| anonsharing.com/file/8b6ff3833a16b14c/Loader_(4).exe |  104.21.80.1 | 302 Found | 34 kB |
URL User Request GET anonsharing.com/file/8b6ff3833a16b14c/Loader_(4).exe IP104.21.80.1:443
CertificateIssuerGoogle Trust Services Subjectanonsharing.com FingerprintC0:EB:9E:89:46:3F:FE:FA:5D:CF:12:4D:D1:A1:DA:7E:A4:C0:62:7C ValidityFri, 21 Mar 2025 20:14:25 GMT - Thu, 19 Jun 2025 21:12:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /file/8b6ff3833a16b14c/Loader_(4).exe HTTP/1.1
Host: anonsharing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 08 May 2025 14:46:57 GMT
content-type: text/html; charset=UTF-8
location: https://anonsharing.com/8b6ff3833a16b14c/Loader_(4).exe?download_token=e88157c3d4b75f1dfc4de9d49e955aec4b005cac261015306b54a77a1d1d5e40
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VtOjPKZ261MOZ%2BUmfJktDq%2BqQd7zItcr5GaogDrE3qxFJQD%2FR2rzw1tVteGeWE01TumKPe3xv3eQTIsHA5MPBnWX3sT37ct9zNGAVwc5DiyojEUs0GYQK1osADr3SKX6yBg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, no-cache, private
pragma: no-cache
vary: Accept-Encoding,User-Agent
cf-ray: 93c9bfdfbe68712d-OSL
cf-cache-status: DYNAMIC
set-cookie: filehosting=c077118d36e3e4ed9f950fb80acf8ec4; Path=/; Max-Age=86400; Expires=Fri, 09 May 2025 14:46:57 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=5704&min_rtt=480&rtt_var=10447&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3285&recv_bytes=1280&delivery_rate=6033333&cwnd=254&unsent_bytes=0&cid=4e90ad83ef71f33e&ts=409&x=0"
X-Firefox-Spdy: h2
|
| anonsharing.com/8b6ff3833a16b14c/Loader_(4).exe?download_token=e88157c3d4b75f1dfc4de9d49e955aec4b005cac261015306b54a77a1d1d5e40 | 104.21.80.1 | 302 Found | 34 kB |
URL User Request GET anonsharing.com/8b6ff3833a16b14c/Loader_(4).exe?download_token=e88157c3d4b75f1dfc4de9d49e955aec4b005cac261015306b54a77a1d1d5e40 IP104.21.80.1:443
CertificateIssuerGoogle Trust Services Subjectanonsharing.com FingerprintC0:EB:9E:89:46:3F:FE:FA:5D:CF:12:4D:D1:A1:DA:7E:A4:C0:62:7C ValidityFri, 21 Mar 2025 20:14:25 GMT - Thu, 19 Jun 2025 21:12:44 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /8b6ff3833a16b14c/Loader_(4).exe?download_token=e88157c3d4b75f1dfc4de9d49e955aec4b005cac261015306b54a77a1d1d5e40 HTTP/1.1
Host: anonsharing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: filehosting=c077118d36e3e4ed9f950fb80acf8ec4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 08 May 2025 14:46:57 GMT
content-type: application/x-msdownload
content-length: 513
location: https://s3.ca-central-1.wasabisys.com/anonsharing/00/009e8ac9153398629ae0be73080ed39b?response-content-disposition=filename%3DLoader%20%284%29.exe&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250508%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250508T144657Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=2ce72eb693ad7b24d0044850fed6b91869f61562e9beedbfc179a3f1181a23c0
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 93c9bfe23aa0712d-OSL
expires: 0
cache-control: must-revalidate, post-check=0, pre-check=0, no-cache, private
pragma: public
accept-ranges: bytes
access-control-allow-origin: https://anonsharing.com
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description
access-control-allow-credentials: true
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZKM3wKW4YNo92pTwaSPg4Ld4sZlypoEDkIzt2fHcXYiElk55silyS8ap8MpBVe%2B2umEtlhKBh5kEkAN9xZAU8SBOrn4ySBGTj9BKVOjpUhHhDCtlfQ0oRH4v2TXlQl%2BbGn8%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=4047&min_rtt=480&rtt_var=6902&sent=12&recv=15&lost=0&retrans=0&sent_bytes=5511&recv_bytes=1460&delivery_rate=6033333&cwnd=257&unsent_bytes=0&cid=4e90ad83ef71f33e&ts=598&x=0"
X-Firefox-Spdy: h2
|
| s3.ca-central-1.wasabisys.com/anonsharing/00/009e8ac9153398629ae0be73080ed39b?response-content-disposition=filename%3DLoader%20%284%29.exe&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250508%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250508T144657Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=2ce72eb693ad7b24d0044850fed6b91869f61562e9beedbfc179a3f1181a23c0 |  38.143.146.103 | 200 OK | 34 kB |
URL User Request GET s3.ca-central-1.wasabisys.com/anonsharing/00/009e8ac9153398629ae0be73080ed39b?response-content-disposition=filename%3DLoader%20%284%29.exe&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250508%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250508T144657Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=2ce72eb693ad7b24d0044850fed6b91869f61562e9beedbfc179a3f1181a23c0 IP38.143.146.103:443 ASN#395717 BLUEARCHIVE-ZONE-1
CertificateIssuerDigiCert Inc Subject*.s3.ca-central-1.wasabisys.com Fingerprint08:34:10:62:16:89:4A:8A:4E:34:B0:19:0B:61:8D:1C:F7:7C:68:49 ValidityWed, 05 Feb 2025 00:00:00 GMT - Mon, 02 Mar 2026 23:59:59 GMT
File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections Hash6916b04360b675c9d6eec0fd87195cf8 b7c6a4a841a334c9d56819aa96587e90e74a9b9a 01fb8fbd8b893b8c89208767539b788d4a0538448243aafe5b39bbb17412f0ec
| Analyzer | Verdict | Alert |
|---|
| VirusTotal | malicious | |
GET /anonsharing/00/009e8ac9153398629ae0be73080ed39b?response-content-disposition=filename%3DLoader%20%284%29.exe&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=HSRJ9W5CR8WH0842044I%2F20250508%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250508T144657Z&X-Amz-SignedHeaders=host&X-Amz-Expires=10800&X-Amz-Signature=2ce72eb693ad7b24d0044850fed6b91869f61562e9beedbfc179a3f1181a23c0 HTTP/1.1
Host: s3.ca-central-1.wasabisys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Disposition: filename=Loader (4).exe
Content-Length: 34304
Content-Type: application/octet-stream
Date: Thu, 08 May 2025 14:46:58 GMT
ETag: "6916b04360b675c9d6eec0fd87195cf8"
Last-Modified: Tue, 15 Apr 2025 05:32:31 GMT
Server: WasabiS3/7.23.4324-2025-03-24-a70f722ec6
x-amz-id-2: yRaoYPBj5rWYpZLLmZBM2/1VLLOE/HtK5wNRUKv6nlYFK5Esbe7UKQ2nBzLl/3QZlCDMInd6ydO7
x-amz-request-id: 312B7F763399D17D:B
x-wasabi-cm-reference-id: 1746715617977 38.143.146.103 ConID:729909639/EngineConID:7041346/Core:5
|