Report - cdn.discordapp.com/attachments/1088936401883639849/1171900171240616078/Fps_boost_plamkata.zip?ex=6616ee15&is=66047915&hm=8d3b41d6a8c756f35c4c789d3cfd78da15f3b3af7ffa59ec91b7d75b4aa85668&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1088936401883639849/1171900171240616078/Fps_boost_plamkata.zip?ex=6616ee15&is=66047915&hm=8d3b41d6a8c756f35c4c789d3cfd78da15f3b3af7ffa59ec91b7d75b4aa85668&
IP
162.159.134.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-03-28 19:10:46
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-03-27	640 B	17 kB	162.159.130.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1088936401883639849/1171900171240616078/Fps_boost_plamkata.zip?ex=6616ee15&is=66047915&hm=8d3b41d6a8c756f35c4c789d3cfd78da15f3b3af7ffa59ec91b7d75b4aa85668&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
15 kB (14935 bytes)
Hash
26209ea5c3cba8ff22e9d85b96926156
0712a00b98934b7936a4ccd947c204186e464141
e0f937b3d8d4200cad4da9f29da876cf86d54c89b1b2868e4134a4c125bcd3b0

Archive (25)

Filename

Md5

File type

Create a restore point first.txt

d41d8cd98f00b204e9800998ecf8427e

CHANGE THE RES IF YOU DON'T LIKE IT.txt

1bd29cd8a2321cd41b081026880eb3c9

ASCII text, with no line terminators

GameUserSettings.ini

19bd34b7aa10ff27aac5e1507d42d6b8

ASCII text, with CRLF line terminators

epic games commands.txt

3fb99810eac4931e4d715c07e6d58683

ASCII text, with CRLF line terminators

Fortnite High Priority.reg

d39d1c33607b27350729253054f514fa

ASCII text, with CRLF line terminators

Fortnite Normal Priority.reg

3ca666a48357051820fb54d7dbdd284e

Windows Registry text (Win2K or above)

Turn off too.url

ad8be6d1c424a9642fbe6706dd745fe5

Generic INItialization configuration [InternetShortcut]

Turn off.url

c11ad148171fb89dc961e943689659e9

Generic INItialization configuration [InternetShortcut]

Clear Temp files.cmd

97069525452c81643843c1f373f0d785

DOS batch file, ASCII text, with CRLF line terminators

clear the dns cache.cmd

b01f41d85d8212a7433f805110837be8

DOS batch file, ASCII text, with CRLF line terminators

disable HPET.cmd

66bef50ad05530603269559082ca9237

DOS batch file, ASCII text, with CRLF line terminators

Disable Power Throttling.reg

50ff4ccd4fe707d244b2a58ffcf573bf

ASCII text, with CRLF line terminators

Stop apps automaticaly run on your pc.reg

2fdc915837fb5d76ceac02272e68144b

ASCII text, with CRLF line terminators

turn on game mode.reg

3f503a6e59cbb798ad9cc6f8c4bc7441

Windows Registry little-endian text (Win2K or above)

wake up all cores.reg

956ef1b5324ab938628aa32e170fd106

Windows Registry text (Win2K or above)

Xbox game bar off.reg

4001669a0437d83b89baca88c3235315

Windows Registry little-endian text (Win2K or above)

PARKCONTROL DOWNLOAD.txt

d41d8cd98f00b204e9800998ecf8427e

QUICKCPU DOWNLOAD.txt

d41d8cd98f00b204e9800998ecf8427e

RAZERCORTEXDOWNLOAD.txt

d41d8cd98f00b204e9800998ecf8427e

Background Apps (Turn off).url

d36dd3e6ef9f1fb595fe0ca980bf1962

Generic INItialization configuration [InternetShortcut]

Color -turn off transparency effects.url

c6a0f5c557050b7a0ac62edfc4bb37e2

Generic INItialization configuration [InternetShortcut]

Graphics settings.url

85e0a02e42fcbfd222a4cf4aed179dc6

Generic INItialization configuration [InternetShortcut]

Mouse settings.url

3619bf5061ee10841bfd941ec29752d9

Generic INItialization configuration [InternetShortcut]

msconfig.txt

d41d8cd98f00b204e9800998ecf8427e

System Restore Point.lnk

4d9e55c79ea6a1f60232e6ff2c47423b

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Fri Sep 29 13:42:07 2017, mtime=Fri Sep 29 13:42:07 2017, atime=Fri Sep 29 13:42:07 2017, length=117760, window=hide

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	cdn.discordapp.com/attachments/1088936401883639849/1171900171240616078/Fps_boost_plamkata.zip?ex=6616ee15&is=66047915&hm=8d3b41d6a8c756f35c4c789d3cfd78da15f3b3af7ffa59ec91b7d75b4aa85668&	162.159.130.233	200 OK	15 kB
URL User Request GET HTTP/2 cdn.discordapp.com/attachments/1088936401883639849/1171900171240616078/Fps_boost_plamkata.zip?ex=6616ee15&is=66047915&hm=8d3b41d6a8c756f35c4c789d3cfd78da15f3b3af7ffa59ec91b7d75b4aa85668& IP 162.159.130.233:443 ASN #13335 CLOUDFLARENET Certificate IssuerCloudflare, Inc. Subjectdiscordapp.com Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39 ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 15 kB (14935 bytes) Hash 26209ea5c3cba8ff22e9d85b96926156 0712a00b98934b7936a4ccd947c204186e464141 e0f937b3d8d4200cad4da9f29da876cf86d54c89b1b2868e4134a4c125bcd3b0 HTTP Headers GET /attachments/1088936401883639849/1171900171240616078/Fps_boost_plamkata.zip?ex=6616ee15&is=66047915&hm=8d3b41d6a8c756f35c4c789d3cfd78da15f3b3af7ffa59ec91b7d75b4aa85668& HTTP/1.1 Host: cdn.discordapp.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 28 Mar 2024 19:10:21 GMT content-type: application/zip content-length: 14935 cf-ray: 86b9eb7759861c16-OSL cf-cache-status: MISS accept-ranges: bytes, bytes cache-control: public, max-age=31536000 content-disposition: attachment; filename="Fps_boost_plamkata.zip" etag: "26209ea5c3cba8ff22e9d85b96926156" expires: Fri, 28 Mar 2025 19:10:21 GMT last-modified: Wed, 08 Nov 2023 19:52:53 GMT vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1699473173740309 x-goog-hash: crc32c=qqX+eg==, md5=JiCepcPLqP8i6dhblpJhVg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 14935 x-guploader-uploadid: ABPtcPqmjOrkfCUhaKBqFI3m958Jnvgs-KnEGYx1W0xO7y_K8Fvr217yKQV8SRr294nP5KHKkxYDqEHLEQ x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2F4r8yJbT%2BdwepmcsSsMQ70Ni%2BmzL6dlkeCsG7bhzvYiPxdjvAXH0M82h%2F0vlWRBHGsFTvfknZe4WB2lgMSEBoRI6A7f%2BqtJiM6MyHf%2FaLmkZUxTfAJPJQbNICL6Zgoftc7scQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} set-cookie: __cf_bm=qXGgzfvgxrm.lRv5Qf3563fwxSCkxIH4ekfLdZIu6qw-1711653021-1.0.1.1-l0LASUMasiplTU2.qJlDY.MRClKDGL6CInCVcefPrNGuv657UfXFUA_Q8wVV9gZX_0mmevP19oMObJjnuVim6A; path=/; expires=Thu, 28-Mar-24 19:40:21 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None _cfuvid=.ssQqthTUHltQgy4z4kj4gwdwHuRyP.xqPvd6Ryskvw-1711653021620-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None server: cloudflare X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1088936401883639849/1171900171240616078/Fps_boost_plamkata.zip?ex=6616ee15&is=66047915&hm=8d3b41d6a8c756f35c4c789d3cfd78da15f3b3af7ffa59ec91b7d75b4aa85668&

162.159.130.233

200 OK

15 kB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1088936401883639849/1171900171240616078/Fps_boost_plamkata.zip?ex=6616ee15&is=66047915&hm=8d3b41d6a8c756f35c4c789d3cfd78da15f3b3af7ffa59ec91b7d75b4aa85668&
IP
162.159.130.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
15 kB (14935 bytes)
Hash
26209ea5c3cba8ff22e9d85b96926156
0712a00b98934b7936a4ccd947c204186e464141
e0f937b3d8d4200cad4da9f29da876cf86d54c89b1b2868e4134a4c125bcd3b0

HTTP Headers

GET /attachments/1088936401883639849/1171900171240616078/Fps_boost_plamkata.zip?ex=6616ee15&is=66047915&hm=8d3b41d6a8c756f35c4c789d3cfd78da15f3b3af7ffa59ec91b7d75b4aa85668& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 19:10:21 GMT
content-type: application/zip
content-length: 14935
cf-ray: 86b9eb7759861c16-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Fps_boost_plamkata.zip"
etag: "26209ea5c3cba8ff22e9d85b96926156"
expires: Fri, 28 Mar 2025 19:10:21 GMT
last-modified: Wed, 08 Nov 2023 19:52:53 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1699473173740309
x-goog-hash: crc32c=qqX+eg==, md5=JiCepcPLqP8i6dhblpJhVg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14935
x-guploader-uploadid: ABPtcPqmjOrkfCUhaKBqFI3m958Jnvgs-KnEGYx1W0xO7y_K8Fvr217yKQV8SRr294nP5KHKkxYDqEHLEQ
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2F4r8yJbT%2BdwepmcsSsMQ70Ni%2BmzL6dlkeCsG7bhzvYiPxdjvAXH0M82h%2F0vlWRBHGsFTvfknZe4WB2lgMSEBoRI6A7f%2BqtJiM6MyHf%2FaLmkZUxTfAJPJQbNICL6Zgoftc7scQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=qXGgzfvgxrm.lRv5Qf3563fwxSCkxIH4ekfLdZIu6qw-1711653021-1.0.1.1-l0LASUMasiplTU2.qJlDY.MRClKDGL6CInCVcefPrNGuv657UfXFUA_Q8wVV9gZX_0mmevP19oMObJjnuVim6A; path=/; expires=Thu, 28-Mar-24 19:40:21 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=.ssQqthTUHltQgy4z4kj4gwdwHuRyP.xqPvd6Ryskvw-1711653021620-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers