Report - cdn.discordapp.com/attachments/1220673703579353099/1232067820393595011/Pornhub_Premium.zip?ex=6628c4d3&is=66277353&hm=2cf49a1bb9321e989a6533ed3875a00ca34a5c1864edbc380467c4032d52e8e8&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1220673703579353099/1232067820393595011/Pornhub_Premium.zip?ex=6628c4d3&is=66277353&hm=2cf49a1bb9321e989a6533ed3875a00ca34a5c1864edbc380467c4032d52e8e8&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-23 10:16:08
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-04-22	637 B	4.1 MB	162.159.133.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1220673703579353099/1232067820393595011/Pornhub_Premium.zip?ex=6628c4d3&is=66277353&hm=2cf49a1bb9321e989a6533ed3875a00ca34a5c1864edbc380467c4032d52e8e8&
IP
162.159.133.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
4.1 MB (4069873 bytes)
Hash
e79bf06a3ef671ea9673ef4c923057f2
1ebdcb9cdf6a0b1a7102ef7c73c39d4d6312002f
eb7b62c17ebed21c0a4e58674436c7aa461abbd2e75101c90862623ce0c37ae2

Archive (13)

Filename

Md5

File type

AGIpHelperClose.dll

b33bef46898db3038d755e2881ab6d6a

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

default.adg

f07c5034ad2e6a558c2860bfca7a03c8

Zip archive data, at least v2.0 to extract, compression method=deflate

drivers.bin

65f89ae32162b4efac226d5467e497b8

Zip archive data, at least v2.0 to extract, compression method=store

Google.Protobuf.dll

a93c82719e98c382d81bc0dcd99ad402

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Setup.exe

ca8439ab62bea393fecaf8cda29029c4

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 6 sections

SharpRaven.dll

1bd677bea16cf6490c6cf35c0d1c0174

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SQLite.Interop.dll

eaebd32500264123ef3f2a4cd2aee629

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

System.Data.SQLite.dll

ae8e6840bcfce9ab0f6db77a5f60ca1a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Memory.dll

2bc5de386a4297144781d15b8e812b63

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Runtime.CompilerServices.Unsafe.dll

a5aa80f49ad64689085755ab1ebf086e

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Runtime.InteropServices.RuntimeInformation.dll

82deb78891f430007e871a35ce28fac4

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

System.Windows.Interactivity.dll

3ab57a33a6e3a1476695d5a6e856c06a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

wintun.dll

fa0391a861b949de22e0a59c6faeaed5

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	malicious	VirusTotal - Scan result 21/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1220673703579353099/1232067820393595011/Pornhub_Premium.zip?ex=6628c4d3&is=66277353&hm=2cf49a1bb9321e989a6533ed3875a00ca34a5c1864edbc380467c4032d52e8e8&

162.159.133.233

200 OK

4.1 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1220673703579353099/1232067820393595011/Pornhub_Premium.zip?ex=6628c4d3&is=66277353&hm=2cf49a1bb9321e989a6533ed3875a00ca34a5c1864edbc380467c4032d52e8e8&
IP
162.159.133.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
4.1 MB (4069873 bytes)
Hash
e79bf06a3ef671ea9673ef4c923057f2
1ebdcb9cdf6a0b1a7102ef7c73c39d4d6312002f
eb7b62c17ebed21c0a4e58674436c7aa461abbd2e75101c90862623ce0c37ae2

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 21/65

HTTP Headers

GET /attachments/1220673703579353099/1232067820393595011/Pornhub_Premium.zip?ex=6628c4d3&is=66277353&hm=2cf49a1bb9321e989a6533ed3875a00ca34a5c1864edbc380467c4032d52e8e8& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 23 Apr 2024 10:15:40 GMT
content-type: application/zip
content-length: 4069873
cf-ray: 878d18008971b50f-OSL
cf-cache-status: HIT
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Pornhub_Premium.zip"
etag: "e79bf06a3ef671ea9673ef4c923057f2"
expires: Wed, 23 Apr 2025 10:15:40 GMT
last-modified: Mon, 22 Apr 2024 20:37:39 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1713818259171783
x-goog-hash: crc32c=fcG/iw==, md5=55vwaj72ceqWc+9MkjBX8g==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4069873
x-guploader-uploadid: ABPtcPpPruwShkLNk7eqngwEKcv2dw1EmodCqGIEbeMnDMbKjafXt_5tt81O6trhl28gob94QAL-7FkbqQ
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NtQcnJeZcFtRYqXNseGcmEvHKLIa5JkNR%2F9RFvHH4gxAUMPU1Q5VRcMcxL1L1jhxQUwNTBUxsOuEce7670RQCIj7hgk9013it6jQUoLhz%2FtlIMLPQkF5QA%2Fdm1NbDJFX9AE6Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=zfqKIlKzR607rQjDNWJj6xf3IGlbUlyY1Jx7c1qfaxU-1713867340-1.0.1.1-8ZIGBZD.dtuPmIqGDOoDwdkk2ghV3216hbtsD_SdoI5_ep7wKUp5Lp6KYFM.7iuGdX3OZOh0Udn_AJB9PMbr.A; path=/; expires=Tue, 23-Apr-24 10:45:40 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=w2HXz8SL8CZZjCIUKzKJVJ.MlkdakFO6QyTYzuDJon8-1713867340926-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2