Report - cdn.discordapp.com/attachments/1230245546510385172/1230246099588087898/gJRuuzb.zip?ex=66329ef7&is=662029f7&hm=8c22f49b13a5f2ef8b54245103608d47afc7957de0a866fa440440d0d48178ce&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1230245546510385172/1230246099588087898/gJRuuzb.zip?ex=66329ef7&is=662029f7&hm=8c22f49b13a5f2ef8b54245103608d47afc7957de0a866fa440440d0d48178ce&
IP
162.159.134.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 20:00:28
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-04-17	629 B	3.0 MB	162.159.130.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1230245546510385172/1230246099588087898/gJRuuzb.zip?ex=66329ef7&is=662029f7&hm=8c22f49b13a5f2ef8b54245103608d47afc7957de0a866fa440440d0d48178ce&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.0 MB (2983938 bytes)
Hash
59af5690b5fa9f0821d9a2581446300e
9458421c7f4437d60f6a6b092cf7be91215e987b
67f2ea6607423920a9177ffe99933ae6e7c8ea852c6b58e0e482fe8b5b158c57

Archive (12)

Filename

Md5

File type

ApLog.db

8b9f4e200fabd3d75d00eab9aedb3c2e

SQLite 3.x database, last written using SQLite version 3015002, page size 1024, file counter 293, database pages 25, 1st free page 25, free pages 15, cookie 0x109, schema 4, UTF-8, version-valid-for 293

WpsProbePin.db

1484b2bfff2cfb2a6f02bcdc9713f079

SQLite 3.x database, last written using SQLite version 3015002, page size 1024, file counter 10762, database pages 252, 1st free page 17, free pages 204, cookie 0xbe, schema 4, UTF-8, version-valid-for 10762

ChangeLog.txt

ae7f9df96c5304ba802bdb5b32476e48

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Waircut.resources.dll

1849c11f96636115d8bb784824472295

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Waircut.resources.dll

b5107672783af3622b2515060b104eb1

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

LICENSE.md

dedcfd78ca4eab2efdf6a4c5be1ab762

ASCII text

PixieWps.exe

2de73a1d6d43c3cf9ed9afc4792fc26e

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 8 sections

README.md

0b0ccc1bf80e86e49adf807b7151e2ad

ASCII text, with very long lines (572)

Waircut.resources.dll

a3f3d0098fb43d970873281fe07af65f

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Data.SQLite.dll

deaf98e10b82fc9bc2476a432724492f

PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 5 sections

Waircut.exe

9d11a8641aae3c20c2f39c89e75798ab

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 5 sections

wAirCut.exe.config

38d8ebc77c915d5cf70afb5bd5769afb

XML 1.0 document, ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1230245546510385172/1230246099588087898/gJRuuzb.zip?ex=66329ef7&is=662029f7&hm=8c22f49b13a5f2ef8b54245103608d47afc7957de0a866fa440440d0d48178ce&

162.159.130.233

200 OK

3.0 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1230245546510385172/1230246099588087898/gJRuuzb.zip?ex=66329ef7&is=662029f7&hm=8c22f49b13a5f2ef8b54245103608d47afc7957de0a866fa440440d0d48178ce&
IP
162.159.130.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
3.0 MB (2983938 bytes)
Hash
59af5690b5fa9f0821d9a2581446300e
9458421c7f4437d60f6a6b092cf7be91215e987b
67f2ea6607423920a9177ffe99933ae6e7c8ea852c6b58e0e482fe8b5b158c57

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/67

HTTP Headers

GET /attachments/1230245546510385172/1230246099588087898/gJRuuzb.zip?ex=66329ef7&is=662029f7&hm=8c22f49b13a5f2ef8b54245103608d47afc7957de0a866fa440440d0d48178ce& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 20:00:01 GMT
content-type: application/zip
content-length: 2983938
cf-ray: 875effb2fcd1b51b-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="gJRuuzb.zip"
etag: "59af5690b5fa9f0821d9a2581446300e"
expires: Thu, 17 Apr 2025 20:00:01 GMT
last-modified: Wed, 17 Apr 2024 19:58:47 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1713383927103073
x-goog-hash: crc32c=j4Hnww==, md5=Wa9WkLX6nwgh2aJYFEYwDg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2983938
x-guploader-uploadid: ABPtcPoEgNjFQ3CtyFVDphSJoscFa3P4vGOmq-fFJ1CJMELR359JWemDVPvi1IfG1beG6e2yxj0
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B2tCFAybYBEbs4HoJISM3hMDReVQctklmBIOhcQSMmYaRVtG9H%2Fmb6bATuR9S59dXPcIarEDzvPTH%2Bjzv34gnW4QEFISAJOtlpH395%2FconaydUUG39Lg%2BbiWLEmTbtAWvWpWbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=Q3AVH4FEt1Lma6.uRgE4DeKUlzRLUSdPmGyTePwIZgo-1713384001-1.0.1.1-BTX8ZH0Rd2cHY6dgFkDG10fXo.0s0GmeZzqNr19V31n8YXDVuKKhntg14YUZS.wemqev12iPVT_L19CiE0SF8A; path=/; expires=Wed, 17-Apr-24 20:30:01 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=03AiNMAFrlzpspEAQB2F6eQlxZy3jWMQsYVC_LzC_Lo-1713384001212-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (12)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers