Report - cdn.discordapp.com/attachments/1216390343159975986/1216390511552630934/Nenyooo_1.0.3028.0.9.zip?ex=6612abf1&is=660036f1&hm=a978b89347d81abce1d5a0a2fab8f597222d14f6dd65e551904fd033fa54449c&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1216390343159975986/1216390511552630934/Nenyooo_1.0.3028.0.9.zip?ex=6612abf1&is=660036f1&hm=a978b89347d81abce1d5a0a2fab8f597222d14f6dd65e551904fd033fa54449c&
IP
162.159.129.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-03-28 22:26:30
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-03-27	642 B	20 MB	162.159.133.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1216390343159975986/1216390511552630934/Nenyooo_1.0.3028.0.9.zip?ex=6612abf1&is=660036f1&hm=a978b89347d81abce1d5a0a2fab8f597222d14f6dd65e551904fd033fa54449c&
IP
162.159.133.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
20 MB (19573926 bytes)
Hash
749a8b11060b5a3d15077766dddc7734
edf32c65c67d12ecdd2563207edbb9be02869372
d5223bc2ccbe23eb2a4581904a96e486f9a27caab921fa27c3eb40db7f7cfd6a

Archive (25)

Filename

Md5

File type

Barbie Barb.xml

bf5b3c75607a0218010a97798edb8714

XML 1.0 document, ASCII text

Barbie.xml

2535c36ddcc5c9e9af802eb9b251149e

XML 1.0 document, ASCII text

Aerial_Islands.xml

0bf237e9d12c53f63296a553048cbf07

XML document, Unicode text, UTF-8 text

Upside_Down_World.xml

9f80b6869101d36970385c105f7b972b

XML document, Unicode text, UTF-8 text

Objects.ini

f4ac4d70037fabe7e473003a7c22566c

ASCII text, with CRLF line terminators

All_Vehicle.ini

ccab2a5c67f52f2762cf9f38045aa185

ASCII text, with CRLF line terminators

Birthday sex by Spine.xml

c31127bfa63271908f8d66cfa5fc4aec

XML 1.0 document, ASCII text

Carrier Invader (by Spine).xml

c437a38feb58e083fc301269032eb257

XML 1.0 document, ASCII text

Rolling Destruction by Spine - Copy.xml

e46cb78d2ceb9ce75610860a67830948

XML 1.0 document, ASCII text

Spinethetic-FuckT2Blimp.xml

a74a5924410a74dee16144003cfe8c97

XML 1.0 document, ASCII text

Spinethetic-HamburgersRevenge.xml

2c47a42e9f72d0fb34dd900c7262a9ce

XML 1.0 document, ASCII text

Spinethetic-XmasSleighBoat.xml

3253820c216399f27c99d87edb7f570e

XML 1.0 document, ASCII text

Spinethetic-ZombieSabreGT.xml

338b29f194b2c45f867bbb15ad5f8ade

XML 1.0 document, ASCII text

Xmas.wav

1e2bd472c41ff2590c9346826285162f

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz

lsc.dat

8902e16ef8202a932b041143bd7961ee

XML 1.0 document, ASCII text

lsc_wheels.dat

381a189fe93afe1b7f89fe92d1257c61

XML 1.0 document, ASCII text

Chalet London.ttf

e671580dac468cbc7e4ae3b5a5720842

TrueType Font data, 15 tables, 1st "FFTM", 34 names, Macintosh

Default.ttf

d5c46b134c17b2138dcd1bb0efa67049

TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 27 names, Macintosh, Font data copyright Google 2011RobotoLightGoogle:Roboto:2011Roboto LightVersion 1.00000; 2011Rob

Chalet London.ttf

e671580dac468cbc7e4ae3b5a5720842

TrueType Font data, 15 tables, 1st "FFTM", 34 names, Macintosh

Default.ttf

5341b1c8be577e3fbc38eb58e73790c4

OpenType font data

Header.gif

319241870a5cd9b3702681f240a3ad50

GIF image data, version 89a, 1076 x 138

Header.png

eb660860ee1df1ac92436f1b725e3464

PNG image data, 1076 x 138, 8-bit/color RGBA, non-interlaced

Options.png

14c92499f5ea9367e62a5aff0503bf5e

PNG image data, 512 x 48, 8-bit/color RGBA, non-interlaced

Right Arrow.png

adea6e471b7fe9ab0e243a8b031bd486

PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced

Nenyooo v1.0.3028.0.9.exe

4d0f5f7943aac3e76b313d726aa78ddc

PE32+ executable (GUI) x86-64, for MS Windows, 12 sections

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 31/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1216390343159975986/1216390511552630934/Nenyooo_1.0.3028.0.9.zip?ex=6612abf1&is=660036f1&hm=a978b89347d81abce1d5a0a2fab8f597222d14f6dd65e551904fd033fa54449c&

162.159.133.233

200 OK

20 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1216390343159975986/1216390511552630934/Nenyooo_1.0.3028.0.9.zip?ex=6612abf1&is=660036f1&hm=a978b89347d81abce1d5a0a2fab8f597222d14f6dd65e551904fd033fa54449c&
IP
162.159.133.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
20 MB (19573926 bytes)
Hash
749a8b11060b5a3d15077766dddc7734
edf32c65c67d12ecdd2563207edbb9be02869372
d5223bc2ccbe23eb2a4581904a96e486f9a27caab921fa27c3eb40db7f7cfd6a

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 31/63

HTTP Headers

GET /attachments/1216390343159975986/1216390511552630934/Nenyooo_1.0.3028.0.9.zip?ex=6612abf1&is=660036f1&hm=a978b89347d81abce1d5a0a2fab8f597222d14f6dd65e551904fd033fa54449c& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Mar 2024 22:26:01 GMT
content-type: application/zip
content-length: 19573926
cf-ray: 86bb0a1529ee56ca-OSL
cf-cache-status: HIT
accept-ranges: bytes, bytes
age: 99362
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Nenyooo_1.0.3028.0.9.zip"
etag: "749a8b11060b5a3d15077766dddc7734"
expires: Fri, 28 Mar 2025 22:26:01 GMT
last-modified: Sun, 10 Mar 2024 14:21:37 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1710080497458307
x-goog-hash: crc32c=xKjLwA==, md5=dJqLEQYLWj0VB3dm3dx3NA==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 19573926
x-guploader-uploadid: ABPtcPrr42XooLSJRvGIfV23HWw9X04yvvFM4qdouwYbw_pjc2CCGRBwHwMZNPJxNsqqhiM4PPM
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cWfRyi%2FuxCAKJAOvgvwo1UuHPW%2BpIWk%2BzanMuV64rl%2FRk%2FRJpaCPK5hgfy8JjEJQUYG1ypjsgNI6wwYtkprrhVIxMo6eLwe2ZR2DOWJWDqnmz9f8w%2Ft7d65279Onq8s%2BuKYTgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=KJYksZwEnKH.C2bN1.68.6b.PoyQDBbuhx51avYXDTY-1711664761-1.0.1.1-Z0E6dZbR_bWmQUcSMcULrcYHFDqPN5y2oqtimZ4DBGptM5_xzx6JBYYvWzs0Bnd75tYBAUUiDapnSP4MDBnlzA; path=/; expires=Thu, 28-Mar-24 22:56:01 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=nACy1N05g84za_Nsb0jKcSYt2o8qnK91QMAqjMMGv.k-1711664761176-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (25)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers