Report - cdn.discordapp.com/attachments/1315137611475582987/1360694659009085691/message.txt?ex=68131f67&is=6811cde7&hm=4287fbee3be50213d9001351a3cd139a3945cccd88e7394ed2461a8d228f7722&

Report Overview

Visitedpublic

2025-04-30 16:14:42

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2025-04-30	643 B	7.5 kB	162.159.130.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-04-30	medium	cdn.discordapp.com/attachments/1315137611475582987/1360694659009085691/message.txt?ex=68131f67&is=6811cde7&hm=4287fbee3be50213d9001351a3cd139a3945cccd88e7394ed2461a8d228f7722&	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
2025-04-30	medium	cdn.discordapp.com/attachments/1315137611475582987/1360694659009085691/message.txt?ex=68131f67&is=6811cde7&hm=4287fbee3be50213d9001351a3cd139a3945cccd88e7394ed2461a8d228f7722&	Generic PHP webshell which uses any eval/exec function in the same line with user input
2025-04-30	medium	cdn.discordapp.com/attachments/1315137611475582987/1360694659009085691/message.txt?ex=68131f67&is=6811cde7&hm=4287fbee3be50213d9001351a3cd139a3945cccd88e7394ed2461a8d228f7722&	Detects Generic ShellScript Downloader

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET cdn.discordapp.com/attachments/1315137611475582987/1360694659009085691/message.txt?ex=68131f67&is=6811cde7&hm=4287fbee3be50213d9001351a3cd139a3945cccd88e7394ed2461a8d228f7722&

162.159.130.233

200 OK

5.8 kB

URL User Request GET HTTPS

cdn.discordapp.com/attachments/1315137611475582987/1360694659009085691/message.txt?ex=68131f67&is=6811cde7&hm=4287fbee3be50213d9001351a3cd139a3945cccd88e7394ed2461a8d228f7722&

IP / ASN

162.159.130.233

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeUnicode text, UTF-8 text, with CRLF line terminators

First Seen2025-04-11

Last Seen2025-04-30

Times Seen2

Size5.8 kB (5788 bytes)

MD55a6f994ac13753b87f7670d2e75f512f

SHA11c62320638b183943758fae4b764017182dd5621

SHA25657a57e905be45ed649b5251333d02aa0b9f30c4279519713557b43c378319910

Certificate Info

IssuerGoogle Trust Services

Subjectdiscordapp.com

Fingerprint2F:5F:0F:47:D0:0D:C1:87:16:29:BB:8D:62:E7:94:21:38:2D:16:5F

ValiditySat, 15 Mar 2025 04:05:12 GMT - Fri, 13 Jun 2025 05:05:09 GMT

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
YARAhub by abuse.ch	malware	Detects Generic ShellScript Downloader

HTTP Headers

GET /attachments/1315137611475582987/1360694659009085691/message.txt?ex=68131f67&is=6811cde7&hm=4287fbee3be50213d9001351a3cd139a3945cccd88e7394ed2461a8d228f7722& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 30 Apr 2025 16:14:10 GMT
content-type: text/plain; charset=utf-8
cf-ray: 938854a08ab8b51d-OSL
cf-cache-status: MISS
cache-control: public, max-age=31536000
content-disposition: attachment; filename="message.txt"
etag: W/"5a6f994ac13753b87f7670d2e75f512f"
expires: Thu, 30 Apr 2026 16:14:10 GMT
last-modified: Sat, 12 Apr 2025 19:14:47 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1744485287269756
x-goog-hash: crc32c=kG3bWA==, md5=Wm+ZSsE3U7h/dnDS519RLw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5788
x-guploader-uploadid: AAO2VwrRHqKYCN6jpU3GBPzQHKFzalT380T57sAD-45lF5ML1OuKV-Evjq_9ZRZOOk4cp__xwKpYqhA
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MLDCZk5GXBKmbX8pQ4kmU4BqZnb%2BDbT47krvExEoS2c83HKJ2lf2enqFfZxR2pjG3GpJibz8HYXzm4SXSW2qjZC4bRT7n7pAlBWDvPtiLepzBiszluPFzVLS3NBPXOe5m88n4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
set-cookie: __cf_bm=2L_Lw9hx8v6S3UQy.eObRHMB6HEwoZr3utCYXzznkYA-1746029650-1.0.1.1-FRRVhl_uICpTwDQtY9MBAV3JCwd0aK93hnE4cIkgzwIHBsk5XpwtsyQ5A.waOgAIocG3KDbtCp9mysmP74SmfvPo_I4o3yXOOzYtbVZ9JEQ; path=/; expires=Wed, 30-Apr-25 16:44:10 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=KwVQCBztkfjeJgow__B7Gc5oZHe3yis.Lc36PbeVKCI-1746029650840-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2