| github-com.translate.goog/can-kat/cstealer/archive/refs/heads/main.zip |  142.250.74.97 | | 0 B |
URL github-com.translate.goog/can-kat/cstealer/archive/refs/heads/main.zip IP142.250.74.97:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /can-kat/cstealer/archive/refs/heads/main.zip HTTP/1.1
Host: github-com.translate.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Nov 2023 18:19:32 GMT
location: https://codeload-github-com.translate.goog/can-kat/cstealer/zip/refs/heads/main?_x_tr_sl&_x_tr_tl&_x_tr_hl
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+831; expires=Mon, 24-Nov-2025 18:19:32 GMT; path=/; domain=.translate.goog; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
| GET codeload-github-com.translate.goog/can-kat/cstealer/zip/refs/heads/main?_x_tr_sl&_x_tr_tl&_x_tr_hl | 142.250.74.129 | 302 Found | 0 B |
URL User Request GET HTTP/2codeload-github-com.translate.goog/can-kat/cstealer/zip/refs/heads/main?_x_tr_sl&_x_tr_tl&_x_tr_hl IP142.250.74.129:443
CertificateIssuerGoogle Trust Services LLC Subject*.googleusercontent.com Fingerprint2E:01:38:64:37:3C:F9:F4:3C:95:49:F1:9E:D9:61:5F:63:48:CF:CE ValidityMon, 23 Oct 2023 11:23:50 GMT - Mon, 15 Jan 2024 11:23:49 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /can-kat/cstealer/zip/refs/heads/main?_x_tr_sl&_x_tr_tl&_x_tr_hl HTTP/1.1
Host: codeload-github-com.translate.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 25 Nov 2023 18:19:33 GMT
location: https://codeload.github.com/can-kat/cstealer/zip/refs/heads/main
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: CONSENT=PENDING+962; expires=Mon, 24-Nov-2025 18:19:32 GMT; path=/; domain=.translate.goog; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
| GET codeload.github.com/can-kat/cstealer/zip/refs/heads/main | 140.82.121.10 | 200 OK | 810 kB |
URL User Request GET HTTP/2codeload.github.com/can-kat/cstealer/zip/refs/heads/main IP140.82.121.10:443
CertificateIssuerDigiCert Inc Subject*.github.com Fingerprint2D:79:6C:90:2D:AD:8A:2E:4F:D1:E2:99:ED:E8:91:29:36:40:F8:58 ValidityThu, 16 Feb 2023 00:00:00 GMT - Fri, 15 Mar 2024 23:59:59 GMT
File typeZip archive data, at least v1.0 to extract, compression method=store\012- data Size810 kB (810448 bytes) Hash430ded11eef8683ceb9bcd357d0860b0 5c497fb2ba82ecac26e54ddfeb883334b6abe4fb d8b54e229125dbd8b445295a709d98b146545dbc76d0b16d8624ea0cb6e752bb
| Analyzer | Verdict | Alert |
|---|
| VirusTotal | suspicious | |
GET /can-kat/cstealer/zip/refs/heads/main HTTP/1.1
Host: codeload.github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=cstealer-main.zip
content-length: 810448
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
cross-origin-resource-policy: cross-origin
etag: W/"bf58ec0a8943f6c1f1d425f95f3ba652bf11b6dde3c1abe50a860d0ad6dd8145"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
date: Sat, 25 Nov 2023 18:19:33 GMT
x-github-request-id: 2A22:A137:4614B5:54B88C:65623AB5
X-Firefox-Spdy: h2
|