Report - dl.all-cs.ru/cs16/weapon-skins/m4a1/m4a4-death-walker.zip

Report Overview

Submitted URL
dl.all-cs.ru/cs16/weapon-skins/m4a1/m4a4-death-walker.zip
IP
104.26.7.180
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 02:40:56
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-17	512 B	1.2 kB	35.244.181.201
dl.all-cs.ru	unknown	2007-06-12	2020-09-02	2024-04-17	511 B	5.3 MB	104.26.6.180

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
dl.all-cs.ru/cs16/weapon-skins/m4a1/m4a4-death-walker.zip
IP
104.26.6.180
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
5.3 MB (5285303 bytes)
Hash
23cf60221e9ba8b69b02a71ef3490d06
869f5148bf72d0ac378667ba50d3580ed2d5f301
e86d982939331cdc821a52c15eaeb2ccf725fe1ed31431f635a622bd537940a8

Archive (16)

Filename

Md5

File type

p_m4a1.mdl

4942ddcfa0e665a0e56639d58a69ea16

data

v_m4a1.mdl

5e07524e7e132f6db871bcd7aa62d25c

data

w_m4a1.mdl

a48da6c55e97a03451d4485f203d74af

data

m4a1-1.wav

a4936edea9e4f9ebbf1843cb4c34db14

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

m4a1_unsil-1.wav

f45ac60780427483a439f6e9276803fc

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

m4a1_unsil-2.wav

f45ac60780427483a439f6e9276803fc

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

m4_boltback.wav

bf24be76f7e7a93a2681141ea664cc27

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

m4_boltforward.wav

b373a4765f946d32a3543325faea17ab

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

m4_boltrelease.wav

9ce0e9f7d05e786716ce664d78e7be6a

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

m4_clipin.wav

d48d2cee48615598a7dad1f9e045b0c9

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

m4_clipout.wav

027fb6dbedcabbbb6dbe5549b9c349be

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

m4_draw.wav

c524c14636f55bb6cfdbde38b71da2c0

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

m4_silencer_on.wav

49d673571191a23e92dc2fb85fa5aecc

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

m4_sil_off.wav

55eecea9073f6d73ba43acd909c7147a

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz

3000+ ᪨�� all-cs.ru (��䨣�).url

1dd56e0a4c7abe4408e36c9866ae39e7

Generic INItialization configuration [InternetShortcut]

�� ⠭�� ᪨�� (�᫨ �� 㬥��).url

53e54f1e168670a5af49a74e9485cf92

Generic INItialization configuration [InternetShortcut]

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	dl.all-cs.ru/cs16/weapon-skins/m4a1/m4a4-death-walker.zip	104.26.6.180	200 OK	5.3 MB
URL User Request GET HTTP/2 dl.all-cs.ru/cs16/weapon-skins/m4a1/m4a4-death-walker.zip IP 104.26.6.180:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subjectdl.all-cs.ru Fingerprint0F:21:70:F1:40:D7:53:E1:DC:68:7E:3F:BA:EE:33:70:5B:5F:5B:66 ValiditySun, 10 Mar 2024 07:31:22 GMT - Sat, 08 Jun 2024 07:31:21 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 5.3 MB (5285303 bytes) Hash 23cf60221e9ba8b69b02a71ef3490d06 869f5148bf72d0ac378667ba50d3580ed2d5f301 e86d982939331cdc821a52c15eaeb2ccf725fe1ed31431f635a622bd537940a8 HTTP Headers `GET /cs16/weapon-skins/m4a1/m4a4-death-walker.zip HTTP/1.1 Host: dl.all-cs.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 18 Apr 2024 02:40:28 GMT content-type: application/zip content-length: 5285303 last-modified: Mon, 02 Dec 2019 17:18:45 GMT x-rgw-object-type: Normal etag: "23cf60221e9ba8b69b02a71ef3490d06" x-amz-request-id: tx000000000000037c49036-00661b532a-3a7de465-ams3a vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding strict-transport-security: max-age=15552000; includeSubDomains; preload x-do-cdn-uuid: f0e11bd3-4038-45f8-8f55-d013d210eb99 cache-control: max-age=86400 x-envoy-upstream-healthchecked-cluster: cf-cache-status: MISS accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SjdudlqW9eUognlvSILhHlwgNY5nZWRsJ1tVHR7ttXcd9OKC%2BkrctuCs%2FTEWaxiEiRBeYoaYbdXXNRTBwCngGSVKAbzu0Xc3ydLi6dbQQPAG1Gq3urMA5ldf%2FjOICg%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 87614a54ed4556cb-OSL X-Firefox-Spdy: h2

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201		444 B
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP 35.244.181.201:0 ASN #396982 GOOGLE-CLOUD-PLATFORM File type XML 1.0 document, ASCII text, with very long lines (332) Size 444 B (444 bytes) Hash 3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=nwpRAhARQa0tPW_vs0kvVaNJhNMlzDgOMVtDcl9Ahw_6n3tiD01C3kDrPhJzzQeOYbaCaxUwg4AhziwcsGhP04zT1WGCwsNf9EJEegQk0suw2g8D4iWBPd9WbyD4SGeO strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: HIT content-encoding: gzip via: 1.1 google date: Thu, 18 Apr 2024 02:40:30 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 18 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2