Report - 185.239.211.79:8790/mods/FS22

Report Overview

Visited public
2024-09-30 08:22:50
Tags
URL
185.239.211.79:8790/mods/FS22_interactiveControl.zip
Finishing URL
about:privatebrowsing
IP / ASN
185.239.211.79
#51167 Contabo GmbH
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-29 18:13:43	1.3 kB	3.6 kB	23.36.76.226
185.239.211.79:8790	unknown	unknown	No data	No data	422 B	267 kB	185.239.211.79
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-29 18:12:51	981 B	2.7 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-09-30	medium	185.239.211.79	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
185.239.211.79:8790/mods/FS22_interactiveControl.zip
IP
185.239.211.79
ASN
#51167 Contabo GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
266 kB (266525 bytes)
Hash
7b2f33f0639f89618030346bcf7d9738
34443a5b9814ea6f67a0ea61e3abf6daaae20f97
41e81edb7789195607e9650d70e066d9674b3e769139b9f0b93bc224d3dbac43

Archive (25)

Modified	Filename	Size	Md5	File type
2022-12-12 22:59	ic_clickIcons.i3d	2.8 kB	e32799194c4f7044270737faea9ed67d	XML 1.0 document, ASCII text
2022-12-12 22:59	ic_clickIcons.i3d.shapes	3.4 kB	55f6ae45cc252aad136b887c859e0cfb	data
2022-12-12 22:59	ic_clickIcons_emissive.dds	1.4 MB	4e6c734faef832e8fb547492c670ef09	Microsoft DirectDraw Surface (DDS): 1024 x 1024, DXGI format: BC7_UNORM
2024-03-21 21:28	locale_br.xml	5.9 kB	91ac769621447c4b713a6512a5121851	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
2024-03-21 21:28	locale_cz.xml	6.1 kB	3eb2e249a265787af3c726f21deeedb9	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
2024-03-21 21:28	locale_de.xml	5.9 kB	a67eabbf8a6b27fae94241a25e56c607	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
2024-03-21 21:28	locale_en.xml	5.8 kB	0ff28d95d0fc5f3912f5071e51909f5e	XML 1.0 document, ASCII text, with CRLF line terminators
2024-03-21 21:29	locale_fr.xml	6.1 kB	42526856f9b2d97f847e51ecad460b53	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
2024-03-21 21:28	locale_it.xml	6.1 kB	3deba5d63c9e5586642a16e6d7de3ff8	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
2024-03-21 21:29	locale_pl.xml	6.1 kB	69fb6dfe4bc710e31626a887509d9f8a	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
2024-04-06 09:52	locale_ru.xml	7.5 kB	0d3c6d7b74275afaf0385f4f176db3ee	XML 1.0 document, Unicode text, UTF-8 text
2022-09-23 20:13	icon_interactiveControl.dds	33 kB	691798b7932c72ebcdc25b61af7c49b6	Microsoft DirectDraw Surface (DDS): 256 x 256, compressed using DX10
2024-03-21 21:29	modDesc.xml	5.5 kB	312284dd128a3c7500fe5a79199b4241	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (458), with CRLF line terminators
2024-04-07 18:14	ICNumStateEvent.lua	1.8 kB	33a1f6f529f6f6e828eca018e921fb9f	ASCII text, with CRLF line terminators
2024-04-07 18:13	ICStateEvent.lua	1.4 kB	36dcd321a8b7232fe30b59abf2e67426	ASCII text, with CRLF line terminators
2024-03-21 21:27	InteractiveBase.lua	5.4 kB	87cdc9b936845d24f3b2cef254976772	ASCII text, with CRLF line terminators
2024-03-21 21:27	InteractiveButton.lua	2.8 kB	0908ab8b4a560694864028b8975cd4d6	ASCII text, with CRLF line terminators
2024-03-21 21:28	InteractiveClickPoint.lua	13 kB	ebe33758d9d324829b7d2f87a091b46c	ASCII text, with CRLF line terminators
2024-03-21 21:21	loader.lua	7.6 kB	22c48201628fc51728830d79ec30a573	ASCII text, with CRLF line terminators
2024-03-21 21:27	AdditionalSettingsManager.lua	11 kB	fa2574f80e8863a71ab7408c31939188	ASCII text, with CRLF line terminators
2024-04-07 17:54	InteractiveControlManager.lua	8.7 kB	cf88ddd394e2379e3ee2119d3bf837eb	ASCII text, with CRLF line terminators
2024-03-21 21:25	InteractiveFunctions.lua	47 kB	e2668bbfcf2148c845835755b491188d	ASCII text, with CRLF line terminators
2024-04-03 16:56	InteractiveFunctions_externalMods.lua	24 kB	b0406e456859587aef3176b1bd0c9e5d	ASCII text, with CRLF line terminators
2024-03-21 21:25	AddInteractiveControl.lua	862 B	903f6c6be899496b7d8ed2425b9f9d62	ASCII text, with CRLF line terminators
2024-04-07 17:54	InteractiveControl.lua	60 kB	f88f36d61341fabe296d744f6cde70d9	ASCII text, with CRLF line terminators

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
d070dea5a1c30c330443d09132734e63
3ca8c0f7cd2afd3a26da8bbe3f8a47c5995294f4
4868faf0cf6c4f9bd0d7db49dcde0b7358890c362d5281a233ab666a702e1741

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4868FAF0CF6C4F9BD0D7DB49DCDE0B7358890C362D5281A233AB666A702E1741"
Last-Modified: Sat, 28 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7142
Expires: Mon, 30 Sep 2024 10:21:26 GMT
Date: Mon, 30 Sep 2024 08:22:24 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
dbde5c5adbbd6a8e97882b8268361ce9
d8857cca329a8ee2f9f6af7d4e534e394d9d59f1
dcd0a39d2797b3578c25899fd889c37ff54980f9dbc1888dce17d6512539e9f0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DCD0A39D2797B3578C25899FD889C37FF54980F9DBC1888DCE17D6512539E9F0"
Last-Modified: Sun, 29 Sep 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18644
Expires: Mon, 30 Sep 2024 13:33:08 GMT
Date: Mon, 30 Sep 2024 08:22:24 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
aae837b7f2ef5de4d66d438798369bcd
fcfbcb8dcd8faf9af9ea780440bc18762f060780
f36f32272995a27c5e8becd123957f0185c784ed591102043179dae02676b3c7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F36F32272995A27C5E8BECD123957F0185C784ED591102043179DAE02676B3C7"
Last-Modified: Mon, 30 Sep 2024 02:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10729
Expires: Mon, 30 Sep 2024 11:21:13 GMT
Date: Mon, 30 Sep 2024 08:22:24 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
58904a4fbcfb57844d0914da3af1d8c7
469367b4264860d89f0d683cde706e74b21ec66f
92a694d29fa63c8da404b537d0eaac859796cf351325de5b9cb23010089797cc

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "92A694D29FA63C8DA404B537D0EAAC859796CF351325DE5B9CB23010089797CC"
Last-Modified: Mon, 30 Sep 2024 05:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21421
Expires: Mon, 30 Sep 2024 14:19:25 GMT
Date: Mon, 30 Sep 2024 08:22:24 GMT
Connection: keep-alive

185.239.211.79:8790/mods/FS22_interactiveControl.zip

185.239.211.79

200 OK

266 kB

URL User Request GET HTTP/1.1
185.239.211.79:8790/mods/FS22_interactiveControl.zip
IP
185.239.211.79:8790
ASN
#51167 Contabo GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
266 kB (266525 bytes)
Hash
7b2f33f0639f89618030346bcf7d9738
34443a5b9814ea6f67a0ea61e3abf6daaae20f97
41e81edb7789195607e9650d70e066d9674b3e769139b9f0b93bc224d3dbac43

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /mods/FS22_interactiveControl.zip HTTP/1.1
Host: 185.239.211.79:8790
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-control: must-revalidate, post-check=0, pre-check=0
Content-description: File Transfer
Content-disposition: attachment; filename="FS22_interactiveControl.zip"
Content-transfer-encoding: binary
Content-type: application/zip
Date: Mon, 30 Sep 2024 10:22:24 GMT
Expires: 0
Last-modified: Mon, 30 Sep 2024 10:22:24 GMT
Pragma: public
Server: GIANTS Dedicated Server GIANTS Dedicated Server/9.2.0.0
Set-Cookie: SessionID=276221727658382; path=/
Content-Length: 266525

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c2a3b54f1ea3524f1e245394fcee2ef5
31071486f17a9c03f074bd4eacd613154981d96b
4a6a61e13af0bb23013d85fa3ef347be1bc968595d8c40f19f9d24214fe10b90

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4A6A61E13AF0BB23013D85FA3EF347BE1BC968595D8C40F19F9D24214FE10B90"
Last-Modified: Mon, 30 Sep 2024 02:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21189
Expires: Mon, 30 Sep 2024 14:15:35 GMT
Date: Mon, 30 Sep 2024 08:22:26 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c2a3b54f1ea3524f1e245394fcee2ef5
31071486f17a9c03f074bd4eacd613154981d96b
4a6a61e13af0bb23013d85fa3ef347be1bc968595d8c40f19f9d24214fe10b90

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4A6A61E13AF0BB23013D85FA3EF347BE1BC968595D8C40F19F9D24214FE10B90"
Last-Modified: Mon, 30 Sep 2024 02:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21189
Expires: Mon, 30 Sep 2024 14:15:35 GMT
Date: Mon, 30 Sep 2024 08:22:26 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c2a3b54f1ea3524f1e245394fcee2ef5
31071486f17a9c03f074bd4eacd613154981d96b
4a6a61e13af0bb23013d85fa3ef347be1bc968595d8c40f19f9d24214fe10b90

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4A6A61E13AF0BB23013D85FA3EF347BE1BC968595D8C40F19F9D24214FE10B90"
Last-Modified: Mon, 30 Sep 2024 02:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21189
Expires: Mon, 30 Sep 2024 14:15:35 GMT
Date: Mon, 30 Sep 2024 08:22:26 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers