Report - lightcloud.click/api/download/SWAv2.zip

Report Overview

Visitedpublic

2024-12-03 22:36:56

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
lightcloud.click	unknown	2024-09-23	2024-09-25	2024-12-01	493 B	1.4 MB	192.250.229.115

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

lightcloud.click/api/download/SWAv2.zip

IP / ASN

192.250.229.115

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size1.4 MB (1428821 bytes)

MD5e6c495acbdbd9f1a86dccc60038b0660

SHA1a4b56238bd4eb35fd421689f8086c7471ef4bc4f

SHA2564359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7

Archive (6)

Modified	Filename	Size	MD5	File type
2023-11-25 09:37	Guna.UI2.dll	2.2 MB	b429ae86c5be521bc8ca3b164cec3acb	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
2023-03-08 09:09	Newtonsoft.Json.dll	712 kB	adf3e3eecde20b7c9661e9c47106a14a	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
2024-12-03 23:46	SWA V2.dll	705 kB	3ac690b98e953bdda05c675be917fcf9	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
2024-12-03 23:46	SWA V2.exe	406 kB	8f59bec096bbf55c0934f97475394cca	PE32+ executable (GUI) x86-64, for MS Windows, 6 sections
2024-12-03 13:07	SWA V2.runtimeconfig.json	386 B	186a65581e2f29258f54d396660409fa	JSON text data
2022-10-18 18:30	System.Management.dll	74 kB	1c71e5310151ce1e9a3a92797776bdad	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/66

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET lightcloud.click/api/download/SWAv2.zip

192.250.229.115

200 OK

1.4 MB

URL User Request GET HTTPS

lightcloud.click/api/download/SWAv2.zip

IP / ASN

192.250.229.115

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2024-12-03

Last Seen2024-12-03

Times Seen1

Size1.4 MB (1428821 bytes)

MD5e6c495acbdbd9f1a86dccc60038b0660

SHA1a4b56238bd4eb35fd421689f8086c7471ef4bc4f

SHA2564359f9a571a2cff9f6ce77fb5bfe0e23d7552cdc1b5656a4844cf4d93cdf7ed7

Certificate Info

IssuerLet's Encrypt

Subjectwebmail.lightcloud.click

Fingerprint31:4D:D1:37:B6:F9:B5:EB:C1:37:00:21:44:B9:E5:30:06:1C:BC:4B

ValidityTue, 26 Nov 2024 21:17:14 GMT - Mon, 24 Feb 2025 21:17:13 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/66

HTTP Headers

GET /api/download/SWAv2.zip HTTP/1.1
Host: lightcloud.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-disposition: attachment; filename=SWAv2.zip
content-type: application/zip
last-modified: Tue, 03 Dec 2024 21:47:24 GMT
cache-control: no-cache
etag: "1733262444.2625122-1428821-2629243232"
content-length: 1428821
date: Tue, 03 Dec 2024 22:36:30 GMT
server: LiteSpeed
vary: User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2