| cdn.discordapp.com/attachments/739601053565190166/839600940021317632/ItroublveTSC.exe |  162.159.129.233 | 200 OK | 4.1 MB |
URL User Request GET HTTP/2cdn.discordapp.com/attachments/739601053565190166/839600940021317632/ItroublveTSC.exe IP162.159.129.233:443
CertificateIssuerCloudflare, Inc. Subjectdiscordapp.com Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39 ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT
File typePE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
- data Size4.1 MB (4061184 bytes) Hash53f43b1e9d99d6a356a332d9073b4736 71e6c5a216a66b2b523b1b022d44c10b276c6195 584bf67e7c8e93629e175733fe42907e60916047e68f1b4973d4cbf3dd2c22d6
| Analyzer | Verdict | Alert |
|---|
| VirusTotal | malicious | |
GET /attachments/739601053565190166/839600940021317632/ItroublveTSC.exe HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 10 Dec 2023 09:43:28 GMT
content-type: application/x-msdos-program
content-length: 4061184
cf-ray: 83348b328faa1c02-OSL
cf-cache-status: HIT
accept-ranges: bytes, bytes
age: 11966
cache-control: public, max-age=31536000
content-disposition: attachment;%20filename=ItroublveTSC.exe
etag: "53f43b1e9d99d6a356a332d9073b4736"
expires: Mon, 09 Dec 2024 09:43:28 GMT
last-modified: Wed, 05 May 2021 20:34:23 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1620246863225308
x-goog-hash: crc32c=5VkOLA==, md5=U/Q7Hp2Z1qNWozLZBztHNg==
x-goog-metageneration: 3
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 4061184
x-guploader-uploadid: ABPtcPoxcd3MuthqeSyQnpwvCks1MLuFzFOmrGji8Tr3OsTDqHkN3-JbuCVD2oMkxgsPM0AGa-Y
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2FJJQuySlDROa1MaOGJR5ZA3o8V8ggpQ5E7WKgSBAo%2FjLrZ2q9YBQD61YC5ruWTGOGkQ1HCbk2jEWRXIFPRgNLjnvXfWH0%2BJ%2Bi0QcmnH3eTYIU1sOP3yQtzhdxiUy21iiebb7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=6ZKL3IeXqO_Ro.TrAWqWTMHUVu3yNyqI9d2k16LyP3k-1702201408-1-AdtUI8snrUgWMFrL4acY0iHPMfpei5PrJDtpMWEtHoAGxuV7DzOdoRAJc/yYUFlv0wrMVKArImogKxmF0pi6qQ8=; path=/; expires=Sun, 10-Dec-23 10:13:28 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=RGNKlIGU8A5FsA3WYF9FAw4pq_ogk35nBd4BKXEv2mw-1702201408440-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml |  35.244.181.201 | | 5.8 kB |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0
File typegzip compressed data, max speed, from Unix
- data Hash26f74a51f3a41ab81bb1600c4dff77f8 94f623e1202d4fe4243e01b574201944e21ac815 68c20496e6e0670329c0a07f07d26fa6c870903c3c5f0f5082d8f6a09373be62
GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 10 Dec 2023 09:43:47 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=90
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-01-19-16-42-22.chain; p384ecdsa=foyytqRlykPbpNY7y4c93q1cgz0jnK7zg85xDFNc-PF1czwo5mOYP0EQMBRzB_eljuz9EavB1jvjR_j1uX0x9EvEy-OzbREq6GAjgzxTbLba0Ybvfwckhe0vglP6hXG2
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
| ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip |  62.115.252.113 | | 512 kB |
URL ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip IP62.115.252.113:0 ASN#1299 Telia Company AB
File typeZip archive data, at least v2.0 to extract, compression method=deflate
- data Size512 kB (511815 bytes) Hash152eda253e242e18443ef3282495bc7c ff0fa85565f21ec4931baad4573b4c0bd08c4019 8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48
GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Last-Modified: Thu, 16 Nov 2023 07:38:15 GMT
ETag: 152eda253e242e18443ef3282495bc7c
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1700120294.87662
Content-Type: application/zip
X-Trans-Id: tx15b69f172b404fa58b2bb-006555fb11dfw1
Cache-Control: public, max-age=177402
Expires: Tue, 12 Dec 2023 11:00:30 GMT
Date: Sun, 10 Dec 2023 09:43:48 GMT
Connection: keep-alive
|