Report - ldcdn.ldmnq.com/download/ldad/LDPlayer4.exe?n=LDPlayer4_ru_6050

Report Overview

Visited public
2024-10-09 17:18:09
Tags
URL
ldcdn.ldmnq.com/download/ldad/LDPlayer4.exe?n=LDPlayer4_ru_6050_ld.exe5.1
Finishing URL
about:privatebrowsing
IP / ASN
47.246.44.198
#24429 Zhejiang Taobao Network Co.,Ltd
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-10-08 18:12:09	654 B	1.8 kB	23.36.76.249
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-08 18:12:21	1.3 kB	3.5 kB	23.36.76.225
ldcdn.ldmnq.com	875526	2016-05-19	2022-11-23 14:15:48	2024-10-07 20:02:35	527 B	3.5 MB	47.246.44.225

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
ldcdn.ldmnq.com/download/ldad/LDPlayer4.exe?n=LDPlayer4_ru_6050_ld.exe5.1
IP
47.246.44.225
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
Size
3.5 MB (3524208 bytes)
Hash
9f9bbd12ae5894046810e6736ec4d892
9e81b764a40ec39f6667c54b8d40da0b97cb5a7f
8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 22/71

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.76.225

504 B

URL
r10.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c3fbe0b62fa278b1a007491908bb16f2
2ae17f1c5ae52ff197923ec0189f34ad3f43e645
a4eca96abeac5f2760f850db06e2fa5bf29dc017d9d33eabf73943fa4bb94197

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A4ECA96ABEAC5F2760F850DB06E2FA5BF29DC017D9D33EABF73943FA4BB94197"
Last-Modified: Wed, 09 Oct 2024 04:48:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7142
Expires: Wed, 09 Oct 2024 19:16:44 GMT
Date: Wed, 09 Oct 2024 17:17:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.225

504 B

URL
r10.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ca9529e5dcfdfe04a1af2baa41d988d6
2f7b1a6c5d3e1c8c9f52c513ee250006de18b00b
fea81540ca4c6f34f779c3306d4414c07bab63cec6b11425d8e3c5fb74118be3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FEA81540CA4C6F34F779C3306D4414C07BAB63CEC6B11425D8E3C5FB74118BE3"
Last-Modified: Wed, 09 Oct 2024 11:30:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17799
Expires: Wed, 09 Oct 2024 22:14:21 GMT
Date: Wed, 09 Oct 2024 17:17:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.225

504 B

URL
r10.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
46338129794811f186a0b7a4f44fa3ec
f2e9fd21618da6188e9b28d1abaf563cabf4d29d
c062cb8b7804448db2cfb7aec7389f996d3c14fe2699a038ab536c7e0a99ae88

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C062CB8B7804448DB2CFB7AEC7389F996D3C14FE2699A038AB536C7E0A99AE88"
Last-Modified: Tue, 08 Oct 2024 04:15:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7538
Expires: Wed, 09 Oct 2024 19:23:20 GMT
Date: Wed, 09 Oct 2024 17:17:42 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.225

504 B

URL
r10.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
31fc782bf1efb76a7251d3e45007b986
7cfef07644e0e4aad99bfa3dd10cf975f7c06f89
663061e811010828ed222146cbb81114a49ba635f6c6547f3601ae0c3de1409d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "663061E811010828ED222146CBB81114A49BA635F6C6547F3601AE0C3DE1409D"
Last-Modified: Tue, 08 Oct 2024 04:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6157
Expires: Wed, 09 Oct 2024 19:00:19 GMT
Date: Wed, 09 Oct 2024 17:17:42 GMT
Connection: keep-alive

ldcdn.ldmnq.com/download/ldad/LDPlayer4.exe?n=LDPlayer4_ru_6050_ld.exe5.1

47.246.44.225

200 OK

3.5 MB

URL User Request GET HTTP/2
ldcdn.ldmnq.com/download/ldad/LDPlayer4.exe?n=LDPlayer4_ru_6050_ld.exe5.1
IP
47.246.44.225:443
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

Certificate
IssuerDigiCert Inc
Subject*.ldmnq.com
FingerprintD2:D3:0A:53:A0:A8:C2:08:AF:98:D5:AB:38:B6:0E:57:2C:06:1D:F1
ValidityWed, 18 Sep 2024 00:00:00 GMT - Thu, 18 Sep 2025 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
Size
3.5 MB (3524208 bytes)
Hash
9f9bbd12ae5894046810e6736ec4d892
9e81b764a40ec39f6667c54b8d40da0b97cb5a7f
8d48d0a05d581922a4d30ba98cbf51ea981a37c95fad689e0b84b979e312f6a4

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 22/71

HTTP Headers

GET /download/ldad/LDPlayer4.exe?n=LDPlayer4_ru_6050_ld.exe5.1 HTTP/1.1
Host: ldcdn.ldmnq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: Tengine
content-type: application/octet-stream
content-length: 3524208
date: Sun, 06 Oct 2024 16:54:02 GMT
x-oss-request-id: 6702C0AA89FDF53438DFCF40
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "9F9BBD12AE5894046810E6736EC4D892"
last-modified: Mon, 09 Sep 2024 02:13:20 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 6674992920527292388
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: n5u9Eq5YlARoEOZzbsTYkg==
x-oss-server-time: 42
access-control-allow-origin: *
via: ens-cache16.l2de3[0,74,200-0,H], ens-cache2.l2de3[77,0], ens-cache1.se2[104,104,200-0,M], ens-cache11.se2[106,0]
age: 260621
ali-swift-global-savetime: 1728233642
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Wed, 09 Oct 2024 17:17:43 GMT
x-swift-cachetime: 2331379
content-disposition: attachment;filename=LDPlayer4_ru_6050_ld.exe5.1
access-control-allow-methods: GET,POST,PUT
timing-allow-origin: *
eagleid: 2ff62c9f17284942631663130e
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.76.249

504 B

URL
r11.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
aa746f2452828a39148ef2ed129c14f6
aab2904047696ac367e2bfc0ffb1ba44c9c84256
5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7"
Last-Modified: Tue, 08 Oct 2024 04:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4984
Expires: Wed, 09 Oct 2024 18:40:48 GMT
Date: Wed, 09 Oct 2024 17:17:44 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.249

504 B

URL
r11.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
aa746f2452828a39148ef2ed129c14f6
aab2904047696ac367e2bfc0ffb1ba44c9c84256
5c76fd0fb994332de5317dc7d533ae3edb60d9f0ce253f839e609d83a3bf0fa7

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5C76FD0FB994332DE5317DC7D533AE3EDB60D9F0CE253F839E609D83A3BF0FA7"
Last-Modified: Tue, 08 Oct 2024 04:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4984
Expires: Wed, 09 Oct 2024 18:40:48 GMT
Date: Wed, 09 Oct 2024 17:17:44 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers