Report - storage.dlcfun.com/dlcfun-private/files/addons/9c632fdbb9734ae935aa603779f2872e.zip?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=sbbPSSNgzqWPijlkbnhG/20250227/us-east-1/s3/aws4_request&X-Amz-Date=20250227T172427Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=4c1009cd0dac64f555e6728d2ae12e04c307c193b449432daba20b6d218a4933

Report Overview

Visited public
2025-02-27 17:26:00
Tags
Submit Tags
URL
storage.dlcfun.com/dlcfun-private/files/addons/9c632fdbb9734ae935aa603779f2872e.zip?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=sbbPSSNgzqWPijlkbnhG/20250227/us-east-1/s3/aws4_request&X-Amz-Date=20250227T172427Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=4c1009cd0dac64f555e6728d2ae12e04c307c193b449432daba20b6d218a4933
Finishing URL
about:privatebrowsing
IP / ASN
104.21.24.197
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
storage.dlcfun.com	unknown	2023-08-15	2024-04-30	2024-12-21	846 B	1.6 MB	172.67.220.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
storage.dlcfun.com/dlcfun-private/files/addons/9c632fdbb9734ae935aa603779f2872e.zip?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=sbbPSSNgzqWPijlkbnhG/20250227/us-east-1/s3/aws4_request&X-Amz-Date=20250227T172427Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=4c1009cd0dac64f555e6728d2ae12e04c307c193b449432daba20b6d218a4933
IP
172.67.220.35
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.6 MB (1565418 bytes)
Hash
188c9e22ffeaab10187899335de115a9
99a105e69de5ff42fa625583bf1f81de80fdbf1e
34a804da59cebda9e69831c95c1423c1718de11447b58a6bf0c2039f3de8dfff

Archive (11)

Filename

Md5

File type

Reinforced.Typings.dll

ac50f0ecafa4cee444f168ceec5093af

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Traffic.css

47830204c57cb7d6b1d8e4e84eb8ae9a

ASCII text, with very long lines (676)

Traffic.dll

10a844a07643e05808ea9ef07c252515

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Traffic.mjs

ab7b76582e0c0c034dc6edd7cdb2029d

JavaScript source, ASCII text, with very long lines (7082)

Traffic.mjs.LICENSE.txt

1b16a9f99bcf58cb1044229016d0a527

ASCII text

Traffic.pdb

299af9653fc3b31ea8675658a40da2af

Microsoft Roslyn C# debugging symbols version 1.0

Traffic_linux_x86_64.so

3218a9f9e1229513fe0e630cf71b9a7b

ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)

Traffic_mac_x86_64.bundle

2010f0c5fe5b04286968355948712876

Mach-O 64-bit x86_64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>

Traffic_win_x86_64.dll

39056c7ad549f41a98a869d99e1674b9

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 4 sections

Traffic_win_x86_64.pdb

9d9d8cc7438672d71a5de3aa671e7b1e

MSVC program database ver 7.00, 4096*232 bytes

images\traffic_icon.svg

bf79fac8e83fbf505ecd52eb1f07a28b

SVG Scalable Vector Graphics image

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	GET storage.dlcfun.com/dlcfun-private/files/addons/9c632fdbb9734ae935aa603779f2872e.zip?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=sbbPSSNgzqWPijlkbnhG/20250227/us-east-1/s3/aws4_request&X-Amz-Date=20250227T172427Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=4c1009cd0dac64f555e6728d2ae12e04c307c193b449432daba20b6d218a4933	172.67.220.35	200 OK	1.6 MB
URL User Request GET HTTP/2 storage.dlcfun.com/dlcfun-private/files/addons/9c632fdbb9734ae935aa603779f2872e.zip?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=sbbPSSNgzqWPijlkbnhG/20250227/us-east-1/s3/aws4_request&X-Amz-Date=20250227T172427Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=4c1009cd0dac64f555e6728d2ae12e04c307c193b449432daba20b6d218a4933 IP 172.67.220.35:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectdlcfun.com Fingerprint96:96:B9:80:F9:6A:65:CC:71:60:07:46:B8:90:EB:25:D1:E5:B2:42 ValidityWed, 08 Jan 2025 16:38:20 GMT - Tue, 08 Apr 2025 17:36:42 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 1.6 MB (1565418 bytes) Hash 188c9e22ffeaab10187899335de115a9 99a105e69de5ff42fa625583bf1f81de80fdbf1e 34a804da59cebda9e69831c95c1423c1718de11447b58a6bf0c2039f3de8dfff HTTP Headers GET /dlcfun-private/files/addons/9c632fdbb9734ae935aa603779f2872e.zip?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=sbbPSSNgzqWPijlkbnhG/20250227/us-east-1/s3/aws4_request&X-Amz-Date=20250227T172427Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=4c1009cd0dac64f555e6728d2ae12e04c307c193b449432daba20b6d218a4933 HTTP/1.1 Host: storage.dlcfun.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 27 Feb 2025 17:25:29 GMT content-type: application/zip content-length: 1565418 accept-ranges: bytes etag: "188c9e22ffeaab10187899335de115a9" last-modified: Fri, 10 May 2024 14:32:35 GMT strict-transport-security: max-age=31536000; includeSubDomains vary: Origin, Accept-Encoding x-amz-id-2: 4e4439f5397ff344b25208c4a6bdb3d6b28d4fb9c7c6bc401f2692285cd81a0f x-amz-request-id: 182820A0776BEC6E x-content-type-options: nosniff x-xss-protection: 1; mode=block cache-control: max-age=14400 cf-cache-status: MISS report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FtTMAxHw4c7kWH9jB55sAVG%2FZIC6t1BAohVPxq52VvHPwvLavH8YxbXxmXk0w8YVgs47RQaE3fVm0adyXu1r6azwGPK2aFLDM7szot7LPg9IHygGMwPaAqkfYZFrp5qJzxIFhw%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 9189dfdb5974b51e-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=6385&min_rtt=480&rtt_var=11847&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3269&recv_bytes=1527&delivery_rate=8165413&cwnd=250&unsent_bytes=0&cid=924bb2e27784332f&ts=105&x=0" X-Firefox-Spdy: h2

GET storage.dlcfun.com/dlcfun-private/files/addons/9c632fdbb9734ae935aa603779f2872e.zip?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=sbbPSSNgzqWPijlkbnhG/20250227/us-east-1/s3/aws4_request&X-Amz-Date=20250227T172427Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=4c1009cd0dac64f555e6728d2ae12e04c307c193b449432daba20b6d218a4933

172.67.220.35

200 OK

1.6 MB

URL User Request GET HTTP/2
storage.dlcfun.com/dlcfun-private/files/addons/9c632fdbb9734ae935aa603779f2872e.zip?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=sbbPSSNgzqWPijlkbnhG/20250227/us-east-1/s3/aws4_request&X-Amz-Date=20250227T172427Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=4c1009cd0dac64f555e6728d2ae12e04c307c193b449432daba20b6d218a4933
IP
172.67.220.35:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdlcfun.com
Fingerprint96:96:B9:80:F9:6A:65:CC:71:60:07:46:B8:90:EB:25:D1:E5:B2:42
ValidityWed, 08 Jan 2025 16:38:20 GMT - Tue, 08 Apr 2025 17:36:42 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
1.6 MB (1565418 bytes)
Hash
188c9e22ffeaab10187899335de115a9
99a105e69de5ff42fa625583bf1f81de80fdbf1e
34a804da59cebda9e69831c95c1423c1718de11447b58a6bf0c2039f3de8dfff

HTTP Headers

GET /dlcfun-private/files/addons/9c632fdbb9734ae935aa603779f2872e.zip?X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=sbbPSSNgzqWPijlkbnhG/20250227/us-east-1/s3/aws4_request&X-Amz-Date=20250227T172427Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Signature=4c1009cd0dac64f555e6728d2ae12e04c307c193b449432daba20b6d218a4933 HTTP/1.1
Host: storage.dlcfun.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 27 Feb 2025 17:25:29 GMT
content-type: application/zip
content-length: 1565418
accept-ranges: bytes
etag: "188c9e22ffeaab10187899335de115a9"
last-modified: Fri, 10 May 2024 14:32:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin, Accept-Encoding
x-amz-id-2: 4e4439f5397ff344b25208c4a6bdb3d6b28d4fb9c7c6bc401f2692285cd81a0f
x-amz-request-id: 182820A0776BEC6E
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FtTMAxHw4c7kWH9jB55sAVG%2FZIC6t1BAohVPxq52VvHPwvLavH8YxbXxmXk0w8YVgs47RQaE3fVm0adyXu1r6azwGPK2aFLDM7szot7LPg9IHygGMwPaAqkfYZFrp5qJzxIFhw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9189dfdb5974b51e-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6385&min_rtt=480&rtt_var=11847&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3269&recv_bytes=1527&delivery_rate=8165413&cwnd=250&unsent_bytes=0&cid=924bb2e27784332f&ts=105&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (11)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers