Report - media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip

Report Overview

Visited public
2024-12-12 22:50:09
Tags
URL
media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Finishing URL
media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
IP / ASN
172.67.194.152
#13335 CLOUDFLARENET
Title
Content Saver

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2024-12-11	1.0 kB	142 kB	104.17.24.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-12-11	449 B	26 kB	151.101.65.229
media1.2cd0311gd13.com	unknown	2024-01-04	2024-12-12	2024-12-12	1.9 kB	16 MB	172.67.194.152
arch1.2cd0311gd13.com	unknown	2024-01-04	2024-12-12	2024-12-12	503 B	16 MB	172.67.194.152

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-12	medium	2cd0311gd13.com	Sinkholed
2024-12-12	medium	2cd0311gd13.com	Sinkholed
2024-12-12	medium	2cd0311gd13.com	Sinkholed
2024-12-12	medium	2cd0311gd13.com	Sinkholed
2024-12-12	medium	2cd0311gd13.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip	ScriptElement	0 B	0001-01-01	2025-06-16
Pretty URL media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip IP 172.67.194.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-16 07:45 Times Seen4975799 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	media1.2cd0311gd13.com/js/hdw.js	ScriptElement	5.9 kB	2024-12-06	2025-02-06
Pretty URL media1.2cd0311gd13.com/js/hdw.js IP 172.67.194.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-06 08:07 Last Seen2025-02-06 19:09 Times Seen25 Hash ede7714e4c140eff41b525133e20df34 5058245dfbd4b32f844b56b7fec818b26f5b4ccd 248e779212425c7d6145a69d9f0b5fa25810a40e1e995960206463789517feae Loading...

	media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip	ScriptElement	0 B	0001-01-01	2025-06-16
Pretty URL media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip IP 172.67.194.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-16 07:45 Times Seen4975799 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js	ScriptElement	80 kB	2023-06-08	2025-06-16
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-08 14:47 Last Seen2025-06-16 05:47 Times Seen1837 Hash 849e6db145f2905ce210f628bddd9de5 d722fa9982da8aa48df88251bb1897f13c1db3b9 aa53d582f97eb594c2a5cc5824574707f9ba9837bce3046bfa5f3556860f4e04 Loading...

HTTP Transactions (8)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

104.17.24.14

200 OK

15 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint64:3F:50:40:E0:BD:89:CB:A9:C8:BE:E5:74:F6:9E:D6:2E:1A:32:02
ValidityTue, 26 Nov 2024 07:25:18 GMT - Mon, 24 Feb 2025 07:25:17 GMT

File type
ASCII text, with very long lines (65311)
Size
15 kB (14850 bytes)
Hash
3d5ef2bf867c4054a2f336cdbad9e1dc
07228d1fa3245ee156a27a353f45758a3207849f
a361e7885c36bacb3fd9cb068da207c3b9329962cac022d06e28923939f575e8

HTTP Headers

GET /ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://media1.2cd0311gd13.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 12 Dec 2024 22:49:44 GMT
content-type: text/css; charset=utf-8
content-length: 14850
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "619c057b-3a02"
last-modified: Mon, 22 Nov 2021 21:02:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 187269
expires: Tue, 02 Dec 2025 22:49:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aPADsVbYvtRnf8hoBGKxus%2Fe0hKp7XK7uZupnhLWCkbzxxeDfDYl9aDvlNlmswC8zRubQqbNEFxiLhCE4BUfVIjqBUJpSlOuoqH4FhmDZUHXtIHTfMGWw7k5j3dJZBI7xxJj9D3j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8f1144f48c3656af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js

151.101.65.229

200 OK

25 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
25 kB (24668 bytes)
Hash
849e6db145f2905ce210f628bddd9de5
d722fa9982da8aa48df88251bb1897f13c1db3b9
aa53d582f97eb594c2a5cc5824574707f9ba9837bce3046bfa5f3556860f4e04

HTTP Headers

GET /npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://media1.2cd0311gd13.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.3.0
x-jsd-version-type: version
etag: W/"13a25-1yL6mYLaiqSN+IJRuxiX8Twds7k"
content-encoding: br
accept-ranges: bytes
date: Thu, 12 Dec 2024 22:49:44 GMT
age: 3241745
x-served-by: cache-fra-etou8220038-FRA, cache-hel1410027-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24668
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-solid-900.woff2

104.17.24.14

200 OK

125 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-solid-900.woff2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint64:3F:50:40:E0:BD:89:CB:A9:C8:BE:E5:74:F6:9E:D6:2E:1A:32:02
ValidityTue, 26 Nov 2024 07:25:18 GMT - Mon, 24 Feb 2025 07:25:17 GMT

File type
Web Open Font Format (Version 2), TrueType, length 125064, version 768.67
Size
125 kB (125064 bytes)
Hash
57b380d27f14f16e737bcca7e849cf79
2e4280929d4d76fc0e31601c98f167f14630c209
94e1bbc1c2a41ebc73fa5253fd563256c0035b4d69181e48f9aef9e474a11251

HTTP Headers

GET /ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://media1.2cd0311gd13.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 12 Dec 2024 22:49:44 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 125064
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "619c057b-1e888"
last-modified: Mon, 22 Nov 2021 21:02:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 190117
expires: Tue, 02 Dec 2025 22:49:44 GMT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kwO4FrWZMFEqHEw4Dzk3zTs1%2FmGUHLMKDL5aXY1%2BRXqWhxCL8%2FctOBIX231RnTGbP1HgMgYHxCk3DMTkzzpej0RtarG4XX93eMuTUW%2FEsbgTvuizx8AVYytmotlhqnOIPTPLgJkx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8f1144f569831c16-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

media1.2cd0311gd13.com/js/hdw.js

172.67.194.152

200 OK

16 MB

URL GET HTTP/3
media1.2cd0311gd13.com/js/hdw.js
IP
172.67.194.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Certificate
IssuerGoogle Trust Services
Subject2cd0311gd13.com
Fingerprint85:32:A9:B0:4B:77:32:25:96:0F:17:AC:8D:FC:09:1A:BE:4E:C1:B3
ValidityThu, 12 Dec 2024 13:53:01 GMT - Wed, 12 Mar 2025 14:29:39 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
16 MB (16472445 bytes)
Hash
ede7714e4c140eff41b525133e20df34
5058245dfbd4b32f844b56b7fec818b26f5b4ccd
248e779212425c7d6145a69d9f0b5fa25810a40e1e995960206463789517feae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/hdw.js HTTP/1.1
Host: media1.2cd0311gd13.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 12 Dec 2024 22:49:44 GMT
content-type: text/javascript
last-modified: Wed, 20 Nov 2024 17:00:52 GMT
etag: W/"1739-6275b179df900"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3286
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X5EQWx0E78klruwIv8Jn1EEWTzbpaG9WDaRc45ttM2gXWZ8i6aRMA9LDxszRBwnzaSaxyFKXRV%2B%2FrtqhoR8PKdlP9GojID10sCETiqEQ6eTRphCSZVgI8tS3S%2F1bI4sbjKn9BH%2FPvjcJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f1144f47a0c0b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6112&min_rtt=4827&rtt_var=2727&sent=15&recv=9&lost=0&retrans=0&sent_bytes=6355&recv_bytes=1514&delivery_rate=123044&cwnd=12000&unsent_bytes=0&cid=40fd0f6f082a52e3&ts=185&x=1", cfExtPri, cfHdrFlush;dur=0

media1.2cd0311gd13.com/favicon.ico

172.67.194.152

200 OK

9.7 kB

URL GET HTTP/3
media1.2cd0311gd13.com/favicon.ico
IP
172.67.194.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Certificate
IssuerGoogle Trust Services
Subject2cd0311gd13.com
Fingerprint85:32:A9:B0:4B:77:32:25:96:0F:17:AC:8D:FC:09:1A:BE:4E:C1:B3
ValidityThu, 12 Dec 2024 13:53:01 GMT - Wed, 12 Mar 2025 14:29:39 GMT

File type
MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel
Size
9.7 kB (9662 bytes)
Hash
3fac7fe75283c981d673eb6b06fd4aef
563d79ee4e8f58174548fed59f2ed244aa376fbd
97c2c71a8e4ddb2ce7eff4c0115b5b592cda86e069c28d107a46dd1c1f5d5ea8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: media1.2cd0311gd13.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 12 Dec 2024 22:49:44 GMT
content-type: image/x-icon
last-modified: Fri, 29 Nov 2024 20:52:42 GMT
etag: W/"25be-62813614a1a80"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3285
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3XTajoi6jyWPEKVpNjBGgj02nCxGptyIDsuAChdcnYJtihkb%2FHXLjaBoUrwNaj%2B5alLrSGkvjKboG%2FselDKk8mxwEjmC2QrjXjv7zKQ1yQxf5Irod%2F%2BXhHubRRo9DhGWVcWMTiJT33FF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f1144f64b350b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5794&min_rtt=3574&rtt_var=2680&sent=19&recv=11&lost=0&retrans=0&sent_bytes=9452&recv_bytes=1864&delivery_rate=31417&cwnd=12000&unsent_bytes=0&cid=40fd0f6f082a52e3&ts=481&x=1", cfExtPri, cfHdrFlush;dur=0

media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip

172.67.194.152

200 OK

2.0 kB

URL User Request GET HTTP/2
media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
IP
172.67.194.152:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subject2cd0311gd13.com
Fingerprint85:32:A9:B0:4B:77:32:25:96:0F:17:AC:8D:FC:09:1A:BE:4E:C1:B3
ValidityThu, 12 Dec 2024 13:53:01 GMT - Wed, 12 Mar 2025 14:29:39 GMT

File type
HTML document, ASCII text, with very long lines (2110), with no line terminators
Size
2.0 kB (1967 bytes)
Hash
2600a2e8e7200a793740e5e9eed16c4d
ab715dd38652344a5db9a85b877dc09c42637da1
58647a08b5d135cf346087f1025d4e2bbc679660b8324078a4a1f2bf2dccbf03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Team+R2r+Omnisphere+2+Crackl.zip HTTP/1.1
Host: media1.2cd0311gd13.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 12 Dec 2024 22:49:44 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.12
cache-control: no-store
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xPZgVvGKKMHVZhJlI9u1WEHCs8L4KSoO8OvzVz3oI%2Fkj0VB74mESSgNt2aZzOgvgC1nv%2FAOU%2Bnd9CMNlPRw4%2FSdFHrBemKcyUNNPBsjVDamo7I%2FCA%2FBOFTLAnIkrPckGsYFjARezWgFt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f1144f1ef9356bd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5628&min_rtt=483&rtt_var=10331&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3209&recv_bytes=1147&delivery_rate=7898181&cwnd=254&unsent_bytes=0&cid=0a01592f57667dea&ts=189&x=0"
X-Firefox-Spdy: h2

media1.2cd0311gd13.com/styles.css

172.67.194.152

200 OK

6.4 kB

URL GET HTTP/3
media1.2cd0311gd13.com/styles.css
IP
172.67.194.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Certificate
IssuerGoogle Trust Services
Subject2cd0311gd13.com
Fingerprint85:32:A9:B0:4B:77:32:25:96:0F:17:AC:8D:FC:09:1A:BE:4E:C1:B3
ValidityThu, 12 Dec 2024 13:53:01 GMT - Wed, 12 Mar 2025 14:29:39 GMT

File type
ASCII text, with very long lines (6967), with no line terminators
Size
6.4 kB (6409 bytes)
Hash
e4fbe76c1e354e868a75652ebd8f191f
ed871e66097ed44b67858a463db05dc695efe73a
2048c08767a93340559c2ae23aae0f045ec19a95c4fe1177ac5631d0c16383b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles.css HTTP/1.1
Host: media1.2cd0311gd13.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 12 Dec 2024 22:49:44 GMT
content-type: text/css
last-modified: Mon, 11 Nov 2024 02:52:22 GMT
etag: W/"1909-6269a3092a580"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3286
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=563v6E%2BL1Npgz5L%2FECfj2pD7askZT1UvG4nPqqfpvkqlmDzIefbZdxvc7JZ6EfGYRxiXK48syQt3CvriBLFOnt8O1wIFsEzJOtgh1qMTxgKgx1n4bnn9RNUCGZNrvniqk0XYgnVfKiwN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f1144f46a080b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6112&min_rtt=4827&rtt_var=2727&sent=13&recv=9&lost=0&retrans=0&sent_bytes=4139&recv_bytes=1514&delivery_rate=123044&cwnd=12000&unsent_bytes=0&cid=40fd0f6f082a52e3&ts=185&x=1", cfExtPri, cfHdrFlush;dur=0

arch1.2cd0311gd13.com/web/q/KHBf4ejAW1t78xThWugqMg1T/Team+R2r+Omnisphere+2+Crackl.zip

172.67.194.152

200 OK

16 MB

URL GET HTTP/2
arch1.2cd0311gd13.com/web/q/KHBf4ejAW1t78xThWugqMg1T/Team+R2r+Omnisphere+2+Crackl.zip
IP
172.67.194.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://media1.2cd0311gd13.com/Team+R2r+Omnisphere+2+Crackl.zip
Certificate
IssuerGoogle Trust Services
Subject2cd0311gd13.com
Fingerprint85:32:A9:B0:4B:77:32:25:96:0F:17:AC:8D:FC:09:1A:BE:4E:C1:B3
ValidityThu, 12 Dec 2024 13:53:01 GMT - Wed, 12 Mar 2025 14:29:39 GMT

File type

Size
16 MB (16470147 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /web/q/KHBf4ejAW1t78xThWugqMg1T/Team+R2r+Omnisphere+2+Crackl.zip HTTP/1.1
Host: arch1.2cd0311gd13.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://media1.2cd0311gd13.com
DNT: 1
Connection: keep-alive
Referer: https://media1.2cd0311gd13.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 12 Dec 2024 22:49:45 GMT
content-type: application/octet-stream
content-length: 16470147
x-powered-by: PHP/8.2.12
access-control-allow-origin: *
content-description: File Transfer
content-disposition: attachment; filename=team r2r omnisphere 2 crackl.7z
content-transfer-encoding: binary
expires: 0
cache-control: max-age=14400, must-revalidate
pragma: public
cf-cache-status: MISS
last-modified: Thu, 12 Dec 2024 22:49:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3YWUbLiTqaYD41WLu0YWXbcmCHI1zgzbLA%2F5vxwVvnSA8VND6BD4%2FoRx6ruU7V8w0LGOdMvODFZE8kbu07zN86NzhFz7BPk7nKPHUftnbuir2IvB0uyOQUPAcq4DVtFHvc21UDHRVg0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f1144f5aa65b509-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5988&min_rtt=427&rtt_var=11109&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3209&recv_bytes=1135&delivery_rate=7300840&cwnd=254&unsent_bytes=0&cid=72110a1a41c00069&ts=507&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (8)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP