Report - scdn.gaming.tools/palia/appdata/Paliapedia.Assistant.0.2.1.zip

Report Overview

Visited public
2024-06-11 13:34:34
Tags
URL
scdn.gaming.tools/palia/appdata/Paliapedia.Assistant.0.2.1.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.26.6.249
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
scdn.gaming.tools	unknown	unknown	No data	No data	516 B	726 kB	104.26.6.249

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
scdn.gaming.tools/palia/appdata/Paliapedia.Assistant.0.2.1.zip
IP
104.26.6.249
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
725 kB (724551 bytes)
Hash
dff2b980836a05178034ccd5499a117a
bc9dca4d683ae25b90c8f16fe298572f6597aa30
fb7349751f05a9f732f2bd6fedac9211a68be651d5e0b02855fe59b0d8ebf754

Archive (7)

Filename

Md5

File type

Paliapedia.Assistant.exe

aafdf1299d87852c86de29ddccc63e35

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

WebView2Loader.dll

45e5009b2972d41acfc7f6959584f004

PE32+ executable (DLL) (console) Aarch64, for MS Windows, 7 sections

WebView2Loader.dll

d2033aa3200206b0d44255a36686124e

PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections

WebView2Loader.dll

df6b6e71cb65552cd9fb283b91ef9908

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

Updater.exe

075f655ce0a59d21b07391ce140f42ec

PE32+ executable (console) x86-64, for MS Windows, 7 sections

version.json

60b800fd2425bb14413023d2be7990e2

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

WebView2Loader.dll

d2033aa3200206b0d44255a36686124e

PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 7/69

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

scdn.gaming.tools/palia/appdata/Paliapedia.Assistant.0.2.1.zip

104.26.6.249

200 OK

725 kB

URL User Request GET HTTP/2
scdn.gaming.tools/palia/appdata/Paliapedia.Assistant.0.2.1.zip
IP
104.26.6.249:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectscdn.gaming.tools
Fingerprint08:EB:2C:3F:0C:CB:D6:4A:A3:8B:A1:E0:2A:39:D1:7F:88:56:1F:D5
ValidityThu, 09 May 2024 15:03:05 GMT - Wed, 07 Aug 2024 15:03:04 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
725 kB (724551 bytes)
Hash
dff2b980836a05178034ccd5499a117a
bc9dca4d683ae25b90c8f16fe298572f6597aa30
fb7349751f05a9f732f2bd6fedac9211a68be651d5e0b02855fe59b0d8ebf754

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 7/69

HTTP Headers

GET /palia/appdata/Paliapedia.Assistant.0.2.1.zip HTTP/1.1
Host: scdn.gaming.tools
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 11 Jun 2024 13:34:08 GMT
content-type: application/zip
content-length: 724551
last-modified: Wed, 05 Jun 2024 19:02:48 GMT
x-rgw-object-type: Normal
etag: "dff2b980836a05178034ccd5499a117a"
x-amz-request-id: tx000003461eb543fbafcf4-006660b6c2-6112f7e2-ams3c
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-do-cdn-uuid: 2ef400cc-95d2-4351-a8a0-65d942183c3b
cache-control: max-age=14400
x-envoy-upstream-healthchecked-cluster: 
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2FvAf7BirlDaQkr6pdzM%2BCTFYEWmGB3I%2FL8EIF2de0zWkU7vQHD%2F0EXp56pH8v%2B2ac4bA5Hpn8eHBmlhhiDBq9OvN679V0M%2FU%2FkOvP3geEkLa%2B0qapbui7m4a5j2f3XmDNSf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: browsing-topics=()
access-control-allow-origin: *
server: cloudflare
cf-ray: 8921fa17587dd91e-HEL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (7)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers