Report - git.activated.win/massgrave/Microsoft-Activation-Scripts/archive/master.zip

Report Overview

Visited public
2024-12-12 15:17:30
Tags
URL
git.activated.win/massgrave/Microsoft-Activation-Scripts/archive/master.zip
Finishing URL
about:privatebrowsing
IP / ASN
172.67.219.75
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
git.activated.win	unknown	2024-05-15	2024-10-08	2024-12-04	529 B	327 kB	172.67.219.75

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
git.activated.win/massgrave/Microsoft-Activation-Scripts/archive/master.zip
IP
172.67.219.75
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
326 kB (325455 bytes)
Hash
7356f23a0fc11e310dbb4165c9257f14
b35753159bd88cd1196c25c884986af8380c98b8
864f321695e3690755999c62f59b63d41d9e4f5b83d14c63bbcb18ea4a0f619a

Archive (14)

Modified	Filename	Size	Md5	File type
2024-11-11 09:58	LICENSE	35 kB	1ebbd3e34237af26da5dc08a4e440464	ASCII text
2024-11-11 09:58	MAS_AIO.cmd	446 kB	4b888d91eff0c5f1c811ee82cbe07c06	ASCII text, with very long lines (348), with CRLF line terminators
2024-11-11 09:58	HWID_Activation.cmd	74 kB	7f4de013319c6b007ac9c8d99270d78e	DOS batch file, ASCII text, with very long lines (376), with CRLF line terminators
2024-11-11 09:58	KMS38_Activation.cmd	77 kB	c1717aa61f60eed6d710281505d221a2	DOS batch file, ASCII text, with very long lines (500), with CRLF line terminators
2024-11-11 09:58	Ohook_Activation_AIO.cmd	135 kB	1007b8d5559eb72788d5b5f4757ab916	DOS batch file, ASCII text, with very long lines (452), with CRLF line terminators
2024-11-11 09:58	Online_KMS_Activation.cmd	157 kB	3f026e268817d22d0bf9fdb5e2ba87d5	DOS batch file, ASCII text, with very long lines (452), with CRLF line terminators
2024-11-11 09:58	ReadMe.txt	758 B	b7fa33165116723bc2f83676fd62cc69	ASCII text, with CRLF line terminators
2024-11-11 09:58	Change_Office_Edition.cmd	48 kB	5db8fc9d571c1e8e7890d2829f74884d	DOS batch file, ASCII text, with very long lines (453), with CRLF line terminators
2024-11-11 09:58	Change_Windows_Edition.cmd	47 kB	a064240fd239d0feff23701b64c72c76	DOS batch file, ASCII text, with very long lines (348), with CRLF line terminators
2024-11-11 09:58	Check_Activation_Status.cmd	36 kB	1ebf95a85eec40bab2045bd26658a345	DOS batch file, ASCII text, with CRLF line terminators
2024-11-11 09:58	Extract_OEM_Folder.cmd	24 kB	289b8a5cf999c446998f6dcfa0e99b78	DOS batch file, ASCII text, with very long lines (348), with CRLF line terminators
2024-11-11 09:58	Troubleshoot.cmd	50 kB	cbb9db94307416d2731530fb8e949ac2	DOS batch file, ASCII text, with very long lines (376), with CRLF line terminators
2024-11-11 09:58	_ReadMe.html	84 B	574e18c1f9b32a47f988ac91588901ba	HTML document, ASCII text, with CRLF line terminators
2024-11-11 09:58	README.md	3.0 kB	91bd4543a129decbf70584309252ac8d	Unicode text, UTF-8 text

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/64

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

git.activated.win/massgrave/Microsoft-Activation-Scripts/archive/master.zip

172.67.219.75

200 OK

326 kB

URL User Request GET HTTP/2
git.activated.win/massgrave/Microsoft-Activation-Scripts/archive/master.zip
IP
172.67.219.75:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectactivated.win
Fingerprint20:95:88:30:B9:93:E6:02:55:A9:7B:F0:ED:E2:A7:14:4F:77:A2:25
ValidityFri, 29 Nov 2024 18:13:21 GMT - Thu, 27 Feb 2025 18:13:20 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
326 kB (325455 bytes)
Hash
7356f23a0fc11e310dbb4165c9257f14
b35753159bd88cd1196c25c884986af8380c98b8
864f321695e3690755999c62f59b63d41d9e4f5b83d14c63bbcb18ea4a0f619a

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/64

HTTP Headers

GET /massgrave/Microsoft-Activation-Scripts/archive/master.zip HTTP/1.1
Host: git.activated.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 12 Dec 2024 15:17:05 GMT
content-type: application/octet-stream
content-length: 325455
access-control-expose-headers: Content-Disposition
cache-control: private, max-age=300
content-disposition: attachment; filename="Microsoft-Activation-Scripts-master.zip"; filename*=UTF-8''Microsoft-Activation-Scripts-master.zip
last-modified: Wed, 11 Dec 2024 23:14:17 GMT
link: <https://git.activated.win/api/v1/repos/massgrave/Microsoft-Activation-Scripts/archive/f1ddb83df092478741344fc55351a65cf6eeafd8.tar.gz?rev=f1ddb83df092478741344fc55351a65cf6eeafd8>; rel="immutable"
no-gzip-compression: 1
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
cf-cache-status: BYPASS
set-cookie: i_like_gitea=adb6151e6d44a651; Path=/; HttpOnly; Secure; SameSite=Lax
_csrf=xhM2ElCjhV3Vhv_ZKDPX9e0nU_w6MTczNDAxNjYyNTkxMzczOTI1NA; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hXwAUFUlp42aoG6IavR2DzwY2A9Cx%2B%2BKsXeRoafpMZb%2BzMfUBodX3uGlY%2BPZramxT2U6C7sLJ27tl10TyjF705yUtp%2FqO5yUJ5DC6lf4K7L50RBSxZhsC9GJeuP6zPgNhAqrxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8f0eade778fa569f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6210&min_rtt=631&rtt_var=10889&sent=9&recv=12&lost=0&retrans=0&sent_bytes=3224&recv_bytes=1208&delivery_rate=6360175&cwnd=255&unsent_bytes=0&cid=a161f0d59e99b6e3&ts=130&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (14)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers