{"report_id":"78ed1ca5-6b82-4d51-a5e4-c3448748e282","version":6,"status":"done","tags":[],"date":"2024-11-29T18:39:32Z","url":{"schema":"http","addr":"cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026","fqdn":"cdn.discordapp.com","domain":"discordapp.com","tld":"com"},"ip":{"addr":"162.159.135.233","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"title":"New Private Tab"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-07T18:39:32Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"cdn.discordapp.com","ip":{"addr":"162.159.129.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-02-26","domain_rank":2474,"first_seen":"2015-08-24T15:06:21Z","last_seen":"2024-11-27T02:03:37.914094Z","alert_count":6,"request_count":3,"received_data":14594,"sent_data":2072,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T18:39:07Z","timestamp":1732905547,"ip_dst":{"addr":"162.159.129.233","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":51468,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO RAR File Download Request via Discord","source":"{\"timestamp\":\"2024-11-29T18:39:07.532520+0000\",\"flow_id\":1827328368535269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":51468,\"dest_ip\":\"162.159.129.233\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049227,\"rev\":1,\"signature\":\"ET INFO RAR File Download Request via Discord\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_11_16\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2023_11_16\"]}},\"http\":{\"hostname\":\"cdn.discordapp.com\",\"url\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"length\":139},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":820,\"bytes_toclient\":1748,\"start\":\"2024-11-29T18:39:07.485093+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T18:39:17Z","timestamp":1732905557,"ip_dst":{"addr":"172.18.0.7","port":51468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.159.129.233","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING Redirect to Discord Attachment Download","source":"{\"timestamp\":\"2024-11-29T18:39:17.676194+0000\",\"flow_id\":1827328368535269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.159.129.233\",\"src_port\":80,\"dest_ip\":\"172.18.0.7\",\"dest_port\":51468,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049228,\"rev\":1,\"signature\":\"ET HUNTING Redirect to Discord Attachment Download\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"162.159.129.233\",\"port\":80},\"target\":{\"ip\":\"172.18.0.7\",\"port\":51468},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_11_16\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_16\"]}},\"http\":{\"hostname\":\"cdn.discordapp.com\",\"url\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"length\":167},\"files\":[{\"filename\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":167,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":952,\"bytes_toclient\":1814,\"start\":\"2024-11-29T18:39:07.485093+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026","fqdn":"cdn.discordapp.com","domain":"discordapp.com","tld":"com"},"ip":{"addr":"162.159.129.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T18:39:07.538Z","timestamp":1732905547538,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"discordapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Nov 2024 03:07:45 GMT","end":"Sat, 15 Feb 2025 03:07:44 GMT"},"fingerprint":{"sha1":"22:B1:64:AE:CF:BA:26:94:03:7F:1B:24:F0:6D:7A:06:7E:B3:B7:75","sha256":"94:D8:B7:61:42:C9:44:C7:C3:AE:DF:10:85:96:84:A7:2C:97:C2:F7:5B:EF:87:03:B3:52:B1:4B:AF:23:7A:DE"}}},"request":{"raw":"GET /attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026 HTTP/1.1\r\nHost: cdn.discordapp.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Fri, 29 Nov 2024 18:39:07 GMT\r\nContent-Type: text/html\r\nContent-Length: 167\r\nConnection: keep-alive\r\nCache-Control: max-age=3600\r\nExpires: Fri, 29 Nov 2024 19:39:07 GMT\r\nLocation: https://cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\r\nX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=oHzeRO2Jv9LZYNUqE1%2FY70mEFkZRR%2Fjt9huZB%2BFtkiJdNbSBXK4vKCntMCr%2BzjQez7m4CCQVBNmRGv9kDdQsQ%2B4Jm9lVHUh3n0WhiT76xq7qbPItN9RBGM6ZY5L%2FRtu83hPekg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nSet-Cookie: __cf_bm=pEy6t1lDHB_hX2XBs7SU_0srTSBrckhLHJGsKvZ3g1E-1732905547-1.0.1.1-nZmrZy3gTyq9BKK98t8GzpqvR523_rTum8pEdQvF8K.j6YSWpKJLbi3SwqRmcK9KCdd.3JIpLOUCvLadOgPiyw; path=/; expires=Fri, 29-Nov-24 19:09:07 GMT; domain=.discordapp.com; HttpOnly\n_cfuvid=SbBzwqr6vb7knGgXt9W53bisVWLLx6HtpxR9rwyQ92s-1732905547517-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly\r\nServer: cloudflare\r\nCF-RAY: 8ea4b7f7efb2b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":167,"size_decoded":167,"mime_type":"application/xml; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"0104c301c5e02bd6148b8703d19b3a73","sha1":"7436e0b4b1f8c222c38069890b75fa2baf9ca620","sha256":"446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f","sha512":"84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf","ssdeep":"","tlshash":"c4c08cad6b523c98b8a73b3960c3a1a0e2ec803022d9042202b04a07f0cb1e78ec23d1","first_seen":"2023-04-05T06:32:17Z","last_seen":"2025-09-21T18:05:05.674757Z","times_seen":190494,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T18:39:07Z","timestamp":1732905547,"ip_dst":{"addr":"162.159.129.233","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":51468,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO RAR File Download Request via Discord","source":"{\"timestamp\":\"2024-11-29T18:39:07.532520+0000\",\"flow_id\":1827328368535269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":51468,\"dest_ip\":\"162.159.129.233\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049227,\"rev\":1,\"signature\":\"ET INFO RAR File Download Request via Discord\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_11_16\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2023_11_16\"]}},\"http\":{\"hostname\":\"cdn.discordapp.com\",\"url\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"length\":139},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":820,\"bytes_toclient\":1748,\"start\":\"2024-11-29T18:39:07.485093+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T18:39:17Z","timestamp":1732905557,"ip_dst":{"addr":"172.18.0.7","port":51468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.159.129.233","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING Redirect to Discord Attachment Download","source":"{\"timestamp\":\"2024-11-29T18:39:17.676194+0000\",\"flow_id\":1827328368535269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.159.129.233\",\"src_port\":80,\"dest_ip\":\"172.18.0.7\",\"dest_port\":51468,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049228,\"rev\":1,\"signature\":\"ET HUNTING Redirect to Discord Attachment Download\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"162.159.129.233\",\"port\":80},\"target\":{\"ip\":\"172.18.0.7\",\"port\":51468},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_11_16\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_16\"]}},\"http\":{\"hostname\":\"cdn.discordapp.com\",\"url\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"length\":167},\"files\":[{\"filename\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":167,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":952,\"bytes_toclient\":1814,\"start\":\"2024-11-29T18:39:07.485093+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026","fqdn":"cdn.discordapp.com","domain":"discordapp.com","tld":"com"},"ip":{"addr":"162.159.133.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T18:39:07.538Z","timestamp":1732905547538,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"discordapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Nov 2024 03:07:45 GMT","end":"Sat, 15 Feb 2025 03:07:44 GMT"},"fingerprint":{"sha1":"22:B1:64:AE:CF:BA:26:94:03:7F:1B:24:F0:6D:7A:06:7E:B3:B7:75","sha256":"94:D8:B7:61:42:C9:44:C7:C3:AE:DF:10:85:96:84:A7:2C:97:C2:F7:5B:EF:87:03:B3:52:B1:4B:AF:23:7A:DE"}}},"request":{"raw":"GET /attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026 HTTP/1.1\r\nHost: cdn.discordapp.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Fri, 29 Nov 2024 18:39:07 GMT\r\ncontent-type: application/xml; charset=UTF-8\r\ncf-ray: 8ea4b7f59ea2b4f1-OSL\r\ncf-cache-status: MISS\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: attachment\r\nexpires: Sat, 29 Nov 2025 18:39:07 GMT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-guploader-uploadid: AFiumC7GvfyBjlBkC3mgBDKBdZ0soNK4qZvhKB9TrehPak4__e7jcbUimDVkvhtCAMBs8f71JHs\r\nx-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=iQwhtgBr0Kb%2B5Q2pWLf%2BBigBIt8V%2BuITQecrwNXj6Q2zHRGCQ4SzPUUbj%2FK6Iv9b%2FHDZBKNl6exR83So9MOltkfm%2F17xyRzxRtYa65PI6Asu1TNTD3hCaKGMaLT00IaB4K0rMg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nset-cookie: __cf_bm=9ObGiJVG97RthjttnguVHNjc9A3ApICBGX3kLmmt78I-1732905547-1.0.1.1-.Sp3UJq6UzBOj1tln8_FFir9JBJ7Ko5oQvDGAmkDT2RTfsQl8t3Z_BuJPMxtEYmxgszGBiEc5haL_pOS8tcDBQ; path=/; expires=Fri, 29-Nov-24 19:09:07 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None\n_cfuvid=dYPnou5xvIPU6.TTPupLfPSGRYUcSIvrqBGiQA3STLw-1732905547361-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":5428,"size_decoded":234,"mime_type":"application/xml; charset=UTF-8","magic":"XML 1.0 document, ASCII text, with no line terminators","md5":"b76d07b514e6cbb3f421fe797b629767","sha1":"f6d451b86286bde9f49991d5f9a7709298b2ec09","sha256":"fe975afcbe0bf0147f14d3c47d57f30c538c383bebdfe76b71031f9ed3fff2ea","sha512":"d0f9f5670fbf22f27d96c1c08c5f635fced52366b1b64eff0a26ea0dc4011076a5a21a43a116bfdf007974b45211421b55398961c23829ce07fe0cee1cad70ee","ssdeep":"","tlshash":"a9d0970002b0600a2499a479a12cf78caa3291640100723c69e0c9c2a3c92027e57b42","first_seen":"2024-11-29T18:39:32.451624Z","last_seen":"2024-11-29T18:39:32.451624Z","times_seen":1,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T18:39:07Z","timestamp":1732905547,"ip_dst":{"addr":"162.159.129.233","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":51468,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO RAR File Download Request via Discord","source":"{\"timestamp\":\"2024-11-29T18:39:07.532520+0000\",\"flow_id\":1827328368535269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":51468,\"dest_ip\":\"162.159.129.233\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049227,\"rev\":1,\"signature\":\"ET INFO RAR File Download Request via Discord\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_11_16\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2023_11_16\"]}},\"http\":{\"hostname\":\"cdn.discordapp.com\",\"url\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"length\":139},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":820,\"bytes_toclient\":1748,\"start\":\"2024-11-29T18:39:07.485093+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T18:39:17Z","timestamp":1732905557,"ip_dst":{"addr":"172.18.0.7","port":51468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.159.129.233","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING Redirect to Discord Attachment Download","source":"{\"timestamp\":\"2024-11-29T18:39:17.676194+0000\",\"flow_id\":1827328368535269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.159.129.233\",\"src_port\":80,\"dest_ip\":\"172.18.0.7\",\"dest_port\":51468,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049228,\"rev\":1,\"signature\":\"ET HUNTING Redirect to Discord Attachment Download\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"162.159.129.233\",\"port\":80},\"target\":{\"ip\":\"172.18.0.7\",\"port\":51468},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_11_16\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_16\"]}},\"http\":{\"hostname\":\"cdn.discordapp.com\",\"url\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"length\":167},\"files\":[{\"filename\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":167,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":952,\"bytes_toclient\":1814,\"start\":\"2024-11-29T18:39:07.485093+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026","fqdn":"cdn.discordapp.com","domain":"discordapp.com","tld":"com"},"ip":{"addr":"162.159.133.233","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T18:39:07.538Z","timestamp":1732905547538,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"discordapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Nov 2024 03:07:45 GMT","end":"Sat, 15 Feb 2025 03:07:44 GMT"},"fingerprint":{"sha1":"22:B1:64:AE:CF:BA:26:94:03:7F:1B:24:F0:6D:7A:06:7E:B3:B7:75","sha256":"94:D8:B7:61:42:C9:44:C7:C3:AE:DF:10:85:96:84:A7:2C:97:C2:F7:5B:EF:87:03:B3:52:B1:4B:AF:23:7A:DE"}}},"request":{"raw":"GET /attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026 HTTP/1.1\r\nHost: cdn.discordapp.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __cf_bm=9ObGiJVG97RthjttnguVHNjc9A3ApICBGX3kLmmt78I-1732905547-1.0.1.1-.Sp3UJq6UzBOj1tln8_FFir9JBJ7Ko5oQvDGAmkDT2RTfsQl8t3Z_BuJPMxtEYmxgszGBiEc5haL_pOS8tcDBQ; _cfuvid=dYPnou5xvIPU6.TTPupLfPSGRYUcSIvrqBGiQA3STLw-1732905547361-0.0.1.1-604800000\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 29 Nov 2024 18:39:07 GMT\r\ncontent-type: application/xml; charset=UTF-8\r\ncf-ray: 8ea4b7f82eff569c-OSL\r\ncf-cache-status: HIT\r\nage: 0\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: attachment\r\nexpires: Sat, 29 Nov 2025 18:39:07 GMT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-guploader-uploadid: AFiumC7GvfyBjlBkC3mgBDKBdZ0soNK4qZvhKB9TrehPak4__e7jcbUimDVkvhtCAMBs8f71JHs\r\nx-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp\r\npriority: u=1,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=VJ%2F23jNv90R6YIfIwXg1XrykYRFNtdmeTi3bDvgyBA%2BWMk%2Bih%2B2joF97YCTnDPh43kHc0o%2BnvFDniLlNsnf0rrAQC97B0xk2T7zLJcNo0sLPA7nu6Tm6FUHsJRCSmtyBeFHfSw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncontent-encoding: br\r\nserver-timing: cfExtPri\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":5459,"size_decoded":234,"mime_type":"application/xml; charset=UTF-8","magic":"XML 1.0 document, ASCII text, with no line terminators","md5":"b76d07b514e6cbb3f421fe797b629767","sha1":"f6d451b86286bde9f49991d5f9a7709298b2ec09","sha256":"fe975afcbe0bf0147f14d3c47d57f30c538c383bebdfe76b71031f9ed3fff2ea","sha512":"d0f9f5670fbf22f27d96c1c08c5f635fced52366b1b64eff0a26ea0dc4011076a5a21a43a116bfdf007974b45211421b55398961c23829ce07fe0cee1cad70ee","ssdeep":"","tlshash":"a9d0970002b0600a2499a479a12cf78caa3291640100723c69e0c9c2a3c92027e57b42","first_seen":"2024-11-29T18:39:32.451624Z","last_seen":"2024-11-29T18:39:32.451624Z","times_seen":1,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T18:39:07Z","timestamp":1732905547,"ip_dst":{"addr":"162.159.129.233","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.7","port":51468,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO RAR File Download Request via Discord","source":"{\"timestamp\":\"2024-11-29T18:39:07.532520+0000\",\"flow_id\":1827328368535269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.7\",\"src_port\":51468,\"dest_ip\":\"162.159.129.233\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049227,\"rev\":1,\"signature\":\"ET INFO RAR File Download Request via Discord\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2023_11_16\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2023_11_16\"]}},\"http\":{\"hostname\":\"cdn.discordapp.com\",\"url\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"length\":139},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":820,\"bytes_toclient\":1748,\"start\":\"2024-11-29T18:39:07.485093+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-11-29T18:39:17Z","timestamp":1732905557,"ip_dst":{"addr":"172.18.0.7","port":51468,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.159.129.233","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING Redirect to Discord Attachment Download","source":"{\"timestamp\":\"2024-11-29T18:39:17.676194+0000\",\"flow_id\":1827328368535269,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.159.129.233\",\"src_port\":80,\"dest_ip\":\"172.18.0.7\",\"dest_port\":51468,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049228,\"rev\":1,\"signature\":\"ET HUNTING Redirect to Discord Attachment Download\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"162.159.129.233\",\"port\":80},\"target\":{\"ip\":\"172.18.0.7\",\"port\":51468},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_11_16\"],\"deployment\":[\"SSLDecrypt\",\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_16\"]}},\"http\":{\"hostname\":\"cdn.discordapp.com\",\"url\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"http_user_agent\":\"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://cdn.discordapp.com/attachments/571090709377974274/1312118231607152763/dxwrapper.rar?ex=674b54d4\u0026is=674a0354\u0026hm=be07be426ea8db241418b2d2b6405dc46d10b175d517aede1f006ddf5e620799\u0026\",\"length\":167},\"files\":[{\"filename\":\"/attachments/571090709377974274/1312118231607152763/dxwrapper.rar\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":167,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":952,\"bytes_toclient\":1814,\"start\":\"2024-11-29T18:39:07.485093+0000\"}}"}],"analyzer":null,"urlquery":null}}]}