Report - anadius.su/attachments/EA%20DLC%20Unlocker%20v2.zip

Report Overview

Visited public
2025-04-21 17:38:37
Tags
URL
anadius.su/attachments/EA%20DLC%20Unlocker%20v2.zip
Finishing URL
about:privatebrowsing
IP / ASN
91.149.227.100
#200508 Sorok76 Ltd
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
anadius.su	unknown	2023-11-07	2023-11-13	2025-04-17	519 B	250 kB	91.149.227.100

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
anadius.su/attachments/EA%20DLC%20Unlocker%20v2.zip
IP
91.149.227.100
ASN
#200508 Sorok76 Ltd

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
250 kB (249797 bytes)
Hash
83658d708047e1668be07f142ed9c8cc
1c632de677d8afd53b8a4c008f6ae9f6fd8c9819
fe5c3d62b5293d359a0c9935c951d3a39afdffbe984331252385e52e89b1f729

Archive (31)

Filename

Md5

File type

g_STAR WARS Jedi Survivor.ini

85ec254324d2b9b8bd33fc7e1023d873

ASCII text, with CRLF line terminators

g_My Time at Portia.ini

ede7b7058e8c95575ef5517d36784fe2

ASCII text, with CRLF line terminators

g_Dead Space 2023.ini

fc3f0c4d744a4310c775b2879399c468

ASCII text, with CRLF line terminators

g_The Surge.ini

7b0cffc89d868888402003be8d94c0e7

ASCII text, with CRLF line terminators

g_The Sims 4.ini

2622f5974b4357dbd7eabc958376eff3

Unicode text, UTF-8 text, with CRLF line terminators

g_SimCity 2013.ini

2a83a1d376bd05d4c5516aa75c9d7786

ASCII text, with CRLF line terminators

setup.bat

dcc9950b262c57c2f7cb5cf62d079099

ASCII text, with very long lines (321), with CRLF line terminators

g_STAR WARS Jedi Fallen Order.ini

473c794e2d9ce2a2a68879595b0e7f04

ASCII text, with CRLF line terminators

g_Cities Skylines.ini

b7f9bf30d6947aff647b416da0fd551f

ASCII text, with CRLF line terminators

g_Mutant Year Zero.ini

d2df62135af50232e599c5be5f1105b3

ASCII text, with CRLF line terminators

g_Need For Speed Heat.ini

c11c8268aa87fd021f691d4ae9529ccb

ASCII text, with CRLF line terminators

g_Northgard.ini

43b7f6386594bb53e06aa1b750950f47

ASCII text, with CRLF line terminators

setup_linux.sh

8c366769d0258e5b915688014508fdc8

Bourne-Again shell script, ASCII text executable

g_It Takes Two.ini

31561acf01f495280b2e03ec26b7812f

ASCII text, with CRLF line terminators

g_F1 23.ini

18416efa57d527355f065064172a821d

ASCII text, with CRLF line terminators

g_Need For Speed Unbound.ini

912cda0f30aacdf32d75bfb6ead38933

Unicode text, UTF-8 text, with CRLF line terminators

config.ini

9cd8592f5b8934fec8b47994c4fda5b6

Generic INItialization configuration [autoupdate]

g_This War of Mine.ini

d60f144dce2ff1ecbe28b1b5b6276f3e

ASCII text, with CRLF line terminators

g_The Sims 3.ini

55daa556f13a5d4d7fe9aecf7d8a4d64

ASCII text, with CRLF line terminators

g_Need For Speed Payback.ini

c49b925d0158a9c34e976d436c8ac2a0

ASCII text, with CRLF line terminators

g_GRID Legends.ini

c2dc8a3df7745fc6bafb633d4ea33fb5

ASCII text, with CRLF line terminators

readme.txt

1d91eea5c0aa4a1e16e75c8fe2815a7c

ASCII text, with CRLF line terminators

g_Frostpunk.ini

fb2516caacebcdb02e9f2194ba72de12

ASCII text, with CRLF line terminators

g_Tales of Kenzera ZAU.ini

bd254a902a564a63590230d825614a2b

ASCII text, with CRLF line terminators

g_The Sinking City.ini

7a4cd7023da1924c4e9b8a062742ed5f

ASCII text, with CRLF line terminators

g_F1 22.ini

51fff0fdf96929ece2b1ca964d006550

Unicode text, UTF-8 text, with CRLF line terminators

g_Dead Space 3.ini

19f5deda4368c463d16687109abf543d

ASCII text, with CRLF line terminators

g_Tropico 6.ini

768e49dae6976e945da44c075a1dd38d

ASCII text, with CRLF line terminators

g_Need For Speed Most Wanted.ini

53020d0ff8e79ee8305061d5d3964927

ASCII text, with CRLF line terminators

version.dll

b69243228b677fdacac06ce9365a4571

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 9 sections

version.dll

2ef99a682256f6b9820b876a9eb2950a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	anadius.su/attachments/EA%20DLC%20Unlocker%20v2.zip	91.149.227.100	200 OK	250 kB
URL User Request GET anadius.su/attachments/EA%20DLC%20Unlocker%20v2.zip IP 91.149.227.100:443 ASN #200508 Sorok76 Ltd Certificate IssuerLet's Encrypt Subjectanadius.su Fingerprint90:0E:AD:C7:3E:47:2C:49:75:00:78:CC:AB:9D:76:5F:C7:5B:74:40 ValidityTue, 04 Mar 2025 01:43:05 GMT - Mon, 02 Jun 2025 01:43:04 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 250 kB (249797 bytes) Hash 83658d708047e1668be07f142ed9c8cc 1c632de677d8afd53b8a4c008f6ae9f6fd8c9819 fe5c3d62b5293d359a0c9935c951d3a39afdffbe984331252385e52e89b1f729 HTTP Headers GET /attachments/EA%20DLC%20Unlocker%20v2.zip HTTP/1.1 Host: anadius.su User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx date: Mon, 21 Apr 2025 17:38:14 GMT content-type: application/zip content-length: 249797 last-modified: Thu, 10 Apr 2025 16:47:19 GMT etag: "67f7f617-3cfc5" strict-transport-security: max-age=31536000; accept-ranges: bytes X-Firefox-Spdy: h2`

anadius.su/attachments/EA%20DLC%20Unlocker%20v2.zip

91.149.227.100

200 OK

250 kB

URL User Request GET
anadius.su/attachments/EA%20DLC%20Unlocker%20v2.zip
IP
91.149.227.100:443
ASN
#200508 Sorok76 Ltd

Certificate
IssuerLet's Encrypt
Subjectanadius.su
Fingerprint90:0E:AD:C7:3E:47:2C:49:75:00:78:CC:AB:9D:76:5F:C7:5B:74:40
ValidityTue, 04 Mar 2025 01:43:05 GMT - Mon, 02 Jun 2025 01:43:04 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
250 kB (249797 bytes)
Hash
83658d708047e1668be07f142ed9c8cc
1c632de677d8afd53b8a4c008f6ae9f6fd8c9819
fe5c3d62b5293d359a0c9935c951d3a39afdffbe984331252385e52e89b1f729

HTTP Headers

GET /attachments/EA%20DLC%20Unlocker%20v2.zip HTTP/1.1
Host: anadius.su
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 21 Apr 2025 17:38:14 GMT
content-type: application/zip
content-length: 249797
last-modified: Thu, 10 Apr 2025 16:47:19 GMT
etag: "67f7f617-3cfc5"
strict-transport-security: max-age=31536000;
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (31)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers