep-alive Keep-Alive: timeout=5 Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1 P3P: CP="CAO PSA OUR"`

	contile.services.mozilla.com/v1/tiles	34.117.237.239	200 OK	12
Search urlquery URL contile.services.mozilla.com/v1/tiles DOMAIN mozilla.com FQDN contile.services.mozilla.com IP 34.117.237.239 Hash 23e88fb7b99543fb33315b29b1fad9d6 External sources Mnemonic PDNS FQDN contile.services.mozilla.com DOMAIN mozilla.com IP 34.117.237.239 VirusTotal HASH a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce FQDN contile.services.mozilla.com DOMAIN mozilla.com IP 34.117.237.239 crt.sh FQDN contile.services.mozilla.com DOMAIN mozilla.com URL HTTP/2 contile.services.mozilla.com/v1/tiles IP 34.117.237.239:0 ASN #15169 GOOGLE Magic JSON data\012- , ASCII text, with no line terminators Size 12 Hash 23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3 HTTP Headers `GET /v1/tiles HTTP/1.1 Host: contile.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK server: nginx date: Sun, 22 Jan 2023 20:15:38 GMT content-type: application/json content-length: 12 access-control-expose-headers: content-type vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers access-control-allow-credentials: true strict-transport-security: max-age=31536000 via: 1.1 google alt-svc: clear X-Firefox-Spdy: h2`

	www.upload.ee/files/14855433/Moon_Proxy_v1.exe.html	51.91.30.159	200 OK	8867
Search urlquery URL www.upload.ee/files/14855433/Moon_Proxy_v1.exe.html DOMAIN upload.ee FQDN www.upload.ee IP 51.91.30.159 Hash ebaec9d54bb138672d917b4942b8bed7 External sources Mnemonic PDNS FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 VirusTotal HASH d69a4306bd32ac12eb19aa696db822591234e4c1 FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 crt.sh FQDN www.upload.ee DOMAIN upload.ee URL HTTP/1.1 www.upload.ee/files/14855433/Moon_Proxy_v1.exe.html IP 51.91.30.159:0 ASN #16276 OVH SAS Magic HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4526) Size 8867 Hash ebaec9d54bb138672d917b4942b8bed7 d69a4306bd32ac12eb19aa696db822591234e4c1 977ff147a28e9b1b904dea8b1f1720cc99cbffcb32a980252e7c7c0e97cc8735 HTTP Headers GET /files/14855433/Moon_Proxy_v1.exe.html HTTP/1.1 Host: www.upload.ee User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://www.upload.ee/download/14855433/fc8cf81f74e31c5406b4/moon_proxy_v1.exe Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin HTTP/1.1 200 OK Server: nginx Date: Sun, 22 Jan 2023 20:15:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 8867 Connection: keep-alive Keep-Alive: timeout=20 Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Sun, 22 Jan 2023 22:15:38 +0200 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1 P3P: CP="CAO PSA OUR" Set-Cookie: lng=eng; expires=Sun, 19-Feb-2023 20:15:38 GMT; path=/; domain=www.upload.ee; secure; httponly; SameSite=None Content-Encoding: gzip

	s7.addthis.com/js/250/addthis_widget.js?pub=uploadee	2.18.172.123	200 OK	116418
Search urlquery URL s7.addthis.com/js/250/addthis_widget.js?pub=uploadee DOMAIN addthis.com FQDN s7.addthis.com IP 2.18.172.123 Hash 4efb26a99e0646982ada7241271ada5a External sources Mnemonic PDNS FQDN s7.addthis.com DOMAIN addthis.com IP 2.18.172.123 VirusTotal HASH e9caf6d3b4dd819c44c6d943891f5b25a254f6b3 FQDN s7.addthis.com DOMAIN addthis.com IP 2.18.172.123 crt.sh FQDN s7.addthis.com DOMAIN addthis.com URL HTTP/2 s7.addthis.com/js/250/addthis_widget.js?pub=uploadee IP 2.18.172.123:0 ASN #16625 AKAMAI-AS Magic ASCII text, with very long lines (54602) Size 116418 Hash 4efb26a99e0646982ada7241271ada5a e9caf6d3b4dd819c44c6d943891f5b25a254f6b3 02d48bea837dc90008e635a045106a5cd67c5306bdfa33fee857ac4994bb5a22 HTTP Headers `GET /js/250/addthis_widget.js?pub=uploadee HTTP/1.1 Host: s7.addthis.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://www.upload.ee/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` `HTTP/2 200 OK server: nginx/1.15.8 content-type: application/javascript last-modified: Mon, 26 Oct 2020 18:11:48 GMT etag: W/"5f971164-5834c" cache-control: public, max-age=600 strict-transport-security: max-age=15724800; includeSubDomains content-encoding: gzip content-length: 116418 date: Sun, 22 Jan 2023 20:15:39 GMT vary: Accept-Encoding x-distribution: 99 x-host: s7.addthis.com X-Firefox-Spdy: h2`

	www.upload.ee/static/ubr__style.css	51.91.30.159	200 OK	2880
Search urlquery URL www.upload.ee/static/ubr__style.css DOMAIN upload.ee FQDN www.upload.ee IP 51.91.30.159 Hash 7b736ade714db0c4ee6dbd432b2b1367 External sources Mnemonic PDNS FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 VirusTotal HASH 98b85ea1586315cba25380eca3c9785820a23042 FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 crt.sh FQDN www.upload.ee DOMAIN upload.ee URL HTTP/1.1 www.upload.ee/static/ubr__style.css IP 51.91.30.159:0 ASN #16276 OVH SAS Magic ASCII text, with very long lines (591), with CRLF line terminators Size 2880 Hash 7b736ade714db0c4ee6dbd432b2b1367 98b85ea1586315cba25380eca3c9785820a23042 e3d11bbf89fb8f84070b6616e4f422eef0182dbf937f0398d0d2c779509b07a1 HTTP Headers `GET /static/ubr__style.css HTTP/1.1 Host: www.upload.ee User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://www.upload.ee/files/14855433/Moon_Proxy_v1.exe.html Cookie: lng=eng Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin` `HTTP/1.1 200 OK Server: nginx Date: Sun, 22 Jan 2023 20:15:39 GMT Content-Type: text/css Last-Modified: Fri, 04 Oct 2013 10:02:27 GMT Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=20 ETag: W/"524e9233-25a0" Expires: Sun, 29 Jan 2023 20:15:39 GMT Cache-Control: max-age=604800 Vary: Accept-Encoding Content-Encoding: gzip`

	ocsp.pki.goog/gts1c3	142.250.74.131	200 OK	471
Search urlquery URL ocsp.pki.goog/gts1c3 DOMAIN pki.goog FQDN ocsp.pki.goog IP 142.250.74.131 Hash b6a7b076a30a5406b12344e01ba2d7ea External sources Mnemonic PDNS FQDN ocsp.pki.goog DOMAIN pki.goog IP 142.250.74.131 VirusTotal HASH 17e8497f4041b0c7e6fe4a13cfc5fe634c622fc5 FQDN ocsp.pki.goog DOMAIN pki.goog IP 142.250.74.131 crt.sh FQDN ocsp.pki.goog DOMAIN pki.goog URL HTTP/1.1 ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE Magic data Size 471 Hash b6a7b076a30a5406b12344e01ba2d7ea 17e8497f4041b0c7e6fe4a13cfc5fe634c622fc5 5c82bf44b7ea0d2399d52df26b0ebc574cea4c4ff5d34423d07a1fc20e2e3587 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sun, 22 Jan 2023 20:15:39 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	www.upload.ee/js/js__file_upload.js	51.91.30.159	200 OK	27351
Search urlquery URL www.upload.ee/js/js__file_upload.js DOMAIN upload.ee FQDN www.upload.ee IP 51.91.30.159 Hash 617f6d5a2744bc8c02e3d2c67544bd68 External sources Mnemonic PDNS FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 VirusTotal HASH f57c068257c8bc85644d3be1e845c36506cd4625 FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 crt.sh FQDN www.upload.ee DOMAIN upload.ee URL HTTP/1.1 www.upload.ee/js/js__file_upload.js IP 51.91.30.159:0 ASN #16276 OVH SAS Magic Unicode text, UTF-8 text, with very long lines (1853) Size 27351 Hash 617f6d5a2744bc8c02e3d2c67544bd68 f57c068257c8bc85644d3be1e845c36506cd4625 62a3bb4d9d2b5a55b6d821a75d7b155fac47def3c241e4f1215d17e022f02658 HTTP Headers `GET /js/js__file_upload.js HTTP/1.1 Host: www.upload.ee User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://www.upload.ee/files/14855433/Moon_Proxy_v1.exe.html Cookie: lng=eng Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin` `HTTP/1.1 200 OK Server: nginx Date: Sun, 22 Jan 2023 20:15:39 GMT Content-Type: application/javascript Content-Length: 27351 Last-Modified: Thu, 07 May 2020 19:13:28 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "5eb45dd8-6ad7" Expires: Sun, 29 Jan 2023 20:15:39 GMT Cache-Control: max-age=604800 Vary: Accept-Encoding Accept-Ranges: bytes`

	www.upload.ee/images/arrow.gif	51.91.30.159	200 OK	59
Search urlquery URL www.upload.ee/images/arrow.gif DOMAIN upload.ee FQDN www.upload.ee IP 51.91.30.159 Hash 6675f814b94f13f91f1383707b250e36 External sources Mnemonic PDNS FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 VirusTotal HASH 31452650e8fce2095613a2010799bdb7548bdd51 FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 crt.sh FQDN www.upload.ee DOMAIN upload.ee URL HTTP/1.1 www.upload.ee/images/arrow.gif IP 51.91.30.159:0 ASN #16276 OVH SAS Magic GIF image data, version 89a, 6 x 9\012- data Size 59 Hash 6675f814b94f13f91f1383707b250e36 31452650e8fce2095613a2010799bdb7548bdd51 061d01a0b85f948c6ec464870ecec4654c4bd2ff15cacda941bbbf16225ec411 HTTP Headers `GET /images/arrow.gif HTTP/1.1 Host: www.upload.ee User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://www.upload.ee/files/14855433/Moon_Proxy_v1.exe.html Cookie: lng=eng Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin` `HTTP/1.1 200 OK Server: nginx Date: Sun, 22 Jan 2023 20:15:39 GMT Content-Type: image/gif Content-Length: 59 Last-Modified: Sun, 14 Apr 2013 07:15:01 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "516a5775-3b" Expires: Sun, 29 Jan 2023 20:15:39 GMT Cache-Control: max-age=604800 Accept-Ranges: bytes`

	www.upload.ee/images/dl_.png	51.91.30.159	200 OK	1900
Search urlquery URL www.upload.ee/images/dl_.png DOMAIN upload.ee FQDN www.upload.ee IP 51.91.30.159 Hash f3e8f284a4e98cdb91b6abfc142d94a4 External sources Mnemonic PDNS FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 VirusTotal HASH fa9e618c2f56bea752ddd7e45a372c5539dadda9 FQDN www.upload.ee DOMAIN upload.ee IP 51.91.30.159 crt.sh FQDN www.upload.ee DOMAIN upload.ee URL HTTP/1.1 www.upload.ee/images/dl_.png IP 51.91.30.159:0 ASN #16276 OVH SAS Magic PNG image data, 154 x 32, 8-bit colormap, non-interlaced\012- data Size 1900 Hash f3e8f284a4e98cdb91b6abfc142d94a4 fa9e618c2f56bea752ddd7e45a372c5539dadda9 2f13919383f54ca21e5b87f5644df8a875b99815c821dcbbabea352d854c6882 HTTP Headers `GET /images/dl_.png HTTP/1.1 Host: www.upload.ee User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://www.upload.ee/files/14855433/Moon_Proxy_v1.exe.html Cookie: lng=eng Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin` `HTTP/1.1 200 OK Server: nginx Date: Sun, 22 Jan 2023 20:15:39 GMT Content-Type: image/png Content-Length: 1900 Last-Modified: Thu, 01 Dec 2016 09:37:27 GMT Connection: keep-alive Keep-Alive: timeout=20 ETag: "583fef57-76c" Expires: Sun, 29 Jan 2023 20:15:39 GMT Cache-Control: max-age=604800 Accept-Ranges: bytes`

	www.googletagmanager.com/gtag/js?id=UA-6703115-1	142.250.74.168	200 OK	45066
Search urlquery URL www.googletagmanager.com/gtag/js?id=UA-6703115-1 DOMAIN googletagmanager.com

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (157)

#1 JS:Script (size: 385)

#2 JS:Script (size: 12763)

#3 JS:Script (size: 94787)

#4 JS:Script (size: 27)

#5 JS:Script (size: 1705)

#6 JS:Script (size: 72197)

#7 JS:Script (size: 107)

#8 JS:Script (size: 37051)

#9 JS:Script (size: 10218)

#10 JS:Script (size: 65)

#11 JS:Script (size: 30425)

#12 JS:Script (size: 27351)

#13 JS:Script (size: 115651)

#14 JS:Script (size: 91)

#15 JS:Script (size: 366801)

#16 JS:Script (size: 614)

#17 JS:Script (size: 89476)

#18 JS:Script (size: 1636)

#19 JS:Script (size: 9700)

#20 JS:Script (size: 17314)

#21 JS:Script (size: 34455)

#22 JS:Script (size: 162)

#23 JS:Script (size: 652)

#24 JS:Script (size: 57)

#25 JS:Script (size: 155)

#26 JS:Script (size: 50234)

#27 JS:Script (size: 21109)

#28 JS:Script (size: 106297)

#29 JS:Script (size: 19)

#30 JS:Script (size: 13219)

#31 JS:Script (size: 13188)

#32 JS:Script (size: 361292)

#33 JS:Script (size: 14)

#34 JS:Script (size: 222446)

#35 JS:Script (size: 147351)

#36 JS:Script (size: 165)

#37 JS:Script (size: 85)

#38 JS:Script (size: 1049)

#39 JS:Script (size: 4899)

#40 JS:Script (size: 4785)

#41 JS:Script (size: 154)

#42 JS:Script (size: 174597)

#1 JS:Eval (size: 77)

#2 JS:Eval (size: 133)

#3 JS:Eval (size: 106)

#4 JS:Eval (size: 2)

#5 JS:Eval (size: 2)

#6 JS:Eval (size: 81)

#7 JS:Eval (size: 1)

#8 JS:Eval (size: 421)

#9 JS:Eval (size: 26)

#10 JS:Eval (size: 2)

#11 JS:Eval (size: 2)

#12 JS:Eval (size: 2)

#13 JS:Eval (size: 463)

#14 JS:Eval (size: 254)