Report - github.com/SpectrumPrime/Bandicam-Activator/archive/refs/heads/main.zip

Report Overview

Visited public
2024-07-21 21:08:24
Tags
URL
github.com/SpectrumPrime/Bandicam-Activator/archive/refs/heads/main.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.3
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-21 18:21:45	2.3 kB	6.2 kB	23.33.119.27
github.com	1423	2007-10-09	2016-07-13 12:28:22	2024-07-20 18:33:01	525 B	3.6 kB	140.82.121.3
codeload.github.com	62359	2007-10-09	2013-04-18 13:49:11	2024-07-18 10:34:01	526 B	242 kB	140.82.121.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/SpectrumPrime/Bandicam-Activator/zip/refs/heads/main
IP
140.82.121.10
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
241 kB (241292 bytes)
Hash
284a76195b07753b665174f10283d2d4
4f6c2eb10e909a72c4f060ab2f1b145a9d345290
ae65659a9fbbb3f7217e682c8f6f28d06a0f47540c4e76b1956a00f5020aace4

Archive (8)

Filename

Md5

File type

Keygen.exe

8a8a0d8aa60c7529753089dfd1d7d8a5

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

msimg32.dll

4b4705640975b0df28adb898ac74811f

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

README.txt

f96d550bb4b35c0374009b0c4ebda0b0

ASCII text, with CRLF line terminators

CONNECTIVITY FIX.txt

8d3d79742d9acd02da34151e54b29497

ASCII text, with CRLF line terminators

Offline Bandicam.bat

c842b9ed8bfc3a160aec7c39321ed5b4

DOS batch file, ASCII text, with CRLF line terminators

Photo.jpg

ba93e4c7cfed9fe2ade732b3fb47dca1

JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 620x570, components 3

README.md

613d800530c64f8e40a0a6b26b3e1ac2

ASCII text

bandicam 2022-11-21 18-33-04-123.jpg

e0a8f939d7e8bce5dda3aacb3d397a64

JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 620x570, components 3

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (9)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 3bd6a6d19bf0ab70e4e0cd3d2833afe1 0dd2ee68cf939d2482a9b30bf767f412eb97e492 23c60c02f8a6f1f7fe01f9f4661cf04a03c046522201927dfa7c51ceba6c5449 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "23C60C02F8A6F1F7FE01F9F4661CF04A03C046522201927DFA7C51CEBA6C5449" Last-Modified: Sat, 20 Jul 2024 20:21:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6457 Expires: Sun, 21 Jul 2024 22:55:36 GMT Date: Sun, 21 Jul 2024 21:07:59 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c7f6de9d4ccb60f56a555de6134b5b77 4b9e75fa3da17c1584a3d87aec6afd7d8da41d16 55db53ef70b6bfeb3c259dbe5d0ac0e6625898a3ac37d7e200253c03979e2cf7 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "55DB53EF70B6BFEB3C259DBE5D0AC0E6625898A3AC37D7E200253C03979E2CF7" Last-Modified: Sat, 20 Jul 2024 20:21:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14724 Expires: Mon, 22 Jul 2024 01:13:23 GMT Date: Sun, 21 Jul 2024 21:07:59 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 85a291090b5db764a5b5f1487dcb958f 9dadf7a0a7d6be86e491a10bbbc72c84f798cab9 60c84bb6c568871d3febe1e58c6aedf398fa06f5f7afc3e6087200be0a25ad3f HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "60C84BB6C568871D3FEBE1E58C6AEDF398FA06F5F7AFC3E6087200BE0A25AD3F" Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=5202 Expires: Sun, 21 Jul 2024 22:34:41 GMT Date: Sun, 21 Jul 2024 21:07:59 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 00accea3155d7ac730285aec633670a9 fee8ca25b96d24d0c10951f7f4ea28389020e88d 9abd3b5f4de73d55417dcec4bbf72b38cc201842360ed32d763a4c65e35819d8 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "9ABD3B5F4DE73D55417DCEC4BBF72B38CC201842360ED32D763A4C65E35819D8" Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=19288 Expires: Mon, 22 Jul 2024 02:29:27 GMT Date: Sun, 21 Jul 2024 21:07:59 GMT Connection: keep-alive`

	github.com/SpectrumPrime/Bandicam-Activator/archive/refs/heads/main.zip	140.82.121.3	302 Found	0 B
URL User Request GET HTTP/2 github.com/SpectrumPrime/Bandicam-Activator/archive/refs/heads/main.zip IP 140.82.121.3:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /SpectrumPrime/Bandicam-Activator/archive/refs/heads/main.zip HTTP/1.1 Host: github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: GitHub.com date: Sun, 21 Jul 2024 21:07:59 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With location: https://codeload.github.com/SpectrumPrime/Bandicam-Activator/zip/refs/heads/main cache-control: max-age=0, private strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: no-referrer-when-downgrade content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ content-length: 0 x-github-request-id: 752A:BD810:E0BF99:E5C499:669D78AF X-Firefox-Spdy: h2

	codeload.github.com/SpectrumPrime/Bandicam-Activator/zip/refs/heads/main	140.82.121.10	200 OK	241 kB
URL User Request GET HTTP/2 codeload.github.com/SpectrumPrime/Bandicam-Activator/zip/refs/heads/main IP 140.82.121.10:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subject.github.com Fingerprint0D:F6:EC:50:FA:ED:AE:6E:13:AF:82:94:52:F7:11:1B:0A:CF:7C:20 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 241 kB (241292 bytes) Hash 284a76195b07753b665174f10283d2d4 4f6c2eb10e909a72c4f060ab2f1b145a9d345290 ae65659a9fbbb3f7217e682c8f6f28d06a0f47540c4e76b1956a00f5020aace4 HTTP Headers GET /SpectrumPrime/Bandicam-Activator/zip/refs/heads/main HTTP/1.1 Host: codeload.github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK access-control-allow-origin: https://render.githubusercontent.com content-disposition: attachment; filename=Bandicam-Activator-main.zip content-length: 241292 content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox content-type: application/zip cross-origin-resource-policy: cross-origin etag: W/"728bca824a7e2d955f3b6175caaaa428257ad05df3c561d7a7bb23917457ee71" strict-transport-security: max-age=31536000 vary: Authorization,Accept-Encoding,Origin x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block date: Sun, 21 Jul 2024 21:08:00 GMT x-github-request-id: A7E2:4F638:EAC76C:1208591:669D78B0 X-Firefox-Spdy: h2

	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash abdbb83f974102baaaa6f77ee331d442 053c22e9dce284413f8a2d4433748edbdd91b77b 23a21016e52b76d94858b277e1a729969fc7f0f66b9212013f3b1cd64fc2591c HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "23A21016E52B76D94858B277E1A729969FC7F0F66B9212013F3B1CD64FC2591C" Last-Modified: Sat, 20 Jul 2024 19:17:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15157 Expires: Mon, 22 Jul 2024 01:20:38 GMT Date: Sun, 21 Jul 2024 21:08:01 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash abdbb83f974102baaaa6f77ee331d442 053c22e9dce284413f8a2d4433748edbdd91b77b 23a21016e52b76d94858b277e1a729969fc7f0f66b9212013f3b1cd64fc2591c HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "23A21016E52B76D94858B277E1A729969FC7F0F66B9212013F3B1CD64FC2591C" Last-Modified: Sat, 20 Jul 2024 19:17:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15157 Expires: Mon, 22 Jul 2024 01:20:38 GMT Date: Sun, 21 Jul 2024 21:08:01 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.27		504 B
URL r10.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash abdbb83f974102baaaa6f77ee331d442 053c22e9dce284413f8a2d4433748edbdd91b77b 23a21016e52b76d94858b277e1a729969fc7f0f66b9212013f3b1cd64fc2591c HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "23A21016E52B76D94858B277E1A729969FC7F0F66B9212013F3B1CD64FC2591C" Last-Modified: Sat, 20 Jul 2024 19:17:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=15157 Expires: Mon, 22 Jul 2024 01:20:38 GMT Date: Sun, 21 Jul 2024 21:08:01 GMT Connection: keep-alive`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (8)

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash