Report - github.com/massgravel/Microsoft-Activation-Scripts/archive/refs/heads/master.zip

Report Overview

Visited public
2025-05-08 02:17:36
Tags
URL
github.com/massgravel/Microsoft-Activation-Scripts/archive/refs/heads/master.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.4
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2025-05-07	548 B	472 kB	140.82.121.3
codeload.github.com	62359	2007-10-09	2013-04-18	2025-05-07	549 B	469 kB	140.82.121.9

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/massgravel/Microsoft-Activation-Scripts/zip/refs/heads/master
IP
140.82.121.9
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
468 kB (468148 bytes)
Hash
d96d75926753d0261d2bc67631ed74e5
d4212773b8294c5728b65577f358c5ced5f7d25a
b88d43a95daba52337c1b7aa86c5240a488a896d62aaa5f32d896ead3e21852d

Archive (15)

Filename

Md5

File type

LICENSE

1ebbd3e34237af26da5dc08a4e440464

ASCII text

MAS_AIO.cmd

98f65f29751a5dfc3c9c35c42eb708d7

ASCII text, with very long lines (348), with CRLF line terminators

HWID_Activation.cmd

7f70b19ccdd960165369eeccbbf28070

DOS batch file, ASCII text, with very long lines (376), with CRLF line terminators

KMS38_Activation.cmd

ed99e305be91ee80c843e76531911c2d

DOS batch file, ASCII text, with very long lines (500), with CRLF line terminators

Ohook_Activation_AIO.cmd

6e407b8d41b4f26441b7e40cb41cefd3

DOS batch file, ASCII text, with very long lines (452), with CRLF line terminators

Online_KMS_Activation.cmd

972bdf97a5a1725147e42b778161775b

DOS batch file, ASCII text, with very long lines (452), with CRLF line terminators

TSforge_Activation.cmd

8840ba9d598b1d41db92835fe58c27d7

DOS batch file, ASCII text, with very long lines (348), with CRLF line terminators

_ReadMe.txt

e699451ed0dfe4ebdd499666dc411c3c

ASCII text, with CRLF line terminators

Change_Office_Edition.cmd

8d756de50198942bebc327ffaeede659

DOS batch file, ASCII text, with very long lines (453), with CRLF line terminators

Change_Windows_Edition.cmd

8e748466ecd4050672f5475d01e579b9

DOS batch file, ASCII text, with very long lines (348), with CRLF line terminators

Check_Activation_Status.cmd

8d85133114beeaf31f14e95f53e77f92

DOS batch file, ASCII text, with very long lines (379), with CRLF line terminators

Extract_OEM_Folder.cmd

f99c87ced41939998a46262630918eb4

DOS batch file, ASCII text, with very long lines (348), with CRLF line terminators

Troubleshoot.cmd

c0de640715e5ed1055d29338f8a6c91a

DOS batch file, ASCII text, with very long lines (376), with CRLF line terminators

_ReadMe.html

574e18c1f9b32a47f988ac91588901ba

HTML document, ASCII text, with CRLF line terminators

README.md

4516b2851beda532f4ce4292d527b55b

Unicode text, UTF-8 text

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious PowerShell code that downloads from web sites
Public Nextron YARA rules	malware	Detects suspicious PowerShell code that downloads from web sites
VirusTotal	suspicious	VirusTotal - Scan result 2/62

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/massgravel/Microsoft-Activation-Scripts/archive/refs/heads/master.zip

140.82.121.3

302 Found

468 kB

URL User Request GET
github.com/massgravel/Microsoft-Activation-Scripts/archive/refs/heads/master.zip
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT

File type

Size
468 kB (468148 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /massgravel/Microsoft-Activation-Scripts/archive/refs/heads/master.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 08 May 2025 02:17:04 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With
location: https://codeload.github.com/massgravel/Microsoft-Activation-Scripts/zip/refs/heads/master
cache-control: max-age=0, private
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: 3819:37247:4CD9F:4F625:681C141F
X-Firefox-Spdy: h2

codeload.github.com/massgravel/Microsoft-Activation-Scripts/zip/refs/heads/master

140.82.121.9

200 OK

468 kB

URL User Request GET
codeload.github.com/massgravel/Microsoft-Activation-Scripts/zip/refs/heads/master
IP
140.82.121.9:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subject*.github.com
Fingerprint7A:96:66:B4:C7:AA:A7:7E:A1:CD:48:AF:0B:3D:0F:BF:60:60:4F:B2
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
468 kB (468148 bytes)
Hash
d96d75926753d0261d2bc67631ed74e5
d4212773b8294c5728b65577f358c5ced5f7d25a
b88d43a95daba52337c1b7aa86c5240a488a896d62aaa5f32d896ead3e21852d

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/62

HTTP Headers

GET /massgravel/Microsoft-Activation-Scripts/zip/refs/heads/master HTTP/1.1
Host: codeload.github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=Microsoft-Activation-Scripts-master.zip
content-length: 468148
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
cross-origin-resource-policy: cross-origin
etag: W/"504adf825ff325cfa41c9132e637ba12938e5cbcbe36332f94b2ea8c31e23e9c"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
date: Thu, 08 May 2025 02:17:04 GMT
x-github-request-id: 37F2:187594:12A3:1A30:681C1420
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (15)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers