Report Overview

  1. Submitted URL

    raw.githubusercontent.com/stephenfewer/reflectivedllinjection/master/bin/reflective_dll.dll

  2. IP

    185.199.110.133

    ASN

    #54113 FASTLY

  3. Submitted

    2024-08-01 15:08:06

    Access

    public

  4. Website Title

    about:privatebrowsing

  5. Final URL

    about:privatebrowsing

  6. Tags

  7. urlquery detections

    No alerts detected

Detections

  1. urlquery

    0

  2. Network Intrusion Detection

    0

  3. Threat Detection Systems

    9

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
r10.o.lencr.orgunknown2020-06-292024-06-062024-07-31
raw.githubusercontent.com358022014-02-062014-03-012024-07-31

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules
SeverityIndicatorAlert
mediumraw.githubusercontent.com/stephenfewer/reflectivedllinjection/master/bin/reflective_dll.dllDetects reflective loader (Cobalt Strike) used in Operation Wilted Tulip
mediumraw.githubusercontent.com/stephenfewer/reflectivedllinjection/master/bin/reflective_dll.dllDetects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
mediumraw.githubusercontent.com/stephenfewer/reflectivedllinjection/master/bin/reflective_dll.dllDetects Reflective DLL Loader
mediumraw.githubusercontent.com/stephenfewer/reflectivedllinjection/master/bin/reflective_dll.dllDetects Reflective DLL Loader - suspicious - Possible FP could be program crack

OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


Files detected

  1. URL

    raw.githubusercontent.com/stephenfewer/reflectivedllinjection/master/bin/reflective_dll.dll

  2. IP

    185.199.109.133

  3. ASN

    #54113 FASTLY

  1. File type

    PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

    Size

    59 kB (58880 bytes)

  2. Hash

    c2fea540aac9f04045b302916cd1c5cb

    e0866f1c6497b69dda6f93de4e5245bc53e0f129

    Detections

    AnalyzerVerdictAlert
    Public Nextron YARA rulesmalware
    Detects reflective loader (Cobalt Strike) used in Operation Wilted Tulip
    Public Nextron YARA rulesmalware
    Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
    Public Nextron YARA rulesmalware
    Detects Reflective DLL Loader
    Public Nextron YARA rulesmalware
    Detects Reflective DLL Loader - suspicious - Possible FP could be program crack
    VirusTotalmalicious

JavaScript (0)

HTTP Transactions (7)

URLIPResponseSize
r10.o.lencr.org/
23.33.119.57 504 B
r10.o.lencr.org/
23.33.119.57 504 B
r10.o.lencr.org/
23.33.119.57 504 B
r10.o.lencr.org/
23.33.119.57 504 B
raw.githubusercontent.com/stephenfewer/reflectivedllinjection/master/bin/reflective_dll.dll
185.199.109.133200 OK59 kB
r10.o.lencr.org/
23.33.119.27 504 B
r10.o.lencr.org/
23.33.119.27 504 B