Report - cdn.discordapp.com/attachments/1226067135344672810/1233007784266694707/Zero-attacker-Zero-attacker.zip?ex=662b877b&is=662a35fb&hm=672243eb77a08f12000e82ca93129c06f2f7707b828dd6d0880a177e668cb1dc&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1226067135344672810/1233007784266694707/Zero-attacker-Zero-attacker.zip?ex=662b877b&is=662a35fb&hm=672243eb77a08f12000e82ca93129c06f2f7707b828dd6d0880a177e668cb1dc&
IP
162.159.129.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 10:57:21
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-24	512 B	1.2 kB	35.244.181.201
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-04-24	649 B	157 kB	162.159.135.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1226067135344672810/1233007784266694707/Zero-attacker-Zero-attacker.zip?ex=662b877b&is=662a35fb&hm=672243eb77a08f12000e82ca93129c06f2f7707b828dd6d0880a177e668cb1dc&
IP
162.159.135.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
155 kB (155310 bytes)
Hash
c753b9d2bc90e8db7d3c7bd920795405
36766756ad339180661651d8966ed88121b976b2
aaef823754d1230108212fee796ee805553af7067111f3b8e51a3cbe62e3e9d3

Archive (56)

Modified	Filename	Size	Md5	File type
2023-09-06 06:38	.gitignore	36 B	c78f6fc5408a32eafaabc58e09bd963f	ASCII text
2023-09-06 06:38	1.jpg	80 kB	a601c20fae1ff0da5f472ee2b601ec71	JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 1437x486, components 3
2023-09-06 06:38	2.jpg	112 kB	7b7e63f92f885e3a4e9eae22309d1d1d	JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 1461x635, components 3
2023-09-06 06:38	LICENSE	1.1 kB	6eac5cc612ec4d81975ed49c5fedf60a	ASCII text
2023-09-06 06:38	README.md	1.9 kB	55a09c9fb9d344e96648a0cae18cfb1e	Unicode text, UTF-8 text, with CRLF line terminators
2023-09-06 06:38	list.txt	325 B	d8bede533796baa04617f931091d1b6e	ASCII text, with CRLF line terminators
2023-09-06 06:38	main.py	658 B	74b77c5e0b0f67f57600f9dbb1b20f1d	ASCII text, with CRLF line terminators
2023-09-06 06:38	ddos.py	2.1 kB	0b1fd339f4387bfa69a70a25821e5176	ASCII text, with CRLF line terminators
2023-09-06 06:38	discord-token-grabber.py	1.6 kB	80f1857193fca5d4528f6908882ef584	ASCII text, with CRLF line terminators
2023-09-06 06:38	email-bomber.py	3.6 kB	1cb6a85dc370f7794e419d3b1f1303ce	Python script, ASCII text executable, with CRLF line terminators
2023-09-06 06:38	ip-lookup.py	954 B	440e079b15544d7e676266bd50322c05	Python script, ASCII text executable, with CRLF line terminators
2023-09-06 06:38	index.js	6.1 kB	5766f163501ec6d35de9bbb90f69c1d7	JavaScript source, ASCII text, with CRLF line terminators
2023-09-06 06:38	main.py	1.1 kB	878529c3b8b446e60eea2b6583c2a176	Python script, ASCII text executable, with CRLF line terminators
2023-09-06 06:38	package-lock.json	40 kB	17195928cc55164e03120624e0dfd3df	JSON text data
2023-09-06 06:38	package.json	437 B	51bccb8fdca39bbeced13eaf46e55e7c	JSON text data
2023-09-06 06:38	phone-locator.py	1.6 kB	ec70948300e24d7ea8d1b111390ff543	Python script, ASCII text executable, with CRLF line terminators
2023-09-06 06:38	port-scanner.py	992 B	0aed3876a35a43d1f42b25f7a1ebf830	Python script, ASCII text executable, with CRLF line terminators
2023-09-06 06:38	basiclist.txt	279 B	91a05ac27e7208b71d933664c19ee0c5	ASCII text
2023-09-06 06:38	main.py	797 B	7dc7ac0ba9448cccb73c7e791468c2e8	Python script, ASCII text executable
2023-09-06 06:38	Amazon.com.txt	6.8 kB	24d66c8553977ce8c23d00cd297d4c45	ASCII text
2023-09-06 06:38	Apple.com.txt	3.4 kB	e2b6f320e4b5ba22ef05ef1689d4adff	ASCII text
2023-09-06 06:38	BBC.com.txt	260 B	9301263cd12732da80f435e9587b893f	ASCII text
2023-09-06 06:38	Bing.com.txt	260 B	92c9ed941567c5245585893e513232c0	ASCII text
2023-09-06 06:38	CNN.com.txt	1.8 kB	745d4b534867d6f6c3e85d6dc82df4af	ASCII text
2023-09-06 06:38	Dell.com.txt	1.7 kB	4586c4c600b7a02f000f8e3d79b9182c	ASCII text
2023-09-06 06:38	Dropbox.com.txt	888 B	4357b479f3cf73e675094cc3b83c73a6	ASCII text
2023-09-06 06:38	Ebay.com.txt	3.9 kB	d1fead0c8c667f68d33f208007af3b40	ASCII text
2023-09-06 06:38	Facebook.com.txt	2.2 kB	f42e2b6ccb40bde1a3cabb9a46ee81b1	ASCII text
2023-09-06 06:38	GoDaddy.com.txt	1.4 kB	7faec453c936c6be1c94ef3029545cb0	ASCII text
2023-09-06 06:38	Google.com.txt	3.0 kB	c5d36d85c077442a3da7c3b2d2773b70	ASCII text
2023-09-06 06:38	Instagram.com.txt	374 B	03ee7507427140a7930db570ccb1a960	ASCII text
2023-09-06 06:38	LICENSE	1.1 kB	f8fa1f68498fc7e204b7f2f38507d7f0	ASCII text
2023-09-06 06:38	LinkedIn.com.txt	2.5 kB	7ed21a0a515304fbb27db6332518fbb4	ASCII text
2023-09-06 06:38	Microsoft.com.txt	4.2 kB	67e9c1c7e97660cf3c1c5edf8ee7bb62	ASCII text
2023-09-06 06:38	Netflix.com.txt	1.7 kB	d3872790bbb141858385d36563531743	ASCII text
2023-09-06 06:38	Office.com.txt	377 B	7a4b1c98a1195489da852dd65e0eb373	ASCII text
2023-09-06 06:38	PayPal.com.txt	3.8 kB	95d959b4976012e56f5229d98d109e18	ASCII text
2023-09-06 06:38	Pinterest.com.txt	1.1 kB	9925d4e7ed438373752f2cbf62618195	ASCII text
2023-09-06 06:38	README.md	110 B	c039431c81238034a34c619af296112c	ASCII text
2023-09-06 06:38	Reddit.com.txt	174 B	ace87b5e26f8b7396e984ab6ebdea146	ASCII text
2023-09-06 06:38	Sap.com.txt	2.7 kB	6bbd82eba66d5e154c823ad599252f05	ASCII text
2023-09-06 06:38	Twitter.com.txt	1.0 kB	5eff856dbe2234c8e4448dfa5e093c7e	ASCII text
2023-09-06 06:38	Uber.com.txt	5.4 kB	c59f42459a8cff4df259e345c70adbea	ASCII text
2023-09-06 06:38	Ubnt.com.txt	512 B	1297eead536aea752c1b86b97dca058d	ASCII text
2023-09-06 06:38	WhatsApp.com.txt	231 B	3202d2ec90808ccdd3d151c0b7015d29	ASCII text
2023-09-06 06:38	Wikipedia.org.txt	1.9 kB	2a91b3a984d1a796dc2f0df8688834b1	ASCII text
2023-09-06 06:38	Work.txt	1 B	68b329da9893e34099c7d8ad5cb9c940	very short file (no magic)
2023-09-06 06:38	Yahoo.com.txt	12 kB	0fdf85a1b2088985eb106bbaf4014954	ASCII text
2023-09-06 06:38	YouTube.com.txt	570 B	0c2850081a072fde27285972efda374a	ASCII text
2023-09-06 06:38	zero-tool.py	4.9 kB	647c80602b9a31b3d1befa6873142c05	Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
2023-09-06 06:38	info.py	566 B	a464c8cb4e929a353761696d262b60ec	Python script, ASCII text executable, with CRLF line terminators
2023-09-06 06:38	install.bat	376 B	abd3034f6ac82fb4c30a81e4309ae43a	DOS batch file, ASCII text
2023-09-06 06:38	requirements.txt	35 B	f7335efbf49a170e4e34c166d03e6a6b	ASCII text, with CRLF line terminators
2023-09-06 06:38	start.bat	46 B	a189fb5ed8313fb7eeef071761360114	ASCII text, with CRLF line terminators
2023-09-06 06:38	zero-tool.py	8 B	854a831b6a38ca22ca1466c5c464de49	ASCII text, with CRLF line terminators
2023-09-06 06:38	zero.py	2.8 kB	29156f1420c9b5facda6e5b08d605399	Python script, Unicode text, UTF-8 text executable, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 7/63

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

cdn.discordapp.com/attachments/1226067135344672810/1233007784266694707/Zero-attacker-Zero-attacker.zip?ex=662b877b&is=662a35fb&hm=672243eb77a08f12000e82ca93129c06f2f7707b828dd6d0880a177e668cb1dc&

162.159.135.233

200 OK

155 kB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1226067135344672810/1233007784266694707/Zero-attacker-Zero-attacker.zip?ex=662b877b&is=662a35fb&hm=672243eb77a08f12000e82ca93129c06f2f7707b828dd6d0880a177e668cb1dc&
IP
162.159.135.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
155 kB (155310 bytes)
Hash
c753b9d2bc90e8db7d3c7bd920795405
36766756ad339180661651d8966ed88121b976b2
aaef823754d1230108212fee796ee805553af7067111f3b8e51a3cbe62e3e9d3

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 7/63

HTTP Headers

GET /attachments/1226067135344672810/1233007784266694707/Zero-attacker-Zero-attacker.zip?ex=662b877b&is=662a35fb&hm=672243eb77a08f12000e82ca93129c06f2f7707b828dd6d0880a177e668cb1dc& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 10:56:56 GMT
content-type: application/zip
content-length: 155310
cf-ray: 879dcf2e5fca712d-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Zero-attacker-Zero-attacker.zip"
etag: "c753b9d2bc90e8db7d3c7bd920795405"
expires: Fri, 25 Apr 2025 10:56:56 GMT
last-modified: Thu, 25 Apr 2024 10:52:44 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1714042364006305
x-goog-hash: crc32c=Pt9pRw==, md5=x1O50ryQ6Nt9PHvZIHlUBQ==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 155310
x-guploader-uploadid: ABPtcPpAZ7qs9KijNVUhNV51giiVNDJwcuQqYfeyfPUBhJiwNrTrc5tMZhyQeUMr4mfC_1aFmrA1GC1elg
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x9CImcwUQ5jm3CBgR0iyGyX20elr7pt1IYGtJsDayhKpZ%2B%2BmuUZL0TTXS54lLAXxuL8CzVnmA9alcLRnH2AmOKEUvi%2BhAzFIbsh%2BLdKKyFXaf2kSNoiCS20Yw2PRHQBuTZzEbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=GSKfjbieydWf8T7XWuQQ9ULsvCJqXefrvsiR7gyCiM0-1714042616-1.0.1.1-liypvW1ObhpVJ4oad4_RG4x0Ddesl1bO_m8feMeGkq5v.mLllIn.bMi0k4zmVdAhiDLCru00tklQ3ACLic5xAw; path=/; expires=Thu, 25-Apr-24 11:26:56 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=d0oVHaTJANozUEORpjF2iccpHv8hEpL.bjbFgwJ9myo-1714042616803-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=kaEiLTLAMEVb7aUOOAw0ZNSigS6TU3apZzWLCaXhoVQnP3il8s5n2C1axwdL3tZ-K6CXRAoxjkV_fqE9fPYQFEhRzcgXLjyvhMNkH8vZEL1rOxfW15R5k780pZSaH1qn
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Thu, 25 Apr 2024 10:56:42 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 33
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (56)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers