Report - codeload.github.com/mr-r3b00t/RDP_Backdoor/zip/refs/heads/main

Report Overview

Submitted URL
codeload.github.com/mr-r3b00t/RDP_Backdoor/zip/refs/heads/main
IP
140.82.121.9
ASN
#36459 GITHUB
Submitted
2023-04-29 17:01:30
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cloud-master.ru	unknown		2019-12-22	2023-04-29	436 B	56 kB	188.114.97.1
codeload.github.com	62359		2013-04-18	2023-04-29	510 B	1.9 kB	140.82.121.9

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-29	medium	codeload.github.com/mr-r3b00t/RDP_Backdoor/zip/refs/heads/main

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/mr-r3b00t/RDP_Backdoor/zip/refs/heads/main
IP
140.82.121.9
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store\012- data
Size
1.2 kB (1246 bytes)
Hash
89b91fe080907b3ce4b5ce90e007b655
8ce5776bef9750a2002d21b47e3e6d43443a07b9
2716204c196f7c2db1bf03228c9482e380835977f40581dd2ae98b636b321b7b

Detections

Analyzer	Verdict	Alert
VirusTotal	20/64	VirusTotal -

JavaScript (8)

	URL	Size	First Seen	Last Seen
	resource://activity-stream/data/content/activity-stream.bundle.js	515 kB	2023-04-05	2023-05-06
Pretty URL resource://activity-stream/data/content/activity-stream.bundle.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-05 09:01:43 Last Seen2023-05-06 01:12:05 Times Seen129 Hash 98fb1d2cafc4c7b72bc3fb9eb16de356 a1ebbf5dc5bd0a95c87a1d724027c0467e471f1e 2a2aabbc8f26fd8ff52ed2556b94befb0d4f22f08295acc47fe2d88b37e0f17f Loading...

	resource://activity-stream/vendor/react-redux.js	16 kB	2023-03-11	2024-04-12
Pretty URL resource://activity-stream/vendor/react-redux.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-03-11 09:59:05 Last Seen2024-04-12 22:34:59 Times Seen244 Hash fa30c6c303c5db2384ff8c89592d2277 70e8aff282cfaf8372ba879cd4d31ccde959d383 76f0dddea6123242a7f1b07cfd17a54703227cb103b7ccde5439c0935fda63b3 Loading...

	resource://activity-stream/vendor/react-dom.js	119 kB	2023-03-07	2024-04-23
Pretty URL resource://activity-stream/vendor/react-dom.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-03-07 12:21:57 Last Seen2024-04-23 14:08:21 Times Seen629 Hash dcf51763fb4a654e15a4e6e7754ca5d2 bf19ec32af23fb8f2c0c75549a3996b725f80d35 bc5b7797e8a595e365c1385b0d47683d3a85f3533c58d499659b771c48ec6d25 Loading...

	resource://activity-stream/vendor/react-transition-group.js	18 kB	2023-03-10	2023-05-05
Pretty URL resource://activity-stream/vendor/react-transition-group.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-03-10 01:47:02 Last Seen2023-05-05 20:54:56 Times Seen68 Hash 1ad087f79d93056f6e61e80b42a97f9a bc9bbc98903036e387d76d7c29a7b9bf4b799bc4 e8d770347c329fc909f500b98c69cb32ec3ef2d7213b23df7ebfdd3a66c7c879 Loading...

	about:home?jscache	80 kB	2023-04-29	2023-04-29
Pretty URL about:home?jscache IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-29 19:01:31 Last Seen2023-04-29 19:01:31 Times Seen1 Hash b026113bb34fe47b3e26eddcbd415613 52c915335423f1763a5945e87b0b7e80c75e9b25 cfaf26ed5eb42db14f584b1494353689534de90d4737c5cfdc9e93e99ae7900d Loading...

	resource://activity-stream/vendor/react.js	12 kB	2023-03-07	2024-04-25
Pretty URL resource://activity-stream/vendor/react.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-03-07 12:07:35 Last Seen2024-04-25 09:08:20 Times Seen1178 Hash edf56a42bca6b565bf7dfcbd8ffc221a 31cb4cea0064ed80c1b0c5f5d58e1956a7e2293f c9486f126615859fc61ac84840a02b2efc920d287a71d99d708c74b2947750fe Loading...

	resource://activity-stream/vendor/redux.js	31 kB	2023-04-05	2023-05-05
Pretty URL resource://activity-stream/vendor/redux.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-05 09:01:43 Last Seen2023-05-05 20:54:56 Times Seen103 Hash 31733d156e6ecea997777a52c969ff62 1ca3dd9d301203cd277a5a28c2f3f693f1b516c3 67df5299a459bc214fa4ca5effb3ebdcbf9074607c25116356493e02fa4012f4 Loading...

	resource://activity-stream/data/content/newtab-render.js	424 B	2023-04-12	2023-05-05
Pretty URL resource://activity-stream/data/content/newtab-render.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-12 07:14:53 Last Seen2023-05-05 20:54:56 Times Seen116 Hash c14133fffff201b4a1e74ff4086a7290 21c0511c662d89193eefdd883719f16646b50a4b 733eeabce980690a5899ebea87f7f91087f25fdc69e1d5306099246eb1942578 Loading...

HTTP Transactions (2)

URL IP Response Size

cloud-master.ru/fnaf/dop/fnaf-world.exe

188.114.97.1

55 kB

URL
cloud-master.ru/fnaf/dop/fnaf-world.exe
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
55 kB (55371 bytes)
Hash
324a166f1c47126358db23f76eeacd6e
ac9fcf66de305b3a31be7b4b38e1fb6f2b2f09ad
1df50348f843d05b21dd7ab51e2e7c631de3af3c2689792df7e0a3d6374989c6

HTTP Headers

GET /fnaf/dop/fnaf-world.exe HTTP/1.1
Host: cloud-master.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Range: bytes=346095616-
If-Match: "630288a1-14a1d84b"
If-Unmodified-Since: Sun, 21 Aug 2022 19:33:53 GMT

HTTP/2 206 Partial Content
date: Sat, 29 Apr 2023 17:01:14 GMT
content-type: application/octet-stream
content-length: 55371
last-modified: Sun, 21 Aug 2022 19:33:53 GMT
etag: "630288a1-14a1d84b"
cf-cache-status: HIT
age: 27
content-range: bytes 346095616-346150986/346150987
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sr%2B5kXa%2BhGe%2FF%2Fg4aTmnKzwmVmyseqhFb8PzaphfRAFMPBsYoYwe5%2FMJ6LeQrgCLoWWha5jcV3b2UYNUcXbOsaE9njKXECsXx7OmpbH9e0Y2Ww6QkEYAb1SPNpJtnqeTnF4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7bf91b17fb2ab512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

codeload.github.com/mr-r3b00t/RDP_Backdoor/zip/refs/heads/main

140.82.121.9

1.2 kB

URL
codeload.github.com/mr-r3b00t/RDP_Backdoor/zip/refs/heads/main
IP
140.82.121.9:0
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store\012- data
Size
1.2 kB (1246 bytes)
Hash
89b91fe080907b3ce4b5ce90e007b655
8ce5776bef9750a2002d21b47e3e6d43443a07b9
2716204c196f7c2db1bf03228c9482e380835977f40581dd2ae98b636b321b7b

Detections

Analyzer	Verdict	Alert
fortinet	Malware
VirusTotal	20/64	VirusTotal -

HTTP Headers

GET /mr-r3b00t/RDP_Backdoor/zip/refs/heads/main HTTP/1.1
Host: codeload.github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=RDP_Backdoor-main.zip
content-length: 1246
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"26741d704e7b4da63d34487b817ea23c86a5ffc0279be8988cc200fcb932bc77"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
date: Sat, 29 Apr 2023 17:01:15 GMT
x-github-request-id: 8F50:E556:1050B7:167AB4:644D4D5B
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by