Report - chii.modthesims.info/getfile.php?file=2049760&v=1705899912

Report Overview

Submitted URL
chii.modthesims.info/getfile.php?file=2049760&v=1705899912
IP
209.133.203.187
ASN
#29802 HVC-AS
Submitted
2024-04-25 21:54:33
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
skuld.modthesims2.com	unknown	2004-05-12	2014-07-21	2024-04-17	562 B	14 MB	172.67.218.241
chii.modthesims.info	unknown	2007-07-20	2012-09-02	2024-02-22	514 B	14 MB	209.133.203.187

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
skuld.modthesims2.com/files/1/0/2/5/1/9/4/7/MTS_Onebeld_2049760_RegulSaveCleaner-v4.0.2-win.zip?v=1705899912
IP
172.67.218.241
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
14 MB (14198374 bytes)
Hash
9a3daad91caf143cae1e404904b04993
51d0d7d6cace4dc788be78602b7d881d1f14aedb
295930b3f2b826bdd9bf720b362425a74134254218a1ba045fa5f7129cf0329f

Archive (4)

Filename

Md5

File type

av_libglesv2.dll

73d2fb4c35d323813a86e3bf5c85c345

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

libHarfBuzzSharp.dll

eaa6c0d42c8967d86a39808806c49869

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

libSkiaSharp.dll

70d45a6d44b56f1be6a3146f5f3b32f2

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 10 sections

RegulSaveCleaner.exe

d54443d4a18350e3f032c07a8880414a

PE32+ executable (GUI) x86-64, for MS Windows, 9 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	skuld.modthesims2.com/files/1/0/2/5/1/9/4/7/MTS_Onebeld_2049760_RegulSaveCleaner-v4.0.2-win.zip?v=1705899912	172.67.218.241	200 OK	14 MB
URL User Request GET HTTP/2 skuld.modthesims2.com/files/1/0/2/5/1/9/4/7/MTS_Onebeld_2049760_RegulSaveCleaner-v4.0.2-win.zip?v=1705899912 IP 172.67.218.241:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subjectmodthesims2.com Fingerprint59:B9:1A:4E:98:F9:A9:27:5C:09:29:05:C9:18:43:E2:DE:54:62:1D ValidityTue, 12 Mar 2024 23:58:49 GMT - Mon, 10 Jun 2024 23:58:48 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 14 MB (14198374 bytes) Hash 9a3daad91caf143cae1e404904b04993 51d0d7d6cace4dc788be78602b7d881d1f14aedb 295930b3f2b826bdd9bf720b362425a74134254218a1ba045fa5f7129cf0329f HTTP Headers GET /files/1/0/2/5/1/9/4/7/MTS_Onebeld_2049760_RegulSaveCleaner-v4.0.2-win.zip?v=1705899912 HTTP/1.1 Host: skuld.modthesims2.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 25 Apr 2024 21:54:02 GMT content-type: application/zip content-length: 14198374 last-modified: Mon, 22 Jan 2024 05:05:12 GMT etag: "65adf788-d8a666" cache-control: max-age=14400 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EA0ia%2FcK7BhBzKH2HYpcNiuxsj%2FuhX3Krhi3qIK93YhaXLSwCQrYNJzGIEQzl%2B5%2BnjaYMVYUClXgNEAo%2B%2FxfF4luGRYzyaPVjtpXfiRlPCqel%2B0UcPIeK13aqLP%2BJxzMxC6qtIcsieg%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 87a191bd1af37127-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	chii.modthesims.info/getfile.php?file=2049760&v=1705899912	209.133.203.187	302 Found	14 MB
URL User Request GET HTTP/2 chii.modthesims.info/getfile.php?file=2049760&v=1705899912 IP 209.133.203.187:443 ASN #29802 HVC-AS Certificate IssuerSectigo Limited Subject.modthesims.info Fingerprint9A:34:29:08:F5:8B:A8:2B:B2:1F:30:23:99:A3:6D:4F:CD:A8:FB:7A ValidityWed, 30 Aug 2023 00:00:00 GMT - Thu, 12 Sep 2024 23:59:59 GMT File type Size 14 MB (14198374 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /getfile.php?file=2049760&v=1705899912 HTTP/1.1 Host: chii.modthesims.info User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 302 Found server: nginx date: Thu, 25 Apr 2024 21:54:02 GMT content-type: text/html; charset=UTF-8 location: https://skuld.modthesims2.com/files/1/0/2/5/1/9/4/7/MTS_Onebeld_2049760_RegulSaveCleaner-v4.0.2-win.zip?v=1705899912 X-Firefox-Spdy: h2`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (4)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers