Report - c10.patreonusercontent.com/4/patreon-media/p/post/53115071/900e05e432a14c8b94091dd4ab9256ae/eyJhIjoxLCJwIjoxfQ==/1.zip?token-hash=xO2WEsGcUKrevYVfoLzS5ltqoMD3HPLd7

Report Overview

Visitedpublic

2025-06-22 21:17:16

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
c10.patreonusercontent.com	39060	2017-04-06	2017-08-23	2025-06-16	664 B	2.5 MB	104.18.69.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

c10.patreonusercontent.com/4/patreon-media/p/post/53115071/900e05e432a14c8b94091dd4ab9256ae/eyJhIjoxLCJwIjoxfQ==/1.zip?token-hash=xO2WEsGcUKrevYVfoLzS5ltqoMD3HPLd7_52qL1ZbZA=&token-time=1750896000

IP / ASN

104.18.69.106

#13335 CLOUDFLARENET

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=store

Size2.5 MB (2516193 bytes)

MD59f2cea5dce457fe1cbe5f914a47a4fb1

SHA1e9734542648b4b150e6aafe5226002ad20299eaa

SHA25606aa8f8ca2069764781cfaef781c5795f9300d13beed6628e8d9c49f3dd66b44

Archive (26)

Modified	Filename	Size	MD5	File type
2021-06-30 15:23	changelog.txt	5.2 kB	bb9e68355eb3a2a80fcc7283d2acd506	ISO-8859 text, with CRLF line terminators
2021-06-30 15:18	FIFALiveEditor.DLL	3.9 MB	5cc946c7c8407986da036158791bf2bb	PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections
2021-05-27 11:55	Launcher.exe	1.3 MB	cd6b7b8abd800ff06c2f19dcd1df7baf	PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
2021-02-16 15:56	launcher_config.ini	80 B	8997926072a701c93088f9e5e3d7eb77	ASCII text, with CRLF line terminators
2021-06-30 15:23	le_config.json	966 B	7bfe6177edad90bbd8037430cd34bc2e	JSON text data
2021-02-16 15:56	LICENSE	18 kB	ffa10f40b98be2c2bc9608f56827ed23	ASCII text, with CRLF line terminators
2021-06-30 15:23	IdMap.json	87 kB	9b24f88e61bd27a4e714352dacfbbfb7	JSON text data
2021-06-30 15:23	legacy_structure.txt	40 kB	8df36eea3e329aa07dc2ae70042a5a2d	ASCII text, with CRLF line terminators
2021-02-16 15:56	Injector.exe	588 kB	c7e514ec03861cdc5d376d82ffa6eaeb	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2021-02-16 15:56	README.txt	179 B	23b26943cc6fa7f2ada874843640ff6e	ASCII text, with CRLF line terminators
2021-06-30 15:23	translate.json	29 kB	422c7d1180780b9be2d9e55ce63b65da	JSON text data
2021-06-30 15:23	translate.json	57 B	d100da9cc5e01c0b25077883baf45526	JSON text data
2021-05-28 11:15	DOC.MD	29 kB	e1bda6e4f37ed024b14fed3eacf97832	ISO-8859 text, with CRLF line terminators
2021-05-18 14:33	live_editor.lua	1.9 kB	9a00386261931d44a6bad353586ef50b	ASCII text, with CRLF line terminators
2021-01-12 16:28	1ovr_99pot.lua	2.1 kB	5d6582cc7c9d7b83877f1f017c6867d1	ASCII text, with CRLF line terminators
2021-01-13 13:01	99ovr_99pot.lua	2.1 kB	5969299b8c1b1e1243dedcaca6fe0e15	ASCII text, with CRLF line terminators
2021-02-23 12:25	capture_newheads.lua	1.2 kB	af2330dfca39620ffc4505663d4cf429	ASCII text, with CRLF line terminators
2021-05-25 15:35	custom_headassetid_to_playerid.lua	1.7 kB	167d638f2bf641d23ef133374908eedd	ASCII text, with CRLF line terminators
2020-06-29 16:38	custom_tattoos_to_playerid.lua	2.1 kB	e2743e3a22ba67f472b95a3d3f3331fc	ASCII text, with CRLF line terminators
2021-02-14 14:47	generate_minifaces.lua	661 B	783b1b8c5fa397dea4d851dfc6863bbd	ASCII text, with CRLF line terminators
2020-06-29 16:40	is_retiring=0.lua	410 B	fc06e63332f89668d1e244419d900104	ASCII text, with CRLF line terminators
2021-02-11 14:16	list_players.lua	541 B	a8a10b7d41327ebdfd337bfcc2aecefe	ASCII text, with CRLF line terminators
2020-06-29 16:43	medium_socklenghtcode.lua	409 B	08f7982d5edac10399726e98875bb610	ASCII text, with CRLF line terminators
2020-06-29 15:17	modifier=0.lua	434 B	e52d13eafc0e24437a262472c44cc9c9	ASCII text, with CRLF line terminators
2020-06-29 16:47	untuck_shirts.lua	411 B	b1a95442c95c431463d7b575f296a932	ASCII text, with CRLF line terminators
2021-05-18 16:00	main_test.lua	12 kB	4fcb0a146ce0b29205f6ff8983c694c2	ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
VirusTotal	malicious	VirusTotal - Scan result 23/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET c10.patreonusercontent.com/4/patreon-media/p/post/53115071/900e05e432a14c8b94091dd4ab9256ae/eyJhIjoxLCJwIjoxfQ==/1.zip?token-hash=xO2WEsGcUKrevYVfoLzS5ltqoMD3HPLd7_52qL1ZbZA=&token-time=1750896000

104.18.69.106

200 OK

2.5 MB

URL

c10.patreonusercontent.com/4/patreon-media/p/post/53115071/900e05e432a14c8b94091dd4ab9256ae/eyJhIjoxLCJwIjoxfQ==/1.zip?token-hash=xO2WEsGcUKrevYVfoLzS5ltqoMD3HPLd7_52qL1ZbZA=&token-time=1750896000

IP / ASN

104.18.69.106

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=store

First Seen2025-06-22

Last Seen2025-06-22

Times Seen1

Size2.5 MB (2516193 bytes)

MD59f2cea5dce457fe1cbe5f914a47a4fb1

SHA1e9734542648b4b150e6aafe5226002ad20299eaa

SHA25606aa8f8ca2069764781cfaef781c5795f9300d13beed6628e8d9c49f3dd66b44

Certificate Info

IssuerGoogle Trust Services

Subjectpatreonusercontent.com

Fingerprint1B:CA:C2:71:E8:D3:69:A5:A6:A6:92:1D:2B:48:46:32:34:09:BA:EE

ValidityThu, 22 May 2025 07:09:36 GMT - Wed, 20 Aug 2025 08:09:25 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 23/67

HTTP Headers

GET /4/patreon-media/p/post/53115071/900e05e432a14c8b94091dd4ab9256ae/eyJhIjoxLCJwIjoxfQ==/1.zip?token-hash=xO2WEsGcUKrevYVfoLzS5ltqoMD3HPLd7_52qL1ZbZA=&token-time=1750896000 HTTP/1.1
Host: c10.patreonusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Jun 2025 21:16:42 GMT
content-type: application/zip
content-length: 2516193
cf-ray: 953ec4aeccab56bb-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: https://www.patreon.com
cache-control: public, max-age=31536000
content-disposition: attachment; filename="v21.1.1.9.zip"; filename*=utf-8''v21.1.1.9.zip
etag: "9f2cea5dce457fe1cbe5f914a47a4fb1|3es8"
expires: Mon, 22 Jun 2026 21:16:42 GMT
last-modified: Sun, 22 Jun 2025 17:37:17 GMT
vary: Accept-Encoding
access-control-allow-headers: Content-Type, Range, Content-Length
timing-allow-origin: https://patreon.com, https://www.patreon.com, https://*.patreondev.com
x-patreon-sha: 5caa65d174a2f1638bc8d45bbab2b39123bfee30
x-patreon-uuid: d1d7aca5-fb89-5450-985d-ed75b831ce0b
set-cookie: __cf_bm=_JlaZSHhMfl0gUtoxF3NKSLyeQ5WgksUZ3QPFgzeWA8-1750627002-1.0.1.1-loBMxgx_yjTeuuVnftYHR4fV3vv2P9jboF20PG.x1XTlJZCee3nY_wGxCojXk4iS5Ftk.ZxcwuDFZW7Jcnm5F2.4dHzddkh9O_28YxI36Bs; path=/; expires=Sun, 22-Jun-25 21:46:42 GMT; domain=.patreonusercontent.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pKhBxDaFld9ntCtO4n6Ug6I5VzkGC1RD7F7lPiJ1kCIk7Gkze7pRcmCCWdJnypQ4jAd8pXisuwJxJ8UtBfiyFTTYXAQ1BwWNgUvHFVbAHDybH6f9ppeX5qXG%2BrNPwY25BUsByctM1mu9FTBK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2