Report - mtg-h5.mtgglobals.com/2024/0808/banner-1113-native-47ce1f6e2f0c9fc926a30640066bf469.zip

Report Overview

Visited public
2025-04-21 13:13:06
Tags
URL
mtg-h5.mtgglobals.com/2024/0808/banner-1113-native-47ce1f6e2f0c9fc926a30640066bf469.zip
Finishing URL
about:privatebrowsing
IP / ASN
54.240.174.16
#16509 AMAZON-02
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mtg-h5.mtgglobals.com	unknown	2023-02-06	2023-11-16	2025-04-20	555 B	303 kB	54.240.174.47

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
mtg-h5.mtgglobals.com/2024/0808/banner-1113-native-47ce1f6e2f0c9fc926a30640066bf469.zip
IP
54.240.174.47
ASN
#16509 AMAZON-02

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
302 kB (302085 bytes)
Hash
47ce1f6e2f0c9fc926a30640066bf469
db7d31c5be3528aba2317cde33e32526ed66c98d
f0f37bd8e46ebc1456dd45eb3c2bde82375f2c51b7a72634fe95ecca0f8cc052

Archive (3)

Filename

Md5

File type

banner-1113-native.html

e057edf936cbd25ad72ccbbcd952c76c

HTML document, ASCII text, with very long lines (677), with no line terminators

banner-1113-native.js

46188387bd23110233944bb423230661

JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators

m.bundle.js

e0c645e885b37b5f0c804f88f452962c

JavaScript source, Unicode text, UTF-8 text, with very long lines (43181), with NEL line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Code and strings of plugins from the Tetris framework loaded by Swid

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	mtg-h5.mtgglobals.com/2024/0808/banner-1113-native-47ce1f6e2f0c9fc926a30640066bf469.zip	54.240.174.47	200 OK	302 kB
URL User Request GET mtg-h5.mtgglobals.com/2024/0808/banner-1113-native-47ce1f6e2f0c9fc926a30640066bf469.zip IP 54.240.174.47:443 ASN #16509 AMAZON-02 Certificate IssuerAmazon Subject.mobvista.com Fingerprint19:37:56:80:9E:4E:34:E5:07:8E:88:1F:9F:02:41:66:AC:38:AB:65 ValiditySun, 15 Dec 2024 00:00:00 GMT - Wed, 14 Jan 2026 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 302 kB (302085 bytes) Hash 47ce1f6e2f0c9fc926a30640066bf469 db7d31c5be3528aba2317cde33e32526ed66c98d f0f37bd8e46ebc1456dd45eb3c2bde82375f2c51b7a72634fe95ecca0f8cc052 HTTP Headers GET /2024/0808/banner-1113-native-47ce1f6e2f0c9fc926a30640066bf469.zip HTTP/1.1 Host: mtg-h5.mtgglobals.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: application/zip content-length: 302085 last-modified: Thu, 29 Aug 2024 07:10:17 GMT x-amz-server-side-encryption: AES256 x-amz-version-id: kf0phxIqzt5U7z6c2LDfs3bdupE_CBxu accept-ranges: bytes server: AmazonS3 date: Mon, 21 Apr 2025 05:25:35 GMT etag: "47ce1f6e2f0c9fc926a30640066bf469" x-cache: Hit from cloudfront via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: sm6VDR5Jc3MQ2QkWzy2pbsoICWr4dU4YVRl3AWZpCO3835vvyxioyg== age: 28030 X-Firefox-Spdy: h2

mtg-h5.mtgglobals.com/2024/0808/banner-1113-native-47ce1f6e2f0c9fc926a30640066bf469.zip

54.240.174.47

200 OK

302 kB

URL User Request GET
mtg-h5.mtgglobals.com/2024/0808/banner-1113-native-47ce1f6e2f0c9fc926a30640066bf469.zip
IP
54.240.174.47:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.mobvista.com
Fingerprint19:37:56:80:9E:4E:34:E5:07:8E:88:1F:9F:02:41:66:AC:38:AB:65
ValiditySun, 15 Dec 2024 00:00:00 GMT - Wed, 14 Jan 2026 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
302 kB (302085 bytes)
Hash
47ce1f6e2f0c9fc926a30640066bf469
db7d31c5be3528aba2317cde33e32526ed66c98d
f0f37bd8e46ebc1456dd45eb3c2bde82375f2c51b7a72634fe95ecca0f8cc052

HTTP Headers

GET /2024/0808/banner-1113-native-47ce1f6e2f0c9fc926a30640066bf469.zip HTTP/1.1
Host: mtg-h5.mtgglobals.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
content-length: 302085
last-modified: Thu, 29 Aug 2024 07:10:17 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: kf0phxIqzt5U7z6c2LDfs3bdupE_CBxu
accept-ranges: bytes
server: AmazonS3
date: Mon, 21 Apr 2025 05:25:35 GMT
etag: "47ce1f6e2f0c9fc926a30640066bf469"
x-cache: Hit from cloudfront
via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sm6VDR5Jc3MQ2QkWzy2pbsoICWr4dU4YVRl3AWZpCO3835vvyxioyg==
age: 28030
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (3)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers