Report Overview
Submitted URL
cdn.discordapp.com/attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f&
IP
162.159.134.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 19:44:20
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
cdn.discordapp.com | 2474 | 2015-02-26 | 2015-08-24 | 2024-05-06 | 634 B | 1.5 MB | 162.159.134.233 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
Scan Date | Severity | Indicator | Alert |
---|---|---|---|
2024-05-07 | medium | cdn.discordapp.com/attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f& | Detects typical stealer output files as created by RedLine or Racoon stealer |
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
cdn.discordapp.com/attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f&
IP
162.159.134.233
ASN
#13335 CLOUDFLARENET
File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.5 MB (1498944 bytes)
Hash
940fcff22d28b6643a5a0a9f6a46cbf3
59ea53d24e63e7071284ab7fbb1374957cf398a5
Archive (37)
Filename | Md5 | File type |
---|---|---|
AutoFill.txt | a93b72b11f24c82ae329c8f7f25f7865 | Unicode text, UTF-8 text, with very long lines (415) |
Bookmarks.txt | d41d8cd98f00b204e9800998ecf8427e | |
Cards.txt | d41d8cd98f00b204e9800998ecf8427e | |
Chrome [ Profile 1 ] - Cookies.txt | a174e94a8e952ea437205dd60ad904c2 | ASCII text, with very long lines (1260) |
Downloads.txt | e1ba6f8d45c7e3d405100c93a20e80c3 | Unicode text, UTF-8 text, with very long lines (624) |
Edge [ Default ] - Cookies.txt | 1579ff925c260a195144ef479909ec4a | ASCII text, with very long lines (2123) |
History.txt | ff6919c6af077641d4e94f95aa5aedce | Unicode text, UTF-8 text, with very long lines (4807) |
OperaGX - Cookies.txt | c04568dccf6407242244621e37114098 | ASCII text, with very long lines (306) |
Passwords.txt | 671cd52c7f9af1cb80089b011e26d7e9 | ASCII text |
Error.nova | cc555a9d5946d64abe1796708ec58e8a | ASCII text |
Discord.txt | 68a54ff1f558ea062fd48c5245b5fc97 | ASCII text |
A92C185E46C2E032s | db63729110c63e53c0747bfc11e9b4e4 | data |
B65A9AB86B98F7E2s | 23abc32c332b1ef71fb4125dad4189de | data |
countries | 58a39a056c292133c8fba33ed211d8ec | data |
4E97EA7FF0ACD7D9s | a4a76625bb98844cef0017204b8e5079 | data |
8D87DF8823A3FA4Fs | 374d946e731ea23530dfab2b50560755 | data |
configs | 19b0badeb32438f88ffe3034cd7cead9 | data |
maps | 6ba510fba8f7a42df6ad39438f209018 | data |
D877F783D5D3EF8Cs | 92d9cdd4360dbe4e785d0ab1318fb9c2 | data |
key_datas | 04f3dcaceb83c07c0d86d19fc57271ed | data |
settingss | 0df3ab71538de480b886ce63702db0ff | data |
usertag | 829d4d40a5e139708b8c130bf6e37d0a | ISO-8859 text, with no line terminators |
Antivirus.txt | 85ee90dad9313983913add2488f35345 | ASCII text, with CRLF, LF line terminators |
Clipboard.txt | f628508f1c7d2cb13aa6cf621b842c2c | ASCII text, with CRLF, LF line terminators |
DESKTOP-PGCH7CF - 2024-05-03_112615.png | 00ef2b43a3c6c9c709686b2c79494a90 | PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced |
System Info.txt | 60cf0216059aae92c19ad797be5ba24f | Unicode text, UTF-8 text |
WifiPasswords.txt | f7169752a61be3690a34babb936c7594 | ASCII text |
exodus.conf.json | bc9879060bb126849bafff8fb2b67c7f | JSON text data |
seed.seco | 02608b43634954525a66e829854f7b9f | data |
storage.seco | a447f493f695a7546c663696162e16f7 | data |
unsafe-storage.json | 87b591b30cc0a500ef0608fbfb52df70 | JSON text data |
window-state.json | a52bb4a1198557a1cf610e79380cb9e3 | JSON text data |
000003.log | d41d8cd98f00b204e9800998ecf8427e | |
CURRENT | 46295cac801e5d4857d09837238a6394 | ASCII text |
LOCK | d41d8cd98f00b204e9800998ecf8427e | |
LOG | 690c4cbb45bbb6d2f6c89c34086fcd8d | ASCII text |
MANIFEST-000001 | 5af87dfd673ba2115e2fcf5cfdb727ab | OpenPGP Secret Key |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public Nextron YARA rules | malware | Detects typical stealer output files as created by RedLine or Racoon stealer |
VirusTotal | suspicious |
JavaScript (0)
HTTP Transactions (1)
URL | IP | Response | Size | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
cdn.discordapp.com/attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f& | 162.159.134.233 | 200 OK | 1.5 MB | ||||||||||
Detections
HTTP Headers
| |||||||||||||