Report - dinazor.net/aradigimibuldum/rdr2/turkceyama/tryama.zip

Report Overview

Visitedpublic

2024-08-10 09:21:59

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown				2.6 kB	7.1 kB	23.36.76.226
dinazor.net	unknown				508 B	5.9 MB	104.21.30.69

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

dinazor.net/aradigimibuldum/rdr2/turkceyama/tryama.zip

IP / ASN

104.21.30.69

#13335 CLOUDFLARENET

File Overview

File TypeZip archive data, at least v1.0 to extract, compression method=store

Size5.9 MB (5878087 bytes)

MD5854ceb689c9a56f133e585fc01cba09f

SHA1c903fba8ac23878923e3405ced34d37a73c7c6e8

SHA2561789eb1ead3d95a47df3c3f97cd9d24a5e43e96309c21803f1e423bbd546abab

Archive (5)

Modified	Filename	Size	MD5	File type
2020-12-20 11:39	fontmap.xml	34 kB	a69d69dd457a36ebb19105198d3cb249	exported SGML document, ASCII text, with CRLF line terminators
2021-07-18 09:52	dinput8.dll	131 kB	f66b293ad5afa49c2bd8b58bdc18d453	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections
2021-12-30 01:30	fontfix.asi	10 kB	0fa5efd92129358430f351a5d6f33762	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections
2020-12-06 04:22	rdr2-translator.asi	39 kB	79c7e5923b363c26aa96676ad43ba03c	PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections
2021-12-30 00:51	rdr2-translator.xml	21 MB	d868c4a052ccff6bcc82b521cf3d2c22	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/69

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-09

Last Seen2024-08-19

Times Seen31992

Size504 B (504 bytes)

MD519cd88f88651f2e9f42740350df4b4d1

SHA1c6c7026e15281db4f24b3bc4ee2cfc2ecc26362c

SHA256b41a248824843236c8691934a5dfd24daa01f05cdc8cff81afdb9588dee24946

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B41A248824843236C8691934A5DFD24DAA01F05CDC8CFF81AFDB9588DEE24946"
Last-Modified: Thu, 08 Aug 2024 18:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12355
Expires: Sat, 10 Aug 2024 12:47:25 GMT
Date: Sat, 10 Aug 2024 09:21:30 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-08

Last Seen2024-08-19

Times Seen23654

Size504 B (504 bytes)

MD5a7b6b62c40d039614a8e497e28dfcb92

SHA1e5883c177b8d622fd5fc7a925e437df4c3fdb984

SHA256496d0482a522c54fcea43174ca83c7a72bcb5cfd6c15c02ecd955557ee00eb03

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "496D0482A522C54FCEA43174CA83C7A72BCB5CFD6C15C02ECD955557EE00EB03"
Last-Modified: Thu, 08 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6208
Expires: Sat, 10 Aug 2024 11:04:58 GMT
Date: Sat, 10 Aug 2024 09:21:30 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-09

Last Seen2024-08-19

Times Seen21363

Size504 B (504 bytes)

MD55f8acb1f8a25eb19fc33302dc7bf3c26

SHA193ad5ef9e7119c1064e966ea3ab2cade2438d5aa

SHA256277c320d7ff9556a6375e996308ba8d893601e14430af41b82904952d477f836

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "277C320D7FF9556A6375E996308BA8D893601E14430AF41B82904952D477F836"
Last-Modified: Thu, 08 Aug 2024 18:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7822
Expires: Sat, 10 Aug 2024 11:31:52 GMT
Date: Sat, 10 Aug 2024 09:21:30 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-08

Last Seen2024-08-19

Times Seen26433

Size504 B (504 bytes)

MD541f3021c1502428798a392f3c2ef0fc8

SHA1c7a61247c753e72345e5c4504056a09889a3916e

SHA256cb2873c69274d15b03f8aaa26260d7a2341f2e276f876f444f1fee5679266653

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CB2873C69274D15B03F8AAA26260D7A2341F2E276F876F444F1FEE5679266653"
Last-Modified: Thu, 08 Aug 2024 18:57:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19513
Expires: Sat, 10 Aug 2024 14:46:43 GMT
Date: Sat, 10 Aug 2024 09:21:30 GMT
Connection: keep-alive

GET dinazor.net/aradigimibuldum/rdr2/turkceyama/tryama.zip

104.21.30.69

200 OK

5.9 MB

URL User Request GET HTTPS

dinazor.net/aradigimibuldum/rdr2/turkceyama/tryama.zip

IP / ASN

104.21.30.69

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeZip archive data, at least v1.0 to extract, compression method=store

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size5.9 MB (5878087 bytes)

MD5854ceb689c9a56f133e585fc01cba09f

SHA1c903fba8ac23878923e3405ced34d37a73c7c6e8

SHA2561789eb1ead3d95a47df3c3f97cd9d24a5e43e96309c21803f1e423bbd546abab

Certificate Info

IssuerGoogle Trust Services

Subjectdinazor.net

Fingerprint40:C5:4A:45:13:99:E1:20:76:73:FA:40:B8:FA:28:55:1F:A6:06:5F

ValiditySat, 13 Jul 2024 10:54:35 GMT - Fri, 11 Oct 2024 10:54:34 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/69

HTTP Headers

GET /aradigimibuldum/rdr2/turkceyama/tryama.zip HTTP/1.1
Host: dinazor.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 10 Aug 2024 09:21:30 GMT
content-type: application/zip
content-length: 5878087
last-modified: Sun, 28 Jul 2024 11:10:22 GMT
x-turbo-charged-by: LiteSpeed
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F5IKgS%2FxUlQtta83RsebwFCdVL%2FBkKpRZZOq%2F%2F3%2B%2BTqyrMYKiyhiQSdy9Yt5YZ1zEKCSRJK%2FuSRGcVRzNxAzlCblThuUmasUVBVf1GTw9DqpXiiQnmIWjGMB6hK7ug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b0eea8748f056b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-08

Last Seen2024-08-19

Times Seen28705

Size504 B (504 bytes)

MD5cb72b4c8c0043447fb191d29a2987907

SHA1b21349d4cefa64181af49f91f868ffffb136a54a

SHA256eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7831
Expires: Sat, 10 Aug 2024 11:32:04 GMT
Date: Sat, 10 Aug 2024 09:21:33 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-08

Last Seen2024-08-19

Times Seen28705

Size504 B (504 bytes)

MD5cb72b4c8c0043447fb191d29a2987907

SHA1b21349d4cefa64181af49f91f868ffffb136a54a

SHA256eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7831
Expires: Sat, 10 Aug 2024 11:32:04 GMT
Date: Sat, 10 Aug 2024 09:21:33 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-08

Last Seen2024-08-19

Times Seen28705

Size504 B (504 bytes)

MD5cb72b4c8c0043447fb191d29a2987907

SHA1b21349d4cefa64181af49f91f868ffffb136a54a

SHA256eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7831
Expires: Sat, 10 Aug 2024 11:32:04 GMT
Date: Sat, 10 Aug 2024 09:21:33 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-08

Last Seen2024-08-19

Times Seen28705

Size504 B (504 bytes)

MD5cb72b4c8c0043447fb191d29a2987907

SHA1b21349d4cefa64181af49f91f868ffffb136a54a

SHA256eb81057e97fc772c3b55ff2d175797a88db6035f09ed472dcf8604e3c9434d1b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EB81057E97FC772C3B55FF2D175797A88DB6035F09ED472DCF8604E3C9434D1B"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7831
Expires: Sat, 10 Aug 2024 11:32:04 GMT
Date: Sat, 10 Aug 2024 09:21:33 GMT
Connection: keep-alive