Report - getsolara.dev/download/static/files/Solara.Dir.zip

Report Overview

Visited public
2025-02-16 04:25:18
Tags
URL
getsolara.dev/download/static/files/Solara.Dir.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.21.93.27
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
getsolara.dev	unknown	2024-08-07	2024-08-10	2025-02-16	516 B	11 MB	104.21.93.27

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-16	medium	getsolara.dev	Sinkholed

ThreatFox

No alerts detected

Files detected

URL
getsolara.dev/download/static/files/Solara.Dir.zip
IP
104.21.93.27
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
11 MB (10597566 bytes)
Hash
6c02447e2e40f549aecc37999b32c440
cc017f7cf334c236ef7fae07401a63f13eee34c6
3a5f7162428526f5f9b5b8bd2413b3984ecd53fa93a21efc28e28f1894adedf5

Archive (21)

Filename

Md5

File type

ALGA

a5216bdbb061104f4226e454893a2e1e

ASCII text, with no line terminators

DLCTBL_FRTS

6da0a224417e02c75d48b5bb41f0e485

ASCII text, with very long lines (65536), with no line terminators

version.txt

4294a432dd9feb40b94eea30f16543a4

ASCII text, with no line terminators

Microsoft.Web.WebView2.Core.dll

b037ca44fd19b8eedb6d5b9de3e48469

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.WinForms.dll

c7000faa6c6040188c8cd8ef28b6deda

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.Wpf.dll

e107c88a6fc54cc3ceb4d85768374074

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

combined.html

2a0506c7902018d7374b0ec4090c53c0

HTML document, ASCII text, with very long lines (994), with CRLF line terminators

index.html

610eb8cecd447fcf97c242720d32b6bd

HTML document, ASCII text, with very long lines (994), with CRLF line terminators

lua.js

8706d861294e09a1f2f7e63d19e5fcb7

JavaScript source, ASCII text

editor.main.css

6af9c0d237b31c1c91f7faa84b384bdf

ASCII text, with very long lines (65254)

editor.main.js

9399a8eaa741d04b0ae6566a5ebb8106

JavaScript source, Unicode text, UTF-8 text, with very long lines (25715)

editor.main.nls.js

74dd2381ddbb5af80ce28aefed3068fc

Unicode text, UTF-8 text, with very long lines (8613)

loader.js

8a3086f6c6298f986bda09080dd003b1

JavaScript source, ASCII text, with very long lines (1024)

Newtonsoft.Json.dll

195ffb7167db3219b217c4fd439eedd6

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Solara.exe

91f5d6abf1fc57cb3e6222f10c51bff1

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections

SolaraV3.dll

fc53df4f073420ac844f35c39086fd47

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 14 sections

vcruntime140.dll

7a2b8cfcd543f6e4ebca43162b67d610

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

WebView2Loader.dll

a0bd0d1a66e7c7f1d97aedecdafb933f

PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections

Wpf.Ui.dll

aead90ab96e2853f59be27c4ec1e4853

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

zlib.dll

c5b29a2e334961e9dee00ab4726392e3

current ar archive

zlib1.dll

75365924730b0b2c1a6ee9028ef07685

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	malicious	VirusTotal - Scan result 32/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

getsolara.dev/download/static/files/Solara.Dir.zip

104.21.93.27

200 OK

11 MB

URL User Request GET HTTP/2
getsolara.dev/download/static/files/Solara.Dir.zip
IP
104.21.93.27:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectgetsolara.dev
FingerprintDD:10:AD:8A:30:BD:9E:67:E2:10:C7:E9:6D:6C:D6:A9:94:76:1A:73
ValiditySat, 01 Feb 2025 01:07:11 GMT - Fri, 02 May 2025 02:06:43 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
11 MB (10597566 bytes)
Hash
6c02447e2e40f549aecc37999b32c440
cc017f7cf334c236ef7fae07401a63f13eee34c6
3a5f7162428526f5f9b5b8bd2413b3984ecd53fa93a21efc28e28f1894adedf5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed
VirusTotal	malicious	VirusTotal - Scan result 32/65

HTTP Headers

GET /download/static/files/Solara.Dir.zip HTTP/1.1
Host: getsolara.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 16 Feb 2025 04:24:45 GMT
content-type: application/zip
content-length: 10597566
access-control-allow-origin: *
cache-control: public, max-age=120, must-revalidate
etag: "3bfc2928dcefcbd2ca9653fd6155b4bd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FwbvKlFaCcWde%2Bx4ojeAbfTvjC9M55eZrawpWTza8Sffy9N9vHeFABVfJyEhvDq5H0egzvKdkEe990X4Ram%2FAG6dbq8ln6b5HVfbw743JyaIZuoWGXmLAIylWD0drQ3w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
accept-ranges: bytes
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 912ac5168dd356a9-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=512&min_rtt=411&rtt_var=136&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3187&recv_bytes=1149&delivery_rate=7350253&cwnd=253&unsent_bytes=0&cid=b88248315b359e59&ts=37&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (21)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers