Report - gh.xrgzs.top/https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1

Report Overview

Visitedpublic

2025-07-10 14:31:57

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ghproxy.cfd	unknown	2025-02-07	2025-02-10	2025-07-06	1.5 kB	1.6 MB	172.67.159.58
gh.xrgzs.top	unknown	2022-02-07	2024-09-10	2025-07-10	558 B	780 kB	172.66.47.245
ghproxy.cn	unknown	2024-05-25	2023-03-24	2025-07-10	556 B	780 kB	172.67.147.92

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-07-10	medium	ghproxy.cfd/https://github.com/ChrisTitusTech/winutil/releases/download/25.06.27/winutil.ps1	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (4)

URL IP Response Size

GET ghproxy.cfd/https://github.com/ChrisTitusTech/winutil/releases/download/25.06.27/winutil.ps1

172.67.159.58

200 OK

780 kB

URL User Request GET HTTPS

ghproxy.cfd/https://github.com/ChrisTitusTech/winutil/releases/download/25.06.27/winutil.ps1

IP / ASN

172.67.159.58

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeASCII text, with CRLF line terminators

First Seen2025-07-10

Last Seen2025-07-27

Times Seen8

Size780 kB (779618 bytes)

MD52cc9abf6f7da296711d46efca338723c

SHA15161d38fe826db3db6822ef565f7097de35d93de

SHA25639b48afe6fb5b9560847272a1ac7e5c8eae238b0b2197e829407090186ff1b7a

Certificate Info

IssuerGoogle Trust Services

Subjectghproxy.cfd

FingerprintA2:4D:78:5A:C5:21:07:A0:0A:9A:E3:C1:6C:5D:1A:AA:4B:0E:CD:CE

ValiditySat, 07 Jun 2025 13:05:25 GMT - Fri, 05 Sep 2025 14:05:23 GMT

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

HTTP Headers

GET /https://github.com/ChrisTitusTech/winutil/releases/download/25.06.27/winutil.ps1 HTTP/1.1
Host: ghproxy.cfd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _gh_sess=Vt5%2B2mmMwx51hQTTUgzEbbumda7AWdfSlizqH5uaYC%2FbUQRZlDtYEeVHqEX%2Fic%2FvnF7fL3NfaF%2BdBAckV6mr7m%2F229O7wtI%2B1vjKsaueraw7Mzi2BY0f16k5zzi%2Bgp0tehS%2BMTCnb918jRXCokpGnOsV0SH%2FMnVmruO3NjVKhtgVR5PeACVfAD9zvh1cWFNJrYxVrl7ZyrsC3P1u%2FU2qSeWC9AHX2MYJ6ePYQrQB00BHvpurqbs8TwHKJ0SO0BPUBZX6hepPpYpwtdMBcN3R3w%3D%3D--aZtXZDFP4uwJw6wF--3BuKEyGkyDmUKHHX%2B%2Fdekw%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 10 Jul 2025 14:31:21 GMT
content-type: application/octet-stream
content-length: 779618
server: cloudflare
cf-ray: 95d0c3a62b2f56aa-OSL
cf-cache-status: DYNAMIC
accept-ranges: bytes
access-control-allow-origin: *
age: 3791
content-disposition: attachment; filename=winutil.ps1
etag: "0x8DDB59573649400"
last-modified: Fri, 27 Jun 2025 16:12:44 GMT
via: 1.1 varnish, 1.1 varnish
access-control-expose-headers: *
fastly-restarts: 1
x-cache: HIT, HIT
x-cache-hits: 68, 2
x-ms-blob-content-md5: LMmr9vfaKWcR1G78ozhyPA==
x-ms-blob-type: BlockBlob
x-ms-creation-time: Fri, 27 Jun 2025 16:12:44 GMT
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: fbb0635a-501e-0037-657e-e733f9000000
x-ms-server-encrypted: true
x-ms-version: 2025-05-05
x-served-by: cache-iad-kjyo7100100-IAD, cache-bma-essb1270049-BMA
x-timer: S1752157882.555598,VS0,VE0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V5Gzj%2FGPcgXVY7mN4%2FU8HZiwyJJ6ynh0tkdwWtOfEnVDCNHgiuiuZi0LLM6edFRrWA%2BFxPUkMGNV8fMg30bB7MPaDuW9QBBcH3FaHTCos6vak3C1W7OUCRZQt9M9JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4229&min_rtt=495&rtt_var=7419&sent=12&recv=15&lost=0&retrans=0&sent_bytes=4772&recv_bytes=1719&delivery_rate=6808777&cwnd=257&unsent_bytes=0&cid=f31a87e1fcec91d2&ts=1005&x=0"
X-Firefox-Spdy: h2

GET gh.xrgzs.top/https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1

172.66.47.245

301 Moved Permanently

780 kB

URL User Request GET HTTPS

gh.xrgzs.top/https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1

IP / ASN

172.66.47.245

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5691156

Size780 kB (779618 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectgh.xrgzs.top

FingerprintDF:57:85:58:11:88:56:28:C1:13:2E:66:1F:4F:18:CD:0C:DF:4B:38

ValidityWed, 21 May 2025 18:57:53 GMT - Tue, 19 Aug 2025 19:57:46 GMT

HTTP Headers

GET /https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1 HTTP/1.1
Host: gh.xrgzs.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 10 Jul 2025 14:31:20 GMT
location: https://ghproxy.cn/https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HofiXz5SY9QECwxHLOVq%2B0aLCNO%2By9iY0eN46CjSSY3Oj6tTuKhaOvrHacq%2BEkbJp6jfsIStypORQ0B5AMJQxqmzTnrBPDz0ulE%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 95d0c3a33a9c56a9-OSL
X-Firefox-Spdy: h2

GET ghproxy.cn/https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1

172.67.147.92

302 Found

780 kB

URL User Request GET HTTPS

ghproxy.cn/https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1

IP / ASN

172.67.147.92

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5691156

Size780 kB (779618 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectghproxy.cn

FingerprintA9:F3:A4:F5:DC:54:92:76:7D:62:79:C6:DE:B1:1A:61:E5:FF:3C:FB

ValiditySat, 21 Jun 2025 16:17:33 GMT - Fri, 19 Sep 2025 17:17:18 GMT

HTTP Headers

GET /https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1 HTTP/1.1
Host: ghproxy.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 10 Jul 2025 14:31:20 GMT
location: https://ghproxy.cfd/https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uVzjHOfI%2Fkqy8OGxVhyJg%2FVs2HljwODikmEtnBM7WTPNmK1X9eutPF5HRPQh145mt4wE1lK7oT3Xo23otChGzPEiYa5A6xK3"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 95d0c3a39d83b4fd-OSL
X-Firefox-Spdy: h2

GET ghproxy.cfd/https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1

172.67.159.58

302 Found

780 kB

URL User Request GET HTTPS

ghproxy.cfd/https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1

IP / ASN

172.67.159.58

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-06

Times Seen5691156

Size780 kB (779618 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectghproxy.cfd

FingerprintA2:4D:78:5A:C5:21:07:A0:0A:9A:E3:C1:6C:5D:1A:AA:4B:0E:CD:CE

ValiditySat, 07 Jun 2025 13:05:25 GMT - Fri, 05 Sep 2025 14:05:23 GMT

HTTP Headers

GET /https:/github.com/ChrisTitusTech/winutil/releases/latest/download/winutil.ps1 HTTP/1.1
Host: ghproxy.cfd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 10 Jul 2025 14:31:21 GMT
content-type: text/html; charset=utf-8
server: cloudflare
location: /https://github.com/ChrisTitusTech/winutil/releases/download/25.06.27/winutil.ps1
cf-ray: 95d0c3a3fff056aa-OSL
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: no-cache
set-cookie: _gh_sess=Vt5%2B2mmMwx51hQTTUgzEbbumda7AWdfSlizqH5uaYC%2FbUQRZlDtYEeVHqEX%2Fic%2FvnF7fL3NfaF%2BdBAckV6mr7m%2F229O7wtI%2B1vjKsaueraw7Mzi2BY0f16k5zzi%2Bgp0tehS%2BMTCnb918jRXCokpGnOsV0SH%2FMnVmruO3NjVKhtgVR5PeACVfAD9zvh1cWFNJrYxVrl7ZyrsC3P1u%2FU2qSeWC9AHX2MYJ6ePYQrQB00BHvpurqbs8TwHKJ0SO0BPUBZX6hepPpYpwtdMBcN3R3w%3D%3D--aZtXZDFP4uwJw6wF--3BuKEyGkyDmUKHHX%2B%2Fdekw%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
_octo=GH1.1.1535770605.1752157881; Path=/; Domain=github.com; Expires=Fri, 10 Jul 2026 14:31:21 GMT; Secure; SameSite=Lax
logged_in=no; Path=/; Domain=github.com; Expires=Fri, 10 Jul 2026 14:31:21 GMT; HttpOnly; Secure; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubdomains; preload
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
access-control-expose-headers: *
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-frame-options: deny
x-github-request-id: 3690:1E045E:50CDE0:51CE62:686FCEA9
x-xss-protection: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9%2FufIg%2F%2BtsOVOQQ%2BlSlBh%2F1BEYWEPR1oH48r59%2BQggExj02Yu2orMzxSvcMBgbYlRp2CpHrWddZ9PT7EiP3O7eylWy9iS%2FEytrLH%2Bg74VnnPIwjJuhVNQW707HveyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6047&min_rtt=503&rtt_var=11097&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3274&recv_bytes=1301&delivery_rate=6397643&cwnd=254&unsent_bytes=0&cid=f31a87e1fcec91d2&ts=337&x=0"
X-Firefox-Spdy: h2