Report - tencent-android.cdn.flydigi.com/PC/MOD/RDR2_MOD

Report Overview

Submitted URL
tencent-android.cdn.flydigi.com/PC/MOD/RDR2_MOD_2022090801.zip
IP
42.177.83.63
ASN
#4837 CHINA UNICOM China169 Backbone
Submitted
2024-04-16 22:03:33
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
status.rapidssl.com	6946	2002-04-05	2018-06-15	2024-04-16	331 B	735 B	192.229.221.95
tencent-android.cdn.flydigi.com	unknown	2008-07-11	2021-12-18	2024-04-13	516 B	924 kB	101.72.233.169
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-16	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
tencent-android.cdn.flydigi.com/PC/MOD/RDR2_MOD_2022090801.zip
IP
101.72.233.169
ASN
#4837 CHINA UNICOM China169 Backbone

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
923 kB (923413 bytes)
Hash
1225280c1c69377a13d9711d7554c11d
99008cd56f9d815dbcf00c79e64a5809ecbd28be
c600c1bd41d2aa5cc4f64baec3d3841dcea520c0151b355168c5abfa72a7da9d

Archive (21)

Filename

Md5

File type

dinput8.dll

f66b293ad5afa49c2bd8b58bdc18d453

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

DualSense.asi

e937afb467774367f2d7feffacdd3a7b

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

DualSenseResource.dll

b932acdbabe6521bcbf6112581c68cea

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

DualSenseResource.pdb

5c4214e91349dc7450b2d1e3bf1b2bfa

MSVC program database ver 7.00, 512*39 bytes

hidapi.dll

2da18e5bfcbb1806b152fa577ade8b7a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

INIFileParser.dll

2e77f841dbf271fd1ffc460bfd87a1d5

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

INIFileParser.xml

9e1e82310f8566a90f561c8cfd437b04

XML 1.0 document, ASCII text

inputs.dat

e1348103c7c5f4fb23ae16982bea1bd6

ASCII text, with CRLF line terminators

Newtonsoft.Json.dll

081d9558bbb7adce142da153b2d5577a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.xml

f414b3f68fe7c4f094b8fe8382f858c9

XML 1.0 document, ASCII text, with CRLF line terminators

RDR2Mod.exe

8f69f7f9a1fc7e1aaa4d3f3cbbb23a7a

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

RDR2Mod.exe.config

15c8c4ba1aa574c0c00fd45bb9cce1ab

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

RDR2Mod.pdb

970f044f34991f6a6cd90a4a91e167cf

MSVC program database ver 7.00, 512*59 bytes

Settings.ini

d777048d705d6c315059a120495e52fe

TeX document, ASCII text, with CRLF line terminators

trigger.ini

050fc81a43cb8200593199124f6c1593

Generic INItialization configuration [RELOAD]

version.txt

cfcd208495d565ef66e7dff9f98764da

very short file (no magic)

mod.version

abc96ddfc2f93ad563dfc73dc14971cf

ASCII text, with no line terminators

NativeTrainer.asi

f1c6201cb3ad25d7a17ba0b933ec9e28

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

README.md

a71b119ad634183fda5874b167d1f5b3

ASCII text, with CRLF line terminators

Release Notes.txt

9e0501b408462e67cbac686fa4842702

ASCII text, with CRLF line terminators

ScriptHookRDR2.dll

a333400411e16217351c73c93f4a9474

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (3)

	URL	IP	Response	Size
	status.rapidssl.com/	192.229.221.95		471 B
URL status.rapidssl.com/ IP 192.229.221.95:0 ASN #15133 EDGECAST File type data Size 471 B (471 bytes) Hash b465c00e9c6c427a6351a65a70f3df4c 4e19facba9f85a8d0dec86e6887323b239c5d1a5 caf610918ac6f454c44c0b31d86259e92752f6aca7f34e71421709c1ee7cf1d4 HTTP Headers `POST / HTTP/1.1 Host: status.rapidssl.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Accept-Ranges: bytes Age: 4475 Cache-Control: max-age=7200 Content-Type: application/ocsp-response Date: Tue, 16 Apr 2024 22:03:08 GMT Last-Modified: Tue, 16 Apr 2024 20:48:33 GMT Server: ECAcc (amb/6B53) X-Cache: HIT Content-Length: 471`

	tencent-android.cdn.flydigi.com/PC/MOD/RDR2_MOD_2022090801.zip	101.72.233.169	200 OK	923 kB
URL User Request GET HTTP/1.1 tencent-android.cdn.flydigi.com/PC/MOD/RDR2_MOD_2022090801.zip IP 101.72.233.169:443 ASN #4837 CHINA UNICOM China169 Backbone Certificate IssuerDigiCert Inc Subject.cdn.flydigi.com FingerprintDE:F7:67:84:6E:C4:3E:7F:1E:C8:3B:21:13:12:52:6C:A9:8B:D1:3F ValidityTue, 29 Aug 2023 00:00:00 GMT - Mon, 09 Sep 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 923 kB (923413 bytes) Hash 1225280c1c69377a13d9711d7554c11d 99008cd56f9d815dbcf00c79e64a5809ecbd28be c600c1bd41d2aa5cc4f64baec3d3841dcea520c0151b355168c5abfa72a7da9d HTTP Headers GET /PC/MOD/RDR2_MOD_2022090801.zip HTTP/1.1 Host: tencent-android.cdn.flydigi.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Content-Type: application/zip Date: Tue, 16 Apr 2024 22:03:08 GMT ETag: "1225280c1c69377a13d9711d7554c11d" Server: tencent-cos x-cos-hash-crc64ecma: 16948452709588729973 x-cos-request-id: NjYxZWY1OWNfYzUyZmFiMDlfOTZkMl84M2YzYTQw X-Cache-Lookup: Cache Miss, Hit From Upstream Cluster, Hit From Inner Cluster, Cache Miss Last-Modified: Thu, 08 Sep 2022 18:24:25 GMT Content-Length: 923413 Accept-Ranges: bytes X-NWS-LOG-UUID: 15864189351976523999 Connection: keep-alive`

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type XML 1.0 document, ASCII text, with very long lines (332) Size 444 B (444 bytes) Hash 3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=X_azN04V-UEBZV8olR8PuJtFdfmbAa175lEm6Fd9Xyn0OXXlpei7KVXFZ57BO-qysLKAYW-6i0RHst51h5R7bmqdXgOtEHgZi5Z2xJ_dbATvJ3mgfRxfEP3W3fu_vCx4 strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: EXPIRED content-encoding: gzip via: 1.1 google date: Tue, 16 Apr 2024 22:01:17 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 129 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (21)

Detections

JavaScript (0)

HTTP Transactions (3)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers