Report - lodstuff3.tripod.com/d2hackit.zip

Report Overview

Visited public
2025-03-07 20:34:14
Tags
URL
lodstuff3.tripod.com/d2hackit.zip
Finishing URL
about:privatebrowsing
IP / ASN
209.202.252.105
#6354 LYCOS
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
lodstuff3.tripod.com	unknown	1994-09-29	2023-09-14	2025-03-07	501 B	153 kB	209.202.252.105

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
lodstuff3.tripod.com/d2hackit.zip
IP
209.202.252.105
ASN
#6354 LYCOS

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
153 kB (152643 bytes)
Hash
3244dc9a61b6b329e9d093dda75c13b6
efe1e2145dcff10a0d17d936d6a6c8c4d415fde2
fd482856eb300ab86a2984b2efbc78e2d6e0ec4541cbfca8f8bbbaed40a53738

Archive (10)

Filename

Md5

File type

modules.mp6

2575d523c108390b05a34e021bb7d128

data

D2HackIt.dll

c0ec23c5604710cd8283dc1b104ae4c4

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

D2HackIt.ini

e38fb7599dd6ba931b27440eb96a36de

Generic INItialization configuration [FingerprintData]

packet.dat

76a07a018dbf6c3a39eb4b7d3d96042a

data

th.dat

ebc9b163ff57e8ef087f6e33ffc7bf3b

data

d2hack.info

ea55365f6215b7851c1251154eb97f26

data

Loader.exe

74d2723cfd1c5c76b51226a826626999

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

D2HackIt.txt

7c6a7cb0ec9644409500df302cdf75ee

ASCII text, with CRLF line terminators

D2Loader.txt

5616d093c6403a313480ba568ae1743b

ASCII text, with CRLF line terminators

Maphack.txt

e476bc2746f9793ad0485cdf7402fcf2

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 45/57

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

lodstuff3.tripod.com/d2hackit.zip

209.202.252.105

200 OK

153 kB

URL User Request GET
lodstuff3.tripod.com/d2hackit.zip
IP
209.202.252.105:443
ASN
#6354 LYCOS

Certificate
IssuerLet's Encrypt
Subjecttripod.com
Fingerprint51:66:97:2E:3C:C5:27:4E:16:6E:D2:CB:F9:4D:1F:23:61:20:EF:F2
ValiditySun, 02 Mar 2025 14:54:57 GMT - Sat, 31 May 2025 14:54:56 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
153 kB (152643 bytes)
Hash
3244dc9a61b6b329e9d093dda75c13b6
efe1e2145dcff10a0d17d936d6a6c8c4d415fde2
fd482856eb300ab86a2984b2efbc78e2d6e0ec4541cbfca8f8bbbaed40a53738

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 45/57

HTTP Headers

GET /d2hackit.zip HTTP/1.1
Host: lodstuff3.tripod.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Fri, 07 Mar 2025 20:33:55 GMT
Content-Type: application/zip
Content-Length: 152643
Connection: keep-alive
Set-Cookie: CookieStatus=COOKIE_OK; path=/; domain=.tripod.com; expires=Sat, 07-Mar-2026 20:33:55 GMT
Vary: *
X-Server-IP: 209.202.244.212
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
Last-Modified: Thu, 11 Jul 2002 17:52:19 GMT
ETag: "25443-3d2dc5d3"
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (10)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers