Report - github.com/user-attachments/files/17002647/autogenerated.zip

Report Overview

Visitedpublic

2024-09-23 04:28:50

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-23 01:14:04	1.3 kB	3.5 kB	23.36.76.226
github.com	1423	2007-10-09	2016-07-13 12:28:22	2024-09-23 01:13:32	514 B	5.0 kB	140.82.121.3
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-23 01:14:05	1.6 kB	4.4 kB	23.36.76.226
objects.githubusercontent.com	134060	2014-02-06	2021-11-01 22:34:29	2024-09-23 01:04:40	932 B	9.9 MB	185.199.108.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

objects.githubusercontent.com/github-production-repository-file-5c1aeb/25609086/17002647?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240923%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240923T042822Z&X-Amz-Expires=300&X-Amz-Signature=4f95e1eb6f8281e537cd19c3dc291c0e8e4bbeb7205b93e823b45d3298a94aa3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3Bfilename%3Dautogenerated.zip&response-content-type=application%2Fx-zip-compressed

IP / ASN

185.199.108.133

#54113 FASTLY

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size9.9 MB (9852741 bytes)

MD50ad56fe193fd1a1d7ac9fead3d2d1577

SHA1b2175a2f3c53e378b5a4df58d85c8a31294b38e8

SHA256d441658ce21946484a6d3a86d379aafaa37c6f99b2a7b618bb06898d5b04bf6d

Archive (12)

Modified	Filename	Size	MD5	File type
2024-08-17 15:27	main.exe	8.4 MB	7f5af411494e181eaec75e50af609910	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2016-10-12 12:25	dbghelp.dll	798 kB	4934241cd20ac87d78121352e3ba8318	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections
2024-06-22 22:39	RDPWrapOffsetFinder.exe	128 kB	6be196ce284d945d33c022c4c7a05b8a	PE32 executable (console) Intel 80386, for MS Windows, 4 sections
2020-09-19 19:00	symsrv.dll	124 kB	1a3ce66241126f2bbcadcd6ebe5f7ca4	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections
2024-03-25 15:19	symsrv.yes	0 B	d41d8cd98f00b204e9800998ecf8427e
2024-06-22 22:38	Zydis.dll	621 kB	429999ef2d4ca2367f06b38fb508eb7d	PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections
2016-09-09 17:26	dbghelp.dll	1.0 MB	900b9b25c345aaa4f90913ba9aecabf4	PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections
2024-06-22 21:17	RDPWrapOffsetFinder.exe	164 kB	a0a6addaf7ec1a86154ac3e6e64c9804	PE32+ executable (console) x86-64, for MS Windows, 6 sections
2024-07-15 20:53	RDPWrapOffsetFinder_nosymbol.exe	156 kB	17285df981cccdda4b65299249a21613	PE32+ executable (console) x86-64, for MS Windows, 7 sections
2017-09-14 15:08	symsrv.dll	149 kB	65fb3391eb26f5ac647fc40501d8e21d	PE32+ executable (DLL) (console) x86-64, for MS Windows, 5 sections
2024-03-25 15:19	symsrv.yes	0 B	d41d8cd98f00b204e9800998ecf8427e
2024-06-22 17:36	Zydis.dll	667 kB	2ee1a9d90ec58272f1b81fd9e5166527	PE32+ executable (DLL) (console) x86-64, for MS Windows, 8 sections

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (11)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.36.76.226		504 B
URL HTTP r10.o.lencr.org/ IP / ASN 23.36.76.226 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-09-21 Last Seen2024-09-28 Times Seen32142 Size504 B (504 bytes) MD5d53da2de4fc4634a067495f858d15c81 SHA1be0d08371e49c3ff6bb6eb6760b0142bb5e49181 SHA256a4dfb633c3d6c80962fe436220800f7f6fac707a55806bfc1757d4fa49af8cdc HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "A4DFB633C3D6C80962FE436220800F7F6FAC707A55806BFC1757D4FA49AF8CDC" Last-Modified: Fri, 20 Sep 2024 21:19:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2887 Expires: Mon, 23 Sep 2024 05:16:29 GMT Date: Mon, 23 Sep 2024 04:28:22 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL HTTP r10.o.lencr.org/ IP / ASN 23.36.76.226 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-09-22 Last Seen2024-09-28 Times Seen16698 Size504 B (504 bytes) MD5a756e3de6f1bc9f4fd807c7ac4ab13c0 SHA172c189c05a79d4baf34e880c851183cf764cd5cc SHA2564209062aa50a6c3396d23003127f86806950ef8c9d33117c74ed26d0876b60b6 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "4209062AA50A6C3396D23003127F86806950EF8C9D33117C74ED26D0876B60B6" Last-Modified: Sun, 22 Sep 2024 12:20:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3626 Expires: Mon, 23 Sep 2024 05:28:48 GMT Date: Mon, 23 Sep 2024 04:28:22 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL HTTP r10.o.lencr.org/ IP / ASN 23.36.76.226 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-09-23 Last Seen2024-09-28 Times Seen10140 Size504 B (504 bytes) MD5b3e9dbf48fb15b7ebe030820e496a4a2 SHA1a0afffcc59e40c53dc7aef18623c759d63eb794e SHA256b299e84f35cc7722bbd1f7046cfb1d5c5be6460946551d5a55d90bb3e7dd556d HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "B299E84F35CC7722BBD1F7046CFB1D5C5BE6460946551D5A55D90BB3E7DD556D" Last-Modified: Sun, 22 Sep 2024 22:26:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=2701 Expires: Mon, 23 Sep 2024 05:13:23 GMT Date: Mon, 23 Sep 2024 04:28:22 GMT Connection: keep-alive`

	GET github.com/user-attachments/files/17002647/autogenerated.zip	140.82.121.3	302 Found	0 B
URL User Request GET HTTPS github.com/user-attachments/files/17002647/autogenerated.zip IP / ASN 140.82.121.3 #36459 GITHUB Requested byN/A Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-04 Times Seen5648841 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT HTTP Headers `GET /user-attachments/files/17002647/autogenerated.zip HTTP/1.1 Host: github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 302 Found server: GitHub.com date: Mon, 23 Sep 2024 04:28:22 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With location: https://objects.githubusercontent.com/github-production-repository-file-5c1aeb/25609086/17002647?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240923%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240923T042822Z&X-Amz-Expires=300&X-Amz-Signature=4f95e1eb6f8281e537cd19c3dc291c0e8e4bbeb7205b93e823b45d3298a94aa3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3Bfilename%3Dautogenerated.zip&response-content-type=application%2Fx-zip-compressed cache-control: no-cache strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com .rel.tunnels.api.visualstudio.com wss://.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/ set-cookie: _gh_sess=hEhCHU5TWNOb6qIsLFtZCVfce16EMMWROAgWT9fKA7fVhIbxDUwcVcqyWWw8akzUwmYGidd8qMw6NWHaee6CMxFJZcWNv5TRk6tAGJKlxx0W8XhMI4527lc5UotFwU4mkZhQrl2%2FSEee%2FTW%2Bx5uLrGTi7BGoTRExdEVWK%2FKRDT3bkq0H7pmS7hjrq8%2BWZCkZevHMAoZ%2Fg1UdKyBzfKF7o1NIPQM6TGq2TFYpCgcRLQCJpr72OEq7ZCy8NewB%2BJxVvRgHS5U5jkaHk62O7er55A%3D%3D--HIIV3RUZKLts%2Fg3S--pk553jBAqFRDtieASGJwvw%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax _octo=GH1.1.1811643769.1727065702; Path=/; Domain=github.com; Expires=Tue, 23 Sep 2025 04:28:22 GMT; Secure; SameSite=Lax logged_in=no; Path=/; Domain=github.com; Expires=Tue, 23 Sep 2025 04:28:22 GMT; HttpOnly; Secure; SameSite=Lax content-length: 0 x-github-request-id: 5622:10310F:22577FA:2336383:66F0EE66 X-Firefox-Spdy: h2

	r10.o.lencr.org/	23.36.76.226		504 B
URL HTTP r10.o.lencr.org/ IP / ASN 23.36.76.226 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-09-22 Last Seen2024-09-28 Times Seen24132 Size504 B (504 bytes) MD58ab80371465a057b549a046eb6f97853 SHA10ccf179fc8a2f02fc91bdb73161837daf6f5c08a SHA256e8d786bfe63e0db6078c37a721dcd2c244ca27d70e5ecc8d99ccea1755073729 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "E8D786BFE63E0DB6078C37A721DCD2C244CA27D70E5ECC8D99CCEA1755073729" Last-Modified: Sun, 22 Sep 2024 14:38:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=16628 Expires: Mon, 23 Sep 2024 09:05:31 GMT Date: Mon, 23 Sep 2024 04:28:23 GMT Connection: keep-alive`

	r11.o.lencr.org/	23.36.76.226		504 B
URL HTTP r11.o.lencr.org/ IP / ASN 23.36.76.226 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-09-21 Last Seen2024-09-28 Times Seen15322 Size504 B (504 bytes) MD541fa5215726c6fcc00080ad4fd963296 SHA1b4a425abfbd9dda21ccc1a053fe18793e2ff989b SHA256538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F" Last-Modified: Sat, 21 Sep 2024 12:28:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3605 Expires: Mon, 23 Sep 2024 05:28:29 GMT Date: Mon, 23 Sep 2024 04:28:24 GMT Connection: keep-alive`

	r11.o.lencr.org/	23.36.76.226		504 B
URL HTTP r11.o.lencr.org/ IP / ASN 23.36.76.226 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-09-21 Last Seen2024-09-28 Times Seen15322 Size504 B (504 bytes) MD541fa5215726c6fcc00080ad4fd963296 SHA1b4a425abfbd9dda21ccc1a053fe18793e2ff989b SHA256538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F" Last-Modified: Sat, 21 Sep 2024 12:28:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3605 Expires: Mon, 23 Sep 2024 05:28:29 GMT Date: Mon, 23 Sep 2024 04:28:24 GMT Connection: keep-alive`

	r11.o.lencr.org/	23.36.76.226		504 B
URL HTTP r11.o.lencr.org/ IP / ASN 23.36.76.226 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-09-21 Last Seen2024-09-28 Times Seen15322 Size504 B (504 bytes) MD541fa5215726c6fcc00080ad4fd963296 SHA1b4a425abfbd9dda21ccc1a053fe18793e2ff989b SHA256538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F" Last-Modified: Sat, 21 Sep 2024 12:28:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3605 Expires: Mon, 23 Sep 2024 05:28:29 GMT Date: Mon, 23 Sep 2024 04:28:24 GMT Connection: keep-alive`

	r11.o.lencr.org/	23.36.76.226		504 B
URL HTTP r11.o.lencr.org/ IP / ASN 23.36.76.226 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-09-21 Last Seen2024-09-28 Times Seen15322 Size504 B (504 bytes) MD541fa5215726c6fcc00080ad4fd963296 SHA1b4a425abfbd9dda21ccc1a053fe18793e2ff989b SHA256538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F" Last-Modified: Sat, 21 Sep 2024 12:28:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3605 Expires: Mon, 23 Sep 2024 05:28:29 GMT Date: Mon, 23 Sep 2024 04:28:24 GMT Connection: keep-alive`

	r11.o.lencr.org/	23.36.76.226		504 B
URL HTTP r11.o.lencr.org/ IP / ASN 23.36.76.226 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-09-21 Last Seen2024-09-28 Times Seen15322 Size504 B (504 bytes) MD541fa5215726c6fcc00080ad4fd963296 SHA1b4a425abfbd9dda21ccc1a053fe18793e2ff989b SHA256538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F" Last-Modified: Sat, 21 Sep 2024 12:28:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3605 Expires: Mon, 23 Sep 2024 05:28:29 GMT Date: Mon, 23 Sep 2024 04:28:24 GMT Connection: keep-alive`

	GET objects.githubusercontent.com/github-production-repository-file-5c1aeb/25609086/17002647?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240923%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240923T042822Z&X-Amz-Expires=300&X-Amz-Signature=4f95e1eb6f8281e537cd19c3dc291c0e8e4bbeb7205b93e823b45d3298a94aa3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3Bfilename%3Dautogenerated.zip&response-content-type=application%2Fx-zip-compressed	185.199.108.133	200 OK	9.9 MB
URL User Request GET HTTPS objects.githubusercontent.com/github-production-repository-file-5c1aeb/25609086/17002647?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240923%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240923T042822Z&X-Amz-Expires=300&X-Amz-Signature=4f95e1eb6f8281e537cd19c3dc291c0e8e4bbeb7205b93e823b45d3298a94aa3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3Bfilename%3Dautogenerated.zip&response-content-type=application%2Fx-zip-compressed IP / ASN 185.199.108.133 #54113 FASTLY Requested byN/A Resource Info File typeZip archive data, at least v2.0 to extract, compression method=deflate First Seen2024-09-28 Last Seen2024-09-28 Times Seen1 Size9.9 MB (9852741 bytes) MD50ad56fe193fd1a1d7ac9fead3d2d1577 SHA1b2175a2f3c53e378b5a4df58d85c8a31294b38e8 SHA256d441658ce21946484a6d3a86d379aafaa37c6f99b2a7b618bb06898d5b04bf6d Certificate Info IssuerDigiCert Inc Subject.github.io Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28 ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT HTTP Headers GET /github-production-repository-file-5c1aeb/25609086/17002647?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240923%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240923T042822Z&X-Amz-Expires=300&X-Amz-Signature=4f95e1eb6f8281e537cd19c3dc291c0e8e4bbeb7205b93e823b45d3298a94aa3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3Bfilename%3Dautogenerated.zip&response-content-type=application%2Fx-zip-compressed HTTP/1.1 Host: objects.githubusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK x-amz-id-2: QFQ5oI4WfryR18iKX5werM0J9gsr464b6gPoZVTkY+B+MxuDn4Y4roENDdthM6KKZS4n9rUP1VY= x-amz-request-id: 84AW9MJ3SH3QE92A last-modified: Sat, 14 Sep 2024 13:46:29 GMT etag: "22d364002a190d6ef7f9d67bb88d0818-2" x-amz-server-side-encryption: AES256 content-disposition: attachment;filename=autogenerated.zip content-type: application/x-zip-compressed server: AmazonS3 fastly-restarts: 1 accept-ranges: bytes age: 0 date: Mon, 23 Sep 2024 04:28:23 GMT via: 1.1 varnish x-served-by: cache-hel1410021-HEL x-cache: MISS x-cache-hits: 0 x-timer: S1727065703.113366,VS0,VE418 content-length: 9852741 X-Firefox-Spdy: h2

Detections

Host Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

File detected

Detections

JavaScript (0)

HTTP Transactions (11)

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers