Report - cdn.discordapp.com/attachments/1142636455546589247/1229739258118537266/RoTLogo.zip?ex=6638072e&is=6636b5ae&hm=697e8545fc201e08e4228ba98d8b34accc2558fcd7c1417d51379835270c8ea7&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1142636455546589247/1229739258118537266/RoTLogo.zip?ex=6638072e&is=6636b5ae&hm=697e8545fc201e08e4228ba98d8b34accc2558fcd7c1417d51379835270c8ea7&
IP
162.159.129.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-05 07:00:12
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-05-04	629 B	9.6 MB	162.159.130.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1142636455546589247/1229739258118537266/RoTLogo.zip?ex=6638072e&is=6636b5ae&hm=697e8545fc201e08e4228ba98d8b34accc2558fcd7c1417d51379835270c8ea7&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
9.6 MB (9583275 bytes)
Hash
fe7f8d94d7f5475cf11036373629b7d0
039088cf953a237b8204df53a51db23f81da229e
7ee4c2c1c723cfcb28a9bd2c911041717457c24490f2c08448b0ec488cbdf440

Archive (7)

Filename

Md5

File type

__pycache__.zip

91d64952347ac5bb65eb45f1507ed813

Zip archive data, at least v2.0 to extract, compression method=deflate

DfPlayerStats.cpython-39.pyc

8aa11ee69b8c4c6a69b631db55ffa734

Byte-compiled Python module for CPython 3.9, timestamp-based, .py timestamp: Sun Sep 5 20:50:08 2021 UTC, .py size: 2428 bytes

RotExpTracker.cpython-39.pyc

4d620206739bd2f0b3879f7cc20ada04

Byte-compiled Python module for CPython 3.9, timestamp-based, .py timestamp: Sun Sep 5 22:58:55 2021 UTC, .py size: 4587 bytes

DfPlayerStats.py

6c7f42cc97861e87b168be18b5bfd0a2

Python script, ASCII text executable, with CRLF line terminators

RotExpTracker.exe

751bfb9b54d9ed97bfc9ee29f33f48b9

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

RotExpTracker.py

56d3c99d17275d4803a4f17a8de31d25

Python script, ASCII text executable, with CRLF line terminators

RoTLogo.ico

df6d0ea8aa413cdce85f0cc88226fe93

MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	cdn.discordapp.com/attachments/1142636455546589247/1229739258118537266/RoTLogo.zip?ex=6638072e&is=6636b5ae&hm=697e8545fc201e08e4228ba98d8b34accc2558fcd7c1417d51379835270c8ea7&	162.159.130.233	200 OK	9.6 MB
URL User Request GET HTTP/2 cdn.discordapp.com/attachments/1142636455546589247/1229739258118537266/RoTLogo.zip?ex=6638072e&is=6636b5ae&hm=697e8545fc201e08e4228ba98d8b34accc2558fcd7c1417d51379835270c8ea7& IP 162.159.130.233:443 ASN #13335 CLOUDFLARENET Certificate IssuerCloudflare, Inc. Subjectdiscordapp.com Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39 ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 9.6 MB (9583275 bytes) Hash fe7f8d94d7f5475cf11036373629b7d0 039088cf953a237b8204df53a51db23f81da229e 7ee4c2c1c723cfcb28a9bd2c911041717457c24490f2c08448b0ec488cbdf440 HTTP Headers GET /attachments/1142636455546589247/1229739258118537266/RoTLogo.zip?ex=6638072e&is=6636b5ae&hm=697e8545fc201e08e4228ba98d8b34accc2558fcd7c1417d51379835270c8ea7& HTTP/1.1 Host: cdn.discordapp.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Sun, 05 May 2024 06:59:46 GMT content-type: application/zip content-length: 9583275 cf-ray: 87eed981bc5d56b5-OSL cf-cache-status: MISS accept-ranges: bytes, bytes cache-control: public, max-age=31536000 content-disposition: attachment; filename="RoTLogo.zip" etag: "fe7f8d94d7f5475cf11036373629b7d0" expires: Mon, 05 May 2025 06:59:46 GMT last-modified: Tue, 16 Apr 2024 10:24:46 GMT vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1713263086644902 x-goog-hash: crc32c=XQOInQ==, md5=/n+NlNf1R1zxEDY3Nim30A== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 9583275 x-guploader-uploadid: ABPtcPoGHo727xbC1vx1KpUO65VO_-9CCRLC5WRIHIc5KXks5Dbhq2y-gNVH7vEddQlL-oxoAHs x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oCvvQLYGdZIH9c%2B4uP0xkSU%2F7GBJ%2BOy9LFduWOnRs98fgVkz8Rd4W8yuKJoILYvicjWE0tK1hfFIjyoYU9%2FjHZMj92qvdZ%2BNl0CryNFaRu9%2F4xoNLYs9kVOnd0sIIG47gZvuhA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} set-cookie: __cf_bm=mkiYqGg8x6SnEd25afmKS1.RqD.t8qupMZT7I.px5Zs-1714892386-1.0.1.1-1Hpg0lCbT0N.5IK.Bj.2w6Urilj33oc95lfMo632HJqqfXLR9OHUcRpCE_kN.S4AztQRt9kR4lJXvxmj3H8alg; path=/; expires=Sun, 05-May-24 07:29:46 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None _cfuvid=_n9S_IjFZF7KIIX91a2d1yfZuoKSTyUFPztDHTRy7JQ-1714892386188-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None server: cloudflare X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1142636455546589247/1229739258118537266/RoTLogo.zip?ex=6638072e&is=6636b5ae&hm=697e8545fc201e08e4228ba98d8b34accc2558fcd7c1417d51379835270c8ea7&

162.159.130.233

200 OK

9.6 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1142636455546589247/1229739258118537266/RoTLogo.zip?ex=6638072e&is=6636b5ae&hm=697e8545fc201e08e4228ba98d8b34accc2558fcd7c1417d51379835270c8ea7&
IP
162.159.130.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
9.6 MB (9583275 bytes)
Hash
fe7f8d94d7f5475cf11036373629b7d0
039088cf953a237b8204df53a51db23f81da229e
7ee4c2c1c723cfcb28a9bd2c911041717457c24490f2c08448b0ec488cbdf440

HTTP Headers

GET /attachments/1142636455546589247/1229739258118537266/RoTLogo.zip?ex=6638072e&is=6636b5ae&hm=697e8545fc201e08e4228ba98d8b34accc2558fcd7c1417d51379835270c8ea7& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 06:59:46 GMT
content-type: application/zip
content-length: 9583275
cf-ray: 87eed981bc5d56b5-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="RoTLogo.zip"
etag: "fe7f8d94d7f5475cf11036373629b7d0"
expires: Mon, 05 May 2025 06:59:46 GMT
last-modified: Tue, 16 Apr 2024 10:24:46 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1713263086644902
x-goog-hash: crc32c=XQOInQ==, md5=/n+NlNf1R1zxEDY3Nim30A==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9583275
x-guploader-uploadid: ABPtcPoGHo727xbC1vx1KpUO65VO_-9CCRLC5WRIHIc5KXks5Dbhq2y-gNVH7vEddQlL-oxoAHs
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oCvvQLYGdZIH9c%2B4uP0xkSU%2F7GBJ%2BOy9LFduWOnRs98fgVkz8Rd4W8yuKJoILYvicjWE0tK1hfFIjyoYU9%2FjHZMj92qvdZ%2BNl0CryNFaRu9%2F4xoNLYs9kVOnd0sIIG47gZvuhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=mkiYqGg8x6SnEd25afmKS1.RqD.t8qupMZT7I.px5Zs-1714892386-1.0.1.1-1Hpg0lCbT0N.5IK.Bj.2w6Urilj33oc95lfMo632HJqqfXLR9OHUcRpCE_kN.S4AztQRt9kR4lJXvxmj3H8alg; path=/; expires=Sun, 05-May-24 07:29:46 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=_n9S_IjFZF7KIIX91a2d1yfZuoKSTyUFPztDHTRy7JQ-1714892386188-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (7)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers