Report - cdn.discordapp.com/attachments/1229571003240419380/1234959553133678732/Project_X_.zip?ex=663b32f5&is=6639e175&hm=b1fd1a3461581d888dead2176221ebddc7494c40933770eaf70e5fa2af1592aa&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1229571003240419380/1234959553133678732/Project_X_.zip?ex=663b32f5&is=6639e175&hm=b1fd1a3461581d888dead2176221ebddc7494c40933770eaf70e5fa2af1592aa&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 13:14:39
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-05-06	632 B	5.0 MB	162.159.135.233
normandy.cdn.mozilla.net	3562	1998-01-31	2017-01-30	2024-05-06	329 B	1.2 kB	35.201.103.21
classify-client.services.mozilla.com	3824	1994-10-18	2019-01-09	2024-05-06	357 B	344 B	34.98.75.36
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-06	512 B	6.5 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1229571003240419380/1234959553133678732/Project_X_.zip?ex=663b32f5&is=6639e175&hm=b1fd1a3461581d888dead2176221ebddc7494c40933770eaf70e5fa2af1592aa&
IP
162.159.135.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
5.0 MB (5035841 bytes)
Hash
9d15a7b59dbf7230746b20b7cf89aab8
9c5907a07c07d7977d8a74ad620dd085de41ae13
b4e005b031ac88e5b0bd302585012a80c78072dfba129a2983fc60ec4d80622c

Archive (14)

Filename

Md5

File type

ProjectX.dll

e517fe976b0ffe2b0017aab1db5a5ddb

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ProjectX.pdb

510e88c77b1825006b6d2f9fddd1438c

Microsoft Roslyn C# debugging symbols version 1.0

ProjectX_1.0.0.0-2.nrmap

058b62690652a79f22539419baceb557

ASCII text, with CRLF line terminators

ProjectX_1.0.0.0.nrmap

7d1db8e8aa93d27835a11808de5d5ac5

ASCII text, with CRLF line terminators

ProjectX.deps.json

00a9a6e3274291e577f5f68477536282

JSON text data

ProjectX.runtimeconfig.json

07b9a30265ca4e69c7016a1b6e3ffc27

JSON text data

ProjectX.exe

726acc8144251f4516860cf580decabe

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

SharpCompress.dll

9d9f46af74af29ed6384a5e66fa869ee

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

ZstdSharp.dll

d0e7b2932173833973e8f2074c6c4284

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Wpf.Ui.dll

f9e3e45c4378c124156eeb5ad85d7108

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

DiscordRPC.dll

c6115a08c8e50dac0194fb98d3edc9d2

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

RestSharp.dll

2fc18227eb8e7535851208490603a90e

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Newtonsoft.Json.dll

adf3e3eecde20b7c9661e9c47106a14a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Ookii.Dialogs.Wpf.dll

8b9618ca8a33bc141daf1cafa9e4101b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/67

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

cdn.discordapp.com/attachments/1229571003240419380/1234959553133678732/Project_X_.zip?ex=663b32f5&is=6639e175&hm=b1fd1a3461581d888dead2176221ebddc7494c40933770eaf70e5fa2af1592aa&

162.159.135.233

5.0 MB

URL
cdn.discordapp.com/attachments/1229571003240419380/1234959553133678732/Project_X_.zip?ex=663b32f5&is=6639e175&hm=b1fd1a3461581d888dead2176221ebddc7494c40933770eaf70e5fa2af1592aa&
IP
162.159.135.233:0
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
5.0 MB (5035841 bytes)
Hash
9d15a7b59dbf7230746b20b7cf89aab8
9c5907a07c07d7977d8a74ad620dd085de41ae13
b4e005b031ac88e5b0bd302585012a80c78072dfba129a2983fc60ec4d80622c

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/67

HTTP Headers

GET /attachments/1229571003240419380/1234959553133678732/Project_X_.zip?ex=663b32f5&is=6639e175&hm=b1fd1a3461581d888dead2176221ebddc7494c40933770eaf70e5fa2af1592aa& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 13:14:13 GMT
content-type: application/zip
content-length: 5035841
cf-ray: 880178c649585688-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Project_X_.zip"
etag: "9d15a7b59dbf7230746b20b7cf89aab8"
expires: Wed, 07 May 2025 13:14:13 GMT
last-modified: Tue, 30 Apr 2024 20:08:22 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1714507701997758
x-goog-hash: crc32c=N+7nfQ==, md5=nRWntZ2/cjB0ayC3z4mquA==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5035841
x-guploader-uploadid: ABPtcPq6CzVYxisK71hY3A8j8vSqm_gRPV2QtjRtC7gf7fOoxqvu5F0S0I61Ni4EWvc55MyubyE
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=exnwRmV4MlzZTS0aTWMM1iqpPifyLWaH4goFBZoApjuiQbphF40GDT7mdgb4y69v2qNOX2KJYRcNLmFPB9tSciSPuHYF%2BxjK6bnbCdaFcMr1UBhLtFsKqgP5zEqXFc21IoVBEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=zSZc23Zm9AAls70MggE2E1QnaVzoGMCrrPTLByI5__k-1715087653-1.0.1.1-6iEBkr3Ls03I.g.LBlbfCl9q3ISgHgY8XPieOrw8bDBYyyCLazsShgvJJOHSUpR3hSQjCINZAurKFDP5NE3L9A; path=/; expires=Tue, 07-May-24 13:44:13 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=u9MlXpkVpu2gMOgb5uQQk22ksQjJPWjBC7L1uVOlsV8-1715087653425-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

normandy.cdn.mozilla.net/api/v1/

35.201.103.21

598 B

URL
normandy.cdn.mozilla.net/api/v1/
IP
35.201.103.21:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JSON text data
Size
598 B (598 bytes)
Hash
3076f9a5cb273105528b893ff7111e41
b8990c145fe71b9a2410eea41a60a712b43b82bf
69c578fb0c03a28141a975833f660f4571e7991dc28ae7f9cead37672ee2c9b3

HTTP Headers

GET /api/v1/ HTTP/1.1
Host: normandy.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 598
allow: GET, HEAD, OPTIONS
content-security-policy: worker-src 'none'; default-src 'self' https://normandy.cdn.mozilla.net/; form-action 'self'; base-uri 'none'; frame-src 'none'; object-src 'none'; block-all-mixed-content; report-uri /__cspreport__
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 06 May 2024 23:22:36 GMT
cache-control: public, max-age=86400
content-type: application/json
vary: Accept, Origin
age: 49905
alt-svc: clear
X-Firefox-Spdy: h2

classify-client.services.mozilla.com/api/v1/classify_client/

34.98.75.36

64 B

URL
classify-client.services.mozilla.com/api/v1/classify_client/
IP
34.98.75.36:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JSON text data
Size
64 B (64 bytes)
Hash
ccc9625773ac4744f8c195217c3a96bd
870b8556d9805cbc5ac8c476d82dd09908cea370
13c63bc27a2ddd7f737351d7a0c01298efd3cec4361b02186c0c3af2431ddfad

HTTP Headers

GET /api/v1/classify_client/ HTTP/1.1
Host: classify-client.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 13:14:22 GMT
content-type: application/json
content-length: 64
cache-control: max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

5.8 kB

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
gzip compressed data, max speed, from Unix
Size
5.8 kB (5759 bytes)
Hash
aa33725c2d0a3d1c2f9c878d64914807
6e83d13ec860384a977738b04ff0891a01ab519a
fe412eadb3dc9820ec6cab7cb62349be057c509e34f7e2de6d23b28eacc98bfd

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 13:14:31 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=Acymzbh52C_z4XtJLPdGKbnPOCnIgai7BnQ3I0RQpUpNlt7HKg-FPOa2Zi3oHgXNRxVPGTcvT9m5H-Qiyis0Tgsch68tLxPHjwmED_ofN8aUk5EYp9D-fKLG1IrqBeEn
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2