Report - cdn.discordapp.com/attachments/1234694997266399264/1235410599194923018/BlockTheSpot-master.zip?ex=66363f87&is=6634ee07&hm=7db60cc36c099d6b1efeb85e187d0356684c56488e994da761dab7fa2e440bb3&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1234694997266399264/1235410599194923018/BlockTheSpot-master.zip?ex=66363f87&is=6634ee07&hm=7db60cc36c099d6b1efeb85e187d0356684c56488e994da761dab7fa2e440bb3&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-03 20:39:41
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-05-02	641 B	400 kB	162.159.133.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1234694997266399264/1235410599194923018/BlockTheSpot-master.zip?ex=66363f87&is=6634ee07&hm=7db60cc36c099d6b1efeb85e187d0356684c56488e994da761dab7fa2e440bb3&
IP
162.159.133.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
398 kB (397996 bytes)
Hash
8819822c97e8c711d2520f2fa0872c83
3420d598b47f1be2f84a52f45c6a718cb81ce5c3
c721e606996bb1f8efccb2f2bdb45dacb40fe87b7e0981936ffc47f9478f2d58

Archive (24)

Filename

Md5

File type

bug_report.md

0cca0aa82d26523ac1eff3f59ecc4270

ASCII text

LICENSE

b6f9960b5bbaa2cfc4553bfe266d5486

ASCII text

README.md

e8a6963bc3571862c8402c433c196ad8

ASCII text

downgrade.bat

e1c1b01bc33b17f01a3bdd84cceb459f

data

install.bat

2080fc685222b511643d34d9b1c7f8cb

data

netutils.dll

301efd794940d799a9b67575ddf9e414

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

BlockTheSpot.cpp

30b747a0fac3d0c1d28a904ccae4ea17

C source, ASCII text

BlockTheSpot.vcxproj

3f65c285a46359fa9c1c0d4d2511c4bc

XML 1.0 document, Unicode text, UTF-8 (with BOM) text

cpu.c

ce6373cbd7e83a2865198dc4ea61cc38

C source, ASCII text

cpu.h

035820a4a9b347bcd8a7ae20d0289376

C source, ASCII text

disasm.c

f60e3fdf1c5f0055718695ea06ae3d74

C source, ASCII text

disasm.h

bac55bef885643684fb41b7e85eda807

C source, ASCII text

disasm_x86.c

b617968f2b59da214a5a12f8a92d5ca5

C source, ASCII text

disasm_x86.h

8a33a338a2e1a780648148eda2fc371d

C source, ASCII text

disasm_x86_tables.h

0bfee35dd136aa197deb903dfdbbb166

C source, ASCII text, with very long lines (516)

misc.c

71bcbd1adf2f190e5653f107a61a6f98

C source, ASCII text

misc.h

9e7aee74f459eec9c512883587b60001

C source, ASCII text

dllmain.cpp

35a0b14ab0fd5b4fc3a712390082ad7c

C source, ASCII text

hosts.h

f413cc12f002d86a7b3c6ae3f5ea9104

C source, ASCII text

mhook.cpp

25042a39176df1cfb1f019fa71db8214

C source, ASCII text

mhook.h

58e247d21d168180241b2445b8a24262

C source, ASCII text

stdafx.cpp

2988ce1a9d4c70b0b9ad2450e87e3e79

C source, ASCII text

stdafx.h

4f23797f6efbaeb5c4578cf0ea4617b6

C source, ASCII text

targetver.h

0ee32c85c7df3fe7aa3c858478b0555c

C source, ASCII text

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious PowerShell code that downloads from web sites
VirusTotal	suspicious	VirusTotal - Scan result 2/67

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1234694997266399264/1235410599194923018/BlockTheSpot-master.zip?ex=66363f87&is=6634ee07&hm=7db60cc36c099d6b1efeb85e187d0356684c56488e994da761dab7fa2e440bb3&

162.159.133.233

200 OK

398 kB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1234694997266399264/1235410599194923018/BlockTheSpot-master.zip?ex=66363f87&is=6634ee07&hm=7db60cc36c099d6b1efeb85e187d0356684c56488e994da761dab7fa2e440bb3&
IP
162.159.133.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
398 kB (397996 bytes)
Hash
8819822c97e8c711d2520f2fa0872c83
3420d598b47f1be2f84a52f45c6a718cb81ce5c3
c721e606996bb1f8efccb2f2bdb45dacb40fe87b7e0981936ffc47f9478f2d58

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/67

HTTP Headers

GET /attachments/1234694997266399264/1235410599194923018/BlockTheSpot-master.zip?ex=66363f87&is=6634ee07&hm=7db60cc36c099d6b1efeb85e187d0356684c56488e994da761dab7fa2e440bb3& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 20:39:16 GMT
content-type: application/zip
content-length: 397996
cf-ray: 87e30f32f81fb4f9-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="BlockTheSpot-master.zip"
etag: "8819822c97e8c711d2520f2fa0872c83"
expires: Sat, 03 May 2025 20:39:16 GMT
last-modified: Thu, 02 May 2024 02:00:39 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1714615239726469
x-goog-hash: crc32c=5UFwBg==, md5=iBmCLJfoxxHSUg8voIcsgw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 397996
x-guploader-uploadid: ABPtcPqwihyGF9Fk0s4xQAfTrY3PFPfYJXuK9UTObJUyKsy9uIM2hKPhX2G1O-VMiSeffB482sk
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DHN6AmYaCmy600DaDFgY3R%2F1T9mxQm7VA48OHbpxeJa%2FnSVTSoxrWX5ZLjaphpPUaMJfL48LCHBJzFS%2F9B6JDrO1nUtqFNNv%2F8bwM4kv6NuwH5E3AkYJioZ4smL39g4wZ1DodA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=flp5XUmwBi_XHYiNhbnkWzRDTzQpQr.ipmU4hjh3ITE-1714768756-1.0.1.1-0BB3tiqYlXmgpEyhpDwvHGW0j8pstLkjh8zfpKmZWg6dsfcToTF6J.HCfnGlevrrjZ..cRyMQvw2FpFijViPrQ; path=/; expires=Fri, 03-May-24 21:09:16 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=cjoglOb7BNnFORzNq_4hW0Rhaerw1ockRvU37o8.szk-1714768756286-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (24)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers