Report - cdn.discordapp.com/attachments/1313135964901605378/1334377720456548423/ryujinpaid.zip?ex=679cf858&is=679ba6d8&hm=3b62d0a84b8d8a6426198491a93a9d9b0ba8137bc54d3cbce6db68bf19b0c3f4&

Report Overview

Visited public
2025-01-30 19:24:57
Tags
URL
cdn.discordapp.com/attachments/1313135964901605378/1334377720456548423/ryujinpaid.zip?ex=679cf858&is=679ba6d8&hm=3b62d0a84b8d8a6426198491a93a9d9b0ba8137bc54d3cbce6db68bf19b0c3f4&
Finishing URL
about:privatebrowsing
IP / ASN
162.159.135.233
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2025-01-29	644 B	2.0 MB	162.159.129.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1313135964901605378/1334377720456548423/ryujinpaid.zip?ex=679cf858&is=679ba6d8&hm=3b62d0a84b8d8a6426198491a93a9d9b0ba8137bc54d3cbce6db68bf19b0c3f4&
IP
162.159.129.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.0 MB (1987391 bytes)
Hash
d6ee4cc070b062c3f645bd8bdc43c02e
a80e916b464e6d93e1a0211453d1eb5239773d39
7a39395c88885512716822494a8375c3ffad954ebbfcc6baac6faf4ae676f425

Archive (23)

Filename

Md5

File type

AutoHotkey.exe

d382f16b409cce68cdf4c1c921ad5a9d

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

main.ahk

c4d790cbf7f5c2b39af5bd290054f2e9

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

requestwhitelist.ahk

bfa2a4847533882ffb4a2d3aaf654063

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

1m.bmp

6697aa549f2d00202389a735208dd98b

PNG image data, 19 x 2, 8-bit/color RGB, non-interlaced

alert.mp3

a50028403bffb7b751b5a18ccbfb71cf

Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, JntStereo

combat.bmp

5686a8fa2c8c230bd64df40d0d6390a3

PNG image data, 84 x 6, 8-bit/color RGBA, non-interlaced

fatigue.bmp

04857ae9e2d5dd928e63df70c2936b6f

PNG image data, 17 x 11, 8-bit/color RGBA, non-interlaced

a.bmp

e7afe7e674810ddb0cfa797dcd00a12d

PNG image data, 25 x 5, 8-bit/color RGBA, non-interlaced

c.bmp

353f59d04951b60534290d6a8bda3d12

PNG image data, 23 x 5, 8-bit/color RGBA, non-interlaced

e.bmp

b47622a0b156b9bec1274ed4ce49fb8d

PNG image data, 21 x 5, 8-bit/color RGBA, non-interlaced

q.bmp

c38d54bf9058fdce33f9479f989c4dac

PNG image data, 17 x 4, 8-bit/color RGBA, non-interlaced

w.bmp

2c3046db40ebc10f61bb70191efef09f

PNG image data, 24 x 5, 8-bit/color RGBA, non-interlaced

x.bmp

9bead2855d3240f4592c0d3f237cb72e

PNG image data, 18 x 4, 8-bit/color RGBA, non-interlaced

z.bmp

e748e4d5d459ddc56bd16efa971f6c45

PNG image data, 24 x 6, 8-bit/color RGBA, non-interlaced

a.bmp

5ec651b70b81fc6e5634ee4ff5ae8f74

PNG image data, 44 x 4, 8-bit/color RGBA, non-interlaced

c.bmp

a17111ee36e241688b0f0b813521cff7

PNG image data, 49 x 5, 8-bit/color RGBA, non-interlaced

e.bmp

1f7af6135420d224f47f30184e596a5f

PNG image data, 46 x 5, 8-bit/color RGBA, non-interlaced

q.bmp

37ef929ed3d0112a4f4c4040ec06c289

PNG image data, 45 x 7, 8-bit/color RGBA, non-interlaced

w.bmp

d329698d662b0819282937021a198e11

PNG image data, 42 x 3, 8-bit/color RGBA, non-interlaced

x.bmp

1f669d10e6b6c84af827be27ce5da322

PNG image data, 48 x 6, 8-bit/color RGBA, non-interlaced

z.bmp

16712ba5df1edc590186f68d8e1f5667

PNG image data, 47 x 7, 8-bit/color RGBA, non-interlaced

statcheck.bmp

3f3547c1e63f39fa9f3f2b4aca4c7543

PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced

topbar.bmp

33e0eb0ea4ad9486aae954308af7fa1a

PNG image data, 16 x 3, 8-bit/color RGBA, non-interlaced

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	cdn.discordapp.com/attachments/1313135964901605378/1334377720456548423/ryujinpaid.zip?ex=679cf858&is=679ba6d8&hm=3b62d0a84b8d8a6426198491a93a9d9b0ba8137bc54d3cbce6db68bf19b0c3f4&	162.159.129.233	200 OK	2.0 MB
URL User Request GET HTTP/2 cdn.discordapp.com/attachments/1313135964901605378/1334377720456548423/ryujinpaid.zip?ex=679cf858&is=679ba6d8&hm=3b62d0a84b8d8a6426198491a93a9d9b0ba8137bc54d3cbce6db68bf19b0c3f4& IP 162.159.129.233:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectdiscordapp.com Fingerprint0A:D4:AE:4F:06:AD:72:A7:F1:78:90:F7:BD:F9:12:3F:64:33:FD:87 ValidityWed, 15 Jan 2025 02:59:08 GMT - Tue, 15 Apr 2025 03:58:50 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 2.0 MB (1987391 bytes) Hash d6ee4cc070b062c3f645bd8bdc43c02e a80e916b464e6d93e1a0211453d1eb5239773d39 7a39395c88885512716822494a8375c3ffad954ebbfcc6baac6faf4ae676f425 HTTP Headers GET /attachments/1313135964901605378/1334377720456548423/ryujinpaid.zip?ex=679cf858&is=679ba6d8&hm=3b62d0a84b8d8a6426198491a93a9d9b0ba8137bc54d3cbce6db68bf19b0c3f4& HTTP/1.1 Host: cdn.discordapp.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Thu, 30 Jan 2025 19:24:27 GMT content-type: application/zip content-length: 1987391 cf-ray: 90a3d79cc8931c16-OSL cf-cache-status: HIT accept-ranges: bytes, bytes cache-control: public, max-age=31536000 content-disposition: attachment; filename="ryujinpaid.zip" etag: "d6ee4cc070b062c3f645bd8bdc43c02e" expires: Fri, 30 Jan 2026 19:24:27 GMT last-modified: Thu, 30 Jan 2025 04:20:40 GMT vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1738210840191868 x-goog-hash: crc32c=XYTqAA==, md5=1u5MwHCwYsP2Rb2L3EPALg== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1987391 x-guploader-uploadid: AFIdbgSWzlHm4sJS3iemB3qUmC_rL4NrXjlG-ExO88pL0dh8OpcNObp0w0dt0a6ef00pEAW-u_kdQ2c report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VL02apBpDEn0Jixa2VDzzT1YjThk1JPGP6GXMOX66eCMjfxBv2PLbwQ8hlySMs5aaKnQEfqfF7w3FBJIVHb98oxMFJkfrXyGEGsAUchQ1vGtnIZHnwNpucigLGKL772X2M3FYA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp set-cookie: __cf_bm=W1MaaShrJbYedlLx5Z_NW6nhqnMds0IlPaN9Uon2LtA-1738265067-1.0.1.1-Kr_CqufUPEq7EEfxkCeTm4mHUzrbcNXfgwRLfXesNb15dOKCatXEYJsn1uCpq.lvbAL5dbM4IXI_159zFtnouw; path=/; expires=Thu, 30-Jan-25 19:54:27 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None _cfuvid=MVApP6x1TcCdyYZpChmLtRXgue8k61uwEy_E5AIMj_s-1738265067057-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None server: cloudflare X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1313135964901605378/1334377720456548423/ryujinpaid.zip?ex=679cf858&is=679ba6d8&hm=3b62d0a84b8d8a6426198491a93a9d9b0ba8137bc54d3cbce6db68bf19b0c3f4&

162.159.129.233

200 OK

2.0 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1313135964901605378/1334377720456548423/ryujinpaid.zip?ex=679cf858&is=679ba6d8&hm=3b62d0a84b8d8a6426198491a93a9d9b0ba8137bc54d3cbce6db68bf19b0c3f4&
IP
162.159.129.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdiscordapp.com
Fingerprint0A:D4:AE:4F:06:AD:72:A7:F1:78:90:F7:BD:F9:12:3F:64:33:FD:87
ValidityWed, 15 Jan 2025 02:59:08 GMT - Tue, 15 Apr 2025 03:58:50 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.0 MB (1987391 bytes)
Hash
d6ee4cc070b062c3f645bd8bdc43c02e
a80e916b464e6d93e1a0211453d1eb5239773d39
7a39395c88885512716822494a8375c3ffad954ebbfcc6baac6faf4ae676f425

HTTP Headers

GET /attachments/1313135964901605378/1334377720456548423/ryujinpaid.zip?ex=679cf858&is=679ba6d8&hm=3b62d0a84b8d8a6426198491a93a9d9b0ba8137bc54d3cbce6db68bf19b0c3f4& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 30 Jan 2025 19:24:27 GMT
content-type: application/zip
content-length: 1987391
cf-ray: 90a3d79cc8931c16-OSL
cf-cache-status: HIT
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="ryujinpaid.zip"
etag: "d6ee4cc070b062c3f645bd8bdc43c02e"
expires: Fri, 30 Jan 2026 19:24:27 GMT
last-modified: Thu, 30 Jan 2025 04:20:40 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1738210840191868
x-goog-hash: crc32c=XYTqAA==, md5=1u5MwHCwYsP2Rb2L3EPALg==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1987391
x-guploader-uploadid: AFIdbgSWzlHm4sJS3iemB3qUmC_rL4NrXjlG-ExO88pL0dh8OpcNObp0w0dt0a6ef00pEAW-u_kdQ2c
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VL02apBpDEn0Jixa2VDzzT1YjThk1JPGP6GXMOX66eCMjfxBv2PLbwQ8hlySMs5aaKnQEfqfF7w3FBJIVHb98oxMFJkfrXyGEGsAUchQ1vGtnIZHnwNpucigLGKL772X2M3FYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=W1MaaShrJbYedlLx5Z_NW6nhqnMds0IlPaN9Uon2LtA-1738265067-1.0.1.1-Kr_CqufUPEq7EEfxkCeTm4mHUzrbcNXfgwRLfXesNb15dOKCatXEYJsn1uCpq.lvbAL5dbM4IXI_159zFtnouw; path=/; expires=Thu, 30-Jan-25 19:54:27 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=MVApP6x1TcCdyYZpChmLtRXgue8k61uwEy_E5AIMj_s-1738265067057-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (23)

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers