Report - cdn.discordapp.com/attachments/803535548782346260/1256253807109865626/RDR2_FamilyMenu_1_2_7.zip?ex=66801907&is=667ec787&hm=013408cd345780d427e00a8b9380f611321c186cb3adb2d4ec7b509d8ea9b30f&

Report Overview

Visitedpublic

2024-06-28 14:26:41

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-27 18:12:05	1.6 kB	4.4 kB	23.36.76.226
cdn.discordapp.com	2474	2015-02-26	2015-08-24 15:06:21	2024-06-27 18:12:36	642 B	8.7 MB	162.159.135.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

cdn.discordapp.com/attachments/803535548782346260/1256253807109865626/RDR2_FamilyMenu_1_2_7.zip?ex=66801907&is=667ec787&hm=013408cd345780d427e00a8b9380f611321c186cb3adb2d4ec7b509d8ea9b30f&

IP / ASN

162.159.135.233

#13335 CLOUDFLARENET

File Overview

File TypeZip archive data, at least v1.0 to extract, compression method=store

Size8.7 MB (8680855 bytes)

MD53874d65c42d6ab9e9eb317a9833ac1d3

SHA1d6630f67d56e52b5387ba92bbcbd06adbc64cd7e

SHA2565827c76bcf15cccbbebee9c28de11aaa2988b263607b800c7a2f129331ccdb32

Archive (14)

Modified	Filename	Size	MD5	File type
2021-06-02 00:16	Fonts.ttf	8.2 MB	b7dc90fa852495f43a4ddd664d000b28	TrueType Font data, digitally signed, 16 tables, 1st "DSIG", name offset 0x7725bc
2024-04-09 04:51	Hotkeys.json	524 B	bd48b4942dde4324869d283ef75b2c13	JSON text data
2023-12-09 03:50	de_DE.json	167 kB	06c94424e85130fcf23c09be37e42e1b	JSON text data
2023-12-08 18:41	en_GB.json	171 kB	65653379abaae1b4d742d8640b452bbe	JSON text data
2023-12-08 18:41	ru_RU.json	172 kB	95ba22120bedf1433198314d6d102480	JSON text data
2023-12-08 18:41	tr_TR.json	168 kB	260d89d7c56ab670ae2fc95ac458ea5a	JSON text data
2023-12-09 03:22	zh_CN.json	166 kB	0bfc7c01e8ba8a80210e5a9b01e2edaf	JSON text data
2023-12-08 18:43	zh_TW.json	164 kB	92d40e5bcb5cde6cf063e12f310c73a3	JSON text data
2023-12-09 05:23	Listing.json	7.0 kB	bd22ad250d5cc66fd28aeeb5a03d2be1	JSON text data
2023-10-21 06:16	Family.lua	2.0 kB	b6382d385c06e39d76a875380586684b	ASCII text, with CRLF line terminators
2023-12-09 02:58	Settings.json	3.2 kB	0d1a5ba711e9cb85c899a687c0391180	JSON text data
2023-12-07 06:08	FamilyRes.ytd	375 kB	d49ba5d9e725e95269b79f0d465fde59	data
2024-04-09 04:40	FamilyRDR2.dll	8.9 MB	0aadd5370d2334b92f45d310b36a08a1	PE32+ executable (DLL) (console) x86-64, for MS Windows, 8 sections
2023-11-09 02:08	RDR2Loader.exe	223 kB	4f9cbb8c16e5fb386ccb10ce562fcfb6	PE32+ executable (console) x86-64, for MS Windows, 7 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 2/67

JavaScript (0)

HTTP Transactions (6)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-28

Last Seen2024-08-19

Times Seen33870

Size504 B (504 bytes)

MD511d12f1fba8aca9d9418e9d8dc4952bf

SHA1815abf5c4b5eb6f908e3c9aa829ee2e6ccdcc449

SHA25697f30de1fa8e41bf859ba482af92cec319429e14f4f81a9c675977b672ed7b9a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "97F30DE1FA8E41BF859BA482AF92CEC319429E14F4F81A9C675977B672ED7B9A"
Last-Modified: Fri, 28 Jun 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5339
Expires: Fri, 28 Jun 2024 15:55:11 GMT
Date: Fri, 28 Jun 2024 14:26:12 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-28

Last Seen2024-08-19

Times Seen28794

Size504 B (504 bytes)

MD5116ef0f15d988075de9127b4d85aeeac

SHA1cd431538d40d2097891757fd0ca8c06b576051e9

SHA2567dd2781a8624ca9b8c54539a3c46c44cdd86477de3078e4dab624bfc7ce5b7ae

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7DD2781A8624CA9B8C54539A3C46C44CDD86477DE3078E4DAB624BFC7CE5B7AE"
Last-Modified: Thu, 27 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14347
Expires: Fri, 28 Jun 2024 18:25:20 GMT
Date: Fri, 28 Jun 2024 14:26:13 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-28

Last Seen2024-08-19

Times Seen7073

Size504 B (504 bytes)

MD5dbfa299a842ee43ec1a3fb8290fcda40

SHA171bcd7b76e849c623cac83d913b31caafdb45344

SHA256f7914dbab79ce77341e0c1fe4a9e3defb687942fcd4b17c20ce7c19b315f39df

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F7914DBAB79CE77341E0C1FE4A9E3DEFB687942FCD4B17C20CE7C19B315F39DF"
Last-Modified: Thu, 27 Jun 2024 04:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10336
Expires: Fri, 28 Jun 2024 17:18:29 GMT
Date: Fri, 28 Jun 2024 14:26:13 GMT
Connection: keep-alive

GET cdn.discordapp.com/attachments/803535548782346260/1256253807109865626/RDR2_FamilyMenu_1_2_7.zip?ex=66801907&is=667ec787&hm=013408cd345780d427e00a8b9380f611321c186cb3adb2d4ec7b509d8ea9b30f&

162.159.135.233

200 OK

8.7 MB

URL

cdn.discordapp.com/attachments/803535548782346260/1256253807109865626/RDR2_FamilyMenu_1_2_7.zip?ex=66801907&is=667ec787&hm=013408cd345780d427e00a8b9380f611321c186cb3adb2d4ec7b509d8ea9b30f&

IP / ASN

162.159.135.233

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeZip archive data, at least v1.0 to extract, compression method=store

First Seen2024-04-11

Last Seen2025-05-01

Times Seen49

Size8.7 MB (8680855 bytes)

MD53874d65c42d6ab9e9eb317a9833ac1d3

SHA1d6630f67d56e52b5387ba92bbcbd06adbc64cd7e

SHA2565827c76bcf15cccbbebee9c28de11aaa2988b263607b800c7a2f129331ccdb32

Certificate Info

IssuerCloudflare, Inc.

Subjectdiscordapp.com

Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39

ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/67

HTTP Headers

GET /attachments/803535548782346260/1256253807109865626/RDR2_FamilyMenu_1_2_7.zip?ex=66801907&is=667ec787&hm=013408cd345780d427e00a8b9380f611321c186cb3adb2d4ec7b509d8ea9b30f& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Jun 2024 14:26:14 GMT
content-type: application/zip
content-length: 8680855
cf-ray: 89ae59c1ef5b92a4-CPH
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="RDR2_FamilyMenu_1_2_7.zip"
etag: "3874d65c42d6ab9e9eb317a9833ac1d3"
expires: Sat, 28 Jun 2025 14:26:14 GMT
last-modified: Fri, 28 Jun 2024 14:24:07 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1719584647842093
x-goog-hash: crc32c=s5DEtg==, md5=OHTWXELWq56esxepgzrB0w==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 8680855
x-guploader-uploadid: ACJd0NrF1MOmqdsuY0-L07dQgV7NDyWcQjV8bfGetRvyVOBPpvEH2rdbX2y6_8Pzje8U15_ozrWpQQ1Eqw
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=POacHO%2FIOMks%2FYoBHssU2ECqFndTmHvu9rVOv7FH5lmlnQw9CtD7lfijp9ZcbcbLsOCjzziDjFsXTfs%2B8mqdShq7Zw0nqiecE4ul5znIYA4VrNrC2WaPNYH4Ma%2Ff7kgGglpiAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=LKuCsE8mVRYCrZDYJxsYBbN9Na3_ssREtOROLZJw4i0-1719584774-1.0.1.1-pTQi.I5yetguSvQAj14PpjU5gNsw97qRklFaBjNg_mviuP.118nje.CE4VxgLSyC_.Yp_vRPDqV6NelEX34xPg; path=/; expires=Fri, 28-Jun-24 14:56:14 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=cVveijXDy_acu7e4okD1GaL_yMhAADZ4_A8E2mEZRRE-1719584774562-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-28

Last Seen2024-08-21

Times Seen38494

Size504 B (504 bytes)

MD50c22b10a118098f2cdc4b186e6f8e9a8

SHA1cfe8b247d843f42d2205bb16a48cefe38c78526e

SHA2561208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8912
Expires: Fri, 28 Jun 2024 16:54:47 GMT
Date: Fri, 28 Jun 2024 14:26:15 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-06-28

Last Seen2024-08-21

Times Seen38494

Size504 B (504 bytes)

MD50c22b10a118098f2cdc4b186e6f8e9a8

SHA1cfe8b247d843f42d2205bb16a48cefe38c78526e

SHA2561208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8912
Expires: Fri, 28 Jun 2024 16:54:47 GMT
Date: Fri, 28 Jun 2024 14:26:15 GMT
Connection: keep-alive