Report - cdn.discordapp.com/attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f&
IP
162.159.134.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 19:44:20
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-05-06	634 B	1.5 MB	162.159.134.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	cdn.discordapp.com/attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f&	Detects typical stealer output files as created by RedLine or Racoon stealer

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f&
IP
162.159.134.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.5 MB (1498944 bytes)
Hash
940fcff22d28b6643a5a0a9f6a46cbf3
59ea53d24e63e7071284ab7fbb1374957cf398a5
2d5fc025bc6d8143c168a5caa704e666ae439fd93b911d6a3151c2dcf8cf0783

Archive (37)

Modified	Filename	Size	Md5	File type
2024-05-03 09:26	AutoFill.txt	39 kB	a93b72b11f24c82ae329c8f7f25f7865	Unicode text, UTF-8 text, with very long lines (415)
2024-05-03 09:26	Bookmarks.txt	0 B	d41d8cd98f00b204e9800998ecf8427e
2024-05-03 09:26	Cards.txt	0 B	d41d8cd98f00b204e9800998ecf8427e
2024-05-03 09:26	Chrome [ Profile 1 ] - Cookies.txt	48 kB	a174e94a8e952ea437205dd60ad904c2	ASCII text, with very long lines (1260)
2024-05-03 09:26	Downloads.txt	64 kB	e1ba6f8d45c7e3d405100c93a20e80c3	Unicode text, UTF-8 text, with very long lines (624)
2024-05-03 09:26	Edge [ Default ] - Cookies.txt	41 kB	1579ff925c260a195144ef479909ec4a	ASCII text, with very long lines (2123)
2024-05-03 09:26	History.txt	3.8 MB	ff6919c6af077641d4e94f95aa5aedce	Unicode text, UTF-8 text, with very long lines (4807)
2024-05-03 09:26	OperaGX - Cookies.txt	11 kB	c04568dccf6407242244621e37114098	ASCII text, with very long lines (306)
2024-05-03 09:26	Passwords.txt	5.4 kB	671cd52c7f9af1cb80089b011e26d7e9	ASCII text
2024-05-03 09:26	Error.nova	146 B	cc555a9d5946d64abe1796708ec58e8a	ASCII text
2024-05-03 09:26	Discord.txt	42 B	68a54ff1f558ea062fd48c5245b5fc97	ASCII text
2024-05-03 09:26	A92C185E46C2E032s	411 kB	db63729110c63e53c0747bfc11e9b4e4	data
2024-05-03 09:26	B65A9AB86B98F7E2s	140 B	23abc32c332b1ef71fb4125dad4189de	data
2024-05-03 09:26	countries	21 kB	58a39a056c292133c8fba33ed211d8ec	data
2024-05-03 09:26	4E97EA7FF0ACD7D9s	92 B	a4a76625bb98844cef0017204b8e5079	data
2024-05-03 09:26	8D87DF8823A3FA4Fs	2.3 kB	374d946e731ea23530dfab2b50560755	data
2024-05-03 09:26	configs	988 B	19b0badeb32438f88ffe3034cd7cead9	data
2024-05-03 09:26	maps	212 B	6ba510fba8f7a42df6ad39438f209018	data
2024-05-03 09:26	D877F783D5D3EF8Cs	1.1 kB	92d9cdd4360dbe4e785d0ab1318fb9c2	data
2024-05-03 09:26	key_datas	388 B	04f3dcaceb83c07c0d86d19fc57271ed	data
2024-05-03 09:26	settingss	2.1 kB	0df3ab71538de480b886ce63702db0ff	data
2024-05-03 09:26	usertag	8 B	829d4d40a5e139708b8c130bf6e37d0a	ISO-8859 text, with no line terminators
2024-05-03 09:26	Antivirus.txt	418 B	85ee90dad9313983913add2488f35345	ASCII text, with CRLF, LF line terminators
2024-05-03 09:26	Clipboard.txt	54 B	f628508f1c7d2cb13aa6cf621b842c2c	ASCII text, with CRLF, LF line terminators
2024-05-03 09:26	DESKTOP-PGCH7CF - 2024-05-03_112615.png	49 kB	00ef2b43a3c6c9c709686b2c79494a90	PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
2024-05-03 09:26	System Info.txt	6.8 kB	60cf0216059aae92c19ad797be5ba24f	Unicode text, UTF-8 text
2024-05-03 09:26	WifiPasswords.txt	40 B	f7169752a61be3690a34babb936c7594	ASCII text
2024-05-03 09:26	exodus.conf.json	2.1 kB	bc9879060bb126849bafff8fb2b67c7f	JSON text data
2024-05-03 09:26	seed.seco	33 kB	02608b43634954525a66e829854f7b9f	data
2024-05-03 09:26	storage.seco	4.7 kB	a447f493f695a7546c663696162e16f7	data
2024-05-03 09:26	unsafe-storage.json	50 B	87b591b30cc0a500ef0608fbfb52df70	JSON text data
2024-05-03 09:26	window-state.json	141 B	a52bb4a1198557a1cf610e79380cb9e3	JSON text data
2024-05-03 09:26	000003.log	0 B	d41d8cd98f00b204e9800998ecf8427e
2024-05-03 09:26	CURRENT	16 B	46295cac801e5d4857d09837238a6394	ASCII text
2024-05-03 09:26	LOCK	0 B	d41d8cd98f00b204e9800998ecf8427e
2024-05-03 09:26	LOG	361 B	690c4cbb45bbb6d2f6c89c34086fcd8d	ASCII text
2024-05-03 09:26	MANIFEST-000001	41 B	5af87dfd673ba2115e2fcf5cfdb727ab	OpenPGP Secret Key

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects typical stealer output files as created by RedLine or Racoon stealer
VirusTotal	suspicious	VirusTotal - Scan result 2/64

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f&

162.159.134.233

200 OK

1.5 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f&
IP
162.159.134.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.5 MB (1498944 bytes)
Hash
940fcff22d28b6643a5a0a9f6a46cbf3
59ea53d24e63e7071284ab7fbb1374957cf398a5
2d5fc025bc6d8143c168a5caa704e666ae439fd93b911d6a3151c2dcf8cf0783

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects typical stealer output files as created by RedLine or Racoon stealer
VirusTotal	suspicious	VirusTotal - Scan result 2/64

HTTP Headers

GET /attachments/1235311662496616548/1237489832666861578/RS_NOVA_kinz.zip?ex=663bd5b7&is=663a8437&hm=5ffe9be4a86a485ab8952bbd8caf5ef18331056217bdbf46e881be4d2b809e8f& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 19:43:53 GMT
content-type: application/zip
content-length: 1498944
cf-ray: 8803b3963fdab4fa-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="RS_NOVA_kinz.zip"
etag: "940fcff22d28b6643a5a0a9f6a46cbf3"
expires: Wed, 07 May 2025 19:43:53 GMT
last-modified: Tue, 07 May 2024 19:42:47 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1715110967615718
x-goog-hash: crc32c=1ADuKQ==, md5=lA/P8i0otmQ6WgqfakbL8w==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1498944
x-guploader-uploadid: ABPtcPqvsTyH9tfjZ4Bg6qODf7aavZQu2JaQ18a1gN5jTxJdFRuw_Rm60EKHwPAmoDX4g72RgY8
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2gt%2B6RDz4rUJnTccpbMWNP0HG1Sit9rtPVeP04hotkS4wtlSqsUupDwpdnp%2FIuZj9jm9FWOMgMMyJAECvkGSP0Z06xozMS7UWk7e5wSs1j9woM38bKL%2FDhtZA2tI7W7f6OQN%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=YMj7bqJeG0HUhGEh_zTVcRwXqBvcMFOC.gw5eaHtBV0-1715111033-1.0.1.1-RDj5yT3RKvar4BR_V4.eCGJo6QntC5S.Hybe.A2X7_NwR3XE1OwsaniVhYfQm_9QngJbClWi5eVvIir8lcpApA; path=/; expires=Tue, 07-May-24 20:13:53 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=QXA7G6Bd2wcdRogWfO2OMOUVK3xGQPsucKpYGBR_sKo-1715111033876-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (37)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers