Report - cdn.discordapp.com/attachments/1205636185402253323/1232579718121787422/empyrean-main.zip?ex=662aa191&is=66295011&hm=707f60bdba873e2d62532f56445148d6cf84ca044ba9a533eb704568c68a6051&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1205636185402253323/1232579718121787422/empyrean-main.zip?ex=662aa191&is=66295011&hm=707f60bdba873e2d62532f56445148d6cf84ca044ba9a533eb704568c68a6051&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 20:31:21
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-04-23	635 B	471 kB	162.159.133.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1205636185402253323/1232579718121787422/empyrean-main.zip?ex=662aa191&is=66295011&hm=707f60bdba873e2d62532f56445148d6cf84ca044ba9a533eb704568c68a6051&
IP
162.159.133.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
469 kB (469244 bytes)
Hash
6535abdad3ba947fa280b8d5f836751b
5c7d20d35bcd2049fea5c07ad4d83e4e0e2fb494
15f5346f636fa7879882f23611d46da7d7fab3e03cf75366f8721fe54804f8fd

Archive (33)

Modified	Filename	Size	Md5	File type
2024-04-14 13:59	.editorconfig	158 B	34972a6636960201f371fde437feeb61	ASCII text, with CRLF line terminators
2024-04-14 13:59	bug_report.md	548 B	321354397b40eaca25d42e5fc272b833	ASCII text
2024-04-14 13:59	feature_request.md	481 B	0bce4d73d7c3d57f7d2f6a08a0b1cd76	ASCII text
2024-04-14 13:59	.gitignore	40 B	99548129ede134f3b093f2632c31e3c6	ASCII text
2024-04-14 13:59	settings.json	53 B	76a322b0ed73c31e6c0aa1babb1af1c5	JSON text data
2024-04-14 13:59	CONTRIBUTING.md	1.9 kB	e0e6d0734274226c6fa4df1a423c65f1	ASCII text, with CRLF line terminators
2024-04-14 13:59	LICENSE.md	1.1 kB	258fbe6a6a66d92f8aef944eeaa547df	ASCII text
2024-04-14 13:59	README.md	3.5 kB	1d94daec75f11af108090237254910e2	HTML document, ASCII text, with CRLF line terminators
2024-04-14 13:59	build.bat	634 B	947b2de91d99e17ff1bd006f0cb2ec58	DOS batch file, ASCII text, with CRLF line terminators
2024-04-14 13:59	main.py	1.4 kB	ba1fda5f75f9c66d0cc0c0b8c765f3b5	Python script, ASCII text executable, with CRLF line terminators
2024-04-14 13:59	build.py	2.2 kB	b972c3bd98189fef3649132428a6b5d5	Python script, ASCII text executable, with CRLF line terminators
2024-04-14 13:59	config.py	2.2 kB	083bc8cc27286e50c08f0f53876f48a8	Python script, ASCII text executable, with CRLF line terminators
2024-04-14 13:59	makeenv.py	616 B	9636255856ad526bbc00457b24373c54	Python script, ASCII text executable, with CRLF line terminators
2024-04-14 13:59	obfuscate.py	1.8 kB	b5854b3148f23dbb9355d3a30e3315a8	Python script, ASCII text executable, with CRLF line terminators
2024-04-14 13:59	writeconfig.py	555 B	2b14c9284e5337eb2af6359827b523e9	Python script, ASCII text executable, with CRLF line terminators
2024-04-14 13:59	banner.png	58 kB	05bc1a72bba6d3a1e947889816bc5af9	PNG image data, 1920 x 512, 8-bit/color RGBA, non-interlaced
2024-04-14 13:59	bu0.png	109 kB	75a957e21729fded930593afcac08bbc	PNG image data, 1289 x 742, 8-bit/color RGBA, non-interlaced
2024-04-14 13:59	em0.png	50 kB	0f1bedcd0ae85f68fdb3e2d041bcea8a	PNG image data, 600 x 493, 8-bit/color RGBA, non-interlaced
2024-04-14 13:59	em1.png	76 kB	d558a83af8c6913f87cb82cdb5c2ea0d	PNG image data, 540 x 920, 8-bit/color RGBA, non-interlaced
2024-04-14 13:59	em2.png	101 kB	044128768f6dd149fee0dd0c9907bb45	PNG image data, 432 x 850, 8-bit/color RGBA, non-interlaced
2024-04-14 13:59	em3.png	55 kB	8350a5245117e54b3ba123e1e3140756	PNG image data, 576 x 529, 8-bit/color RGBA, non-interlaced
2024-04-14 13:59	footer.png	40 kB	a7d50223d0dedc64c4722572beeddc1a	PNG image data, 1920 x 512, 8-bit/color RGBA, non-interlaced
2024-04-14 13:59	install_python.bat	686 B	f30718a354e7cc104ea553ce5ae2d486	DOS batch file, ASCII text, with very long lines (328)
2024-04-14 13:59	interferences.txt	8 B	d6ab204cd21cea2d0eb1637abc03dbc7	ASCII text, with no line terminators
2024-04-14 13:59	requirements.txt	256 B	c76e8f132c5dd920e7fe32b3cac9674f	ASCII text, with CRLF line terminators
2024-04-14 13:59	antidebug.py	12 kB	47ae6ac6b52d97d6b952b140e82ff9cf	Python script, ASCII text executable, with very long lines (1992), with CRLF line terminators
2024-04-14 13:59	browsers.py	12 kB	720067bf62202ab20bd0bdce2404b294	Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
2024-04-14 13:59	discordtoken.py	18 kB	91d7fa95e5af17a5132378a15d855d01	Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
2024-04-14 13:59	injection.py	2.4 kB	deaf00b5fa1e87d383d67653e7f9e632	Python script, ASCII text executable, with CRLF line terminators
2024-04-14 13:59	startup.py	1.4 kB	0fede8d83b25bf76cb24df5fafc68bbe	Python script, ASCII text executable, with CRLF line terminators
2024-04-14 13:59	systeminfo.py	6.8 kB	dacc6629a93a629f2e5e8dd6e6ac8752	Python script, ASCII text executable, with CRLF line terminators
2024-04-14 13:59	config.py	192 B	36b6f6034baef719be778b89b1226a6e	ASCII text, with CRLF line terminators
2024-04-14 13:59	main.py	1.2 kB	db5386b5f9edfc7500d0508fc49a9a59	Python script, ASCII text executable, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 25/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1205636185402253323/1232579718121787422/empyrean-main.zip?ex=662aa191&is=66295011&hm=707f60bdba873e2d62532f56445148d6cf84ca044ba9a533eb704568c68a6051&

162.159.133.233

200 OK

469 kB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1205636185402253323/1232579718121787422/empyrean-main.zip?ex=662aa191&is=66295011&hm=707f60bdba873e2d62532f56445148d6cf84ca044ba9a533eb704568c68a6051&
IP
162.159.133.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
469 kB (469244 bytes)
Hash
6535abdad3ba947fa280b8d5f836751b
5c7d20d35bcd2049fea5c07ad4d83e4e0e2fb494
15f5346f636fa7879882f23611d46da7d7fab3e03cf75366f8721fe54804f8fd

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 25/63

HTTP Headers

GET /attachments/1205636185402253323/1232579718121787422/empyrean-main.zip?ex=662aa191&is=66295011&hm=707f60bdba873e2d62532f56445148d6cf84ca044ba9a533eb704568c68a6051& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 20:30:56 GMT
content-type: application/zip
content-length: 469244
cf-ray: 8798da9e4eb8b51d-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="empyrean-main.zip"
etag: "6535abdad3ba947fa280b8d5f836751b"
expires: Thu, 24 Apr 2025 20:30:56 GMT
last-modified: Wed, 24 Apr 2024 06:31:45 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1713940305092180
x-goog-hash: crc32c=moEXrA==, md5=ZTWr2tO6lH+igLjV+DZ1Gw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 469244
x-guploader-uploadid: ABPtcPriRJCTIR1U7JsTTNSaOtw34k8cbyyMB9yOmZo7OXWmDgPoiSMWE9ZuDT1XLzWXRTVIs3Qqa_UK_Q
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q1gSoFpdyPG3GjMriaOHV0jMtwr2o3xlSY98Wf1ETVEWkEo3CjHzf7uOG6y74HROzkq4sCweG5L0EwwAsS1NlWsq8kPRwUOqOPxicbVzXZKsWlKj7FytP4v9wdwLQfWywpH0iw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=J4Oad3fPha_jcxtMpHjnscSVGrga4RV_sWk5V39u4bQ-1713990656-1.0.1.1-V2.PJ58FRZPkWU7IRoBRmedIQW2D_rVQWN1TIFsGEeOXOuNQArLR0seJGqvdFLbG1chHh4pqK3WJdz5IbJWKsA; path=/; expires=Wed, 24-Apr-24 21:00:56 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=g.SRA5msU8XrWa2HmhO8FNYyYGyHGAXAtRYoEpuQX5M-1713990656279-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (33)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers