Report - cdn.discordapp.com/attachments/1267106168170610793/1267593251993555085/Loader.zip?ex=66ab53f6&is=66aa0276&hm=757b2213e6a82f33e46c51b29591e37d287b7abd80c07c4d405e83c0d594f540&

Report Overview

Visited public
2024-07-31 10:33:20
Tags
URL
cdn.discordapp.com/attachments/1267106168170610793/1267593251993555085/Loader.zip?ex=66ab53f6&is=66aa0276&hm=757b2213e6a82f33e46c51b29591e37d287b7abd80c07c4d405e83c0d594f540&
Finishing URL
about:privatebrowsing
IP / ASN
162.159.135.233
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-30 18:12:03	2.6 kB	7.1 kB	23.36.77.32
cdn.discordapp.com	2474	2015-02-26	2015-08-24 15:06:21	2024-07-30 18:12:14	628 B	16 MB	162.159.135.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1267106168170610793/1267593251993555085/Loader.zip?ex=66ab53f6&is=66aa0276&hm=757b2213e6a82f33e46c51b29591e37d287b7abd80c07c4d405e83c0d594f540&
IP
162.159.135.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
16 MB (15892155 bytes)
Hash
de3bc9ef311655ef86643582017769ca
47e314028162b0907ac9c9ead5771b43e6a28ca5
aab20a3205eec413fd9df26e70636dd4e192bcaf23ee9544187b515a2757c148

Archive (9)

Filename

Md5

File type

dmxmlhelputils.dll

9abd95d760a752257bcb7f5ee3c14008

data

netid.dll.mui

cd2e3b8d8a457c5dc46b32e22aa6f85f

data

NotificationController.dll.mui

5a940db75a80c7571cc221cf3870ef78

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

SmiEngine.dll.mui

a0db1f60834e4cc834d87ce05449e86d

data

wfascim.dll.mui

6dd6dcef7b35588fe7f1eb40f6eb3027

OpenPGP Secret Key

mqutil.dll.mui

cb3a5f54d475674a55d0a326a1cb1124

data

samlib.dll

f3078d7cbe7d330f06c51dc177f58e6f

data

setup.exe

78a218091d0b04ab3ea7dd6d18cd1823

PE32+ executable (GUI) x86-64, for MS Windows, 8 sections

wdi.dll

7d326b235ab064ff70376f1d015cc084

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

JavaScript (0)

HTTP Transactions (9)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash eb8b5a3f62f8ead7f86e028723019196 8941f16c283439f44a148ba7668a67a55aba16de f76a44ac993c568fcdac2165655a7886f3207e980286b7605a48dc897e4fd68b HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "F76A44AC993C568FCDAC2165655A7886F3207E980286B7605A48DC897E4FD68B" Last-Modified: Mon, 29 Jul 2024 18:28:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3473 Expires: Wed, 31 Jul 2024 11:30:38 GMT Date: Wed, 31 Jul 2024 10:32:45 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 0a7ed9f549f2b3f25d9e54500bcb15b9 93b4f0fb8a1be59fa68f9a72a2196c84be6ad61a 8855ef94f553a3d130a13bdf45ba112b3a3282a8110a98dae49144e0b70cff7b HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "8855EF94F553A3D130A13BDF45BA112B3A3282A8110A98DAE49144E0B70CFF7B" Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2798 Expires: Wed, 31 Jul 2024 11:19:23 GMT Date: Wed, 31 Jul 2024 10:32:45 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 7335e53b6e780bcc46feb27b6421e625 d5405503dbb1d5d734473133fdd449be49ef8ef0 3fe77d2e06518aee992b779c45a0b57d1353d7e9232e57d99d79bfdfaa488e34 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "3FE77D2E06518AEE992B779C45A0B57D1353D7E9232E57D99D79BFDFAA488E34" Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=12098 Expires: Wed, 31 Jul 2024 13:54:24 GMT Date: Wed, 31 Jul 2024 10:32:46 GMT Connection: keep-alive`

	cdn.discordapp.com/attachments/1267106168170610793/1267593251993555085/Loader.zip?ex=66ab53f6&is=66aa0276&hm=757b2213e6a82f33e46c51b29591e37d287b7abd80c07c4d405e83c0d594f540&	162.159.135.233	200 OK	16 MB
URL User Request GET HTTP/2 cdn.discordapp.com/attachments/1267106168170610793/1267593251993555085/Loader.zip?ex=66ab53f6&is=66aa0276&hm=757b2213e6a82f33e46c51b29591e37d287b7abd80c07c4d405e83c0d594f540& IP 162.159.135.233:443 ASN #13335 CLOUDFLARENET Certificate IssuerCloudflare, Inc. Subjectdiscordapp.com Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39 ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 16 MB (15892155 bytes) Hash de3bc9ef311655ef86643582017769ca 47e314028162b0907ac9c9ead5771b43e6a28ca5 aab20a3205eec413fd9df26e70636dd4e192bcaf23ee9544187b515a2757c148 HTTP Headers GET /attachments/1267106168170610793/1267593251993555085/Loader.zip?ex=66ab53f6&is=66aa0276&hm=757b2213e6a82f33e46c51b29591e37d287b7abd80c07c4d405e83c0d594f540& HTTP/1.1 Host: cdn.discordapp.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Wed, 31 Jul 2024 10:32:46 GMT content-type: application/zip content-length: 15892155 cf-ray: 8abced28d96c568f-OSL cf-cache-status: HIT accept-ranges: bytes, bytes age: 1223 cache-control: public, max-age=31536000 content-disposition: attachment etag: "de3bc9ef311655ef86643582017769ca" expires: Thu, 31 Jul 2025 10:32:46 GMT last-modified: Mon, 29 Jul 2024 21:23:02 GMT vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1722288182255004 x-goog-hash: crc32c=YS1L9w==, md5=3jvJ7zEWVe+GZDWCAXdpyg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 15892155 x-guploader-uploadid: AHxI1nNYCMLc9F1ziBefM9oIrRs3mqFMCG1Td5Knqsg4qLmseVVka4QpQmBPRhresy1ok-kXujozCYT_EQ x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwMdMBV2uqwlxr0z3tNFHv6xSzMd1dge36qIUGE7m%2Bq6A9OW5srEVaLoqlyGTLuCTW6B%2BTUdMxYfChTF8wF5fNVIf5ohGNnd6rYuUDoTQsDzCuvC%2FSuGIi89yn8rqZm5JzOXhA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} set-cookie: __cf_bm=2FzwehLCZVQysX15crMM_vnW57miB.g2_.SPrZWV6eU-1722421966-1.0.1.1-CjzeEYUxfSlxYC.zLrObyAqNveFyElRetjQnANBbmOoDrWPa56BM1y.O9EmX_79PC0UFRCF1rpmAuaBebljezw; path=/; expires=Wed, 31-Jul-24 11:02:46 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None _cfuvid=fa2kVKAejzPKuy1UWoGRyThN57CGgfn73C_y_KVsa24-1722421966249-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None server: cloudflare X-Firefox-Spdy: h2

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 15f96036fbb7eb8f1dca46d5deb56cb3 5d53fb802bba0a433e8fcb0fd8a002f9a37a4686 e85fa0f570601f68b9d4960c3315fa0464fa580ba6b1d34f709ca2cb7b201e87 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "E85FA0F570601F68B9D4960C3315FA0464FA580BA6B1D34F709CA2CB7B201E87" Last-Modified: Mon, 29 Jul 2024 18:27:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15900 Expires: Wed, 31 Jul 2024 14:57:50 GMT Date: Wed, 31 Jul 2024 10:32:50 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 3bcd70e3c9d0d4edf43c4f35306f7898 8334db3317d065d5811e8826adecfd876f29ef3b 5c019bbd4244b83f2efb9f2c82868b9a35ee0351083f4eb2b637904e45caa0ff HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "5C019BBD4244B83F2EFB9F2C82868B9A35EE0351083F4EB2B637904E45CAA0FF" Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5655 Expires: Wed, 31 Jul 2024 12:07:05 GMT Date: Wed, 31 Jul 2024 10:32:50 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 3bcd70e3c9d0d4edf43c4f35306f7898 8334db3317d065d5811e8826adecfd876f29ef3b 5c019bbd4244b83f2efb9f2c82868b9a35ee0351083f4eb2b637904e45caa0ff HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "5C019BBD4244B83F2EFB9F2C82868B9A35EE0351083F4EB2B637904E45CAA0FF" Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5655 Expires: Wed, 31 Jul 2024 12:07:05 GMT Date: Wed, 31 Jul 2024 10:32:50 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 3bcd70e3c9d0d4edf43c4f35306f7898 8334db3317d065d5811e8826adecfd876f29ef3b 5c019bbd4244b83f2efb9f2c82868b9a35ee0351083f4eb2b637904e45caa0ff HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "5C019BBD4244B83F2EFB9F2C82868B9A35EE0351083F4EB2B637904E45CAA0FF" Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5655 Expires: Wed, 31 Jul 2024 12:07:05 GMT Date: Wed, 31 Jul 2024 10:32:50 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 3bcd70e3c9d0d4edf43c4f35306f7898 8334db3317d065d5811e8826adecfd876f29ef3b 5c019bbd4244b83f2efb9f2c82868b9a35ee0351083f4eb2b637904e45caa0ff HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "5C019BBD4244B83F2EFB9F2C82868B9A35EE0351083F4EB2B637904E45CAA0FF" Last-Modified: Mon, 29 Jul 2024 18:58:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5652 Expires: Wed, 31 Jul 2024 12:07:05 GMT Date: Wed, 31 Jul 2024 10:32:53 GMT Connection: keep-alive`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (9)

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers