Report - github.com/achiez/NebulaAuth-Steam-Desktop-Authenticator-by-Achies/releases/download/1.4.9/NebulaAuth.1.4.9.zip

Report Overview

Submitted URL
github.com/achiez/NebulaAuth-Steam-Desktop-Authenticator-by-Achies/releases/download/1.4.9/NebulaAuth.1.4.9.zip
IP
140.82.121.4
ASN
#36459 GITHUB
Submitted
2024-04-27 03:19:55
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	565 B	3.9 kB	140.82.121.4
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-04-26	999 B	8.6 MB	185.199.110.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/751093437/ec118b36-1787-46f0-9455-45e31132ab78?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240427%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240427T031922Z&X-Amz-Expires=300&X-Amz-Signature=2af008a9bf6ab5ffa577385942e5d54ab2bdd2f60bf3a448afacf556599eb2bd&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=751093437&response-content-disposition=attachment%3B%20filename%3DNebulaAuth.1.4.9.zip&response-content-type=application%2Foctet-stream
IP
185.199.110.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.6 MB (8638973 bytes)
Hash
e0fee8598acc998d9ba21e82111c975a
b6ededee1e519796f7f243ee0644be6d5b390de5
0a150c810e88676120e4ffd9893c1cb604f2fcd9652fd917b20fbd503318f78e

Archive (49)

Filename

Md5

File type

Microsoft.Extensions.DependencyInjection.dll

7d40b6217fc409171015d905a22f8e85

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Logging.Abstractions.dll

f48c45d592355ecc709677347e7f053d

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Logging.dll

5d938dc7ea664a133622c549c75f34f9

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Options.dll

2f6f0c47136e38c0587d70b71d1b14fe

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Primitives.dll

f45226e320f41097397b1ba7468c2d1c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.IdentityModel.Abstractions.dll

c176b62b9ba413f3e24c7b83698e1063

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.IdentityModel.JsonWebTokens.dll

94b9fd93f14519e69140d3b8c2d8e42f

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.IdentityModel.Logging.dll

a5a351dadae70cd5d2a1ef1f4ac352a2

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.IdentityModel.Tokens.dll

9b8713cc489f32bfa4d26919cbc91984

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.Core.dll

36a26a59c3b124c90af32bd87fdc003a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.WinForms.dll

f3b14fd1def1e3b38a26a978bb32d283

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Web.WebView2.Wpf.dll

282550fcd256edcdd0a7067290a19c84

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Xaml.Behaviors.dll

ccb74157fc6351497a0f5f514a668169

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NebulaAuth.deps.json

c2557cfa0663ca5f823f3a914705c04b

JSON text data

NebulaAuth.dll

5dfc2a842a3d1f40d15f8cb3dc7de36a

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NebulaAuth.exe

6455e4c43b69ad667b5286ee41a7f11c

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

NebulaAuth.pdb

0eea2c88cec904b4ca642d53a5e6a5f6

Microsoft Roslyn C# debugging symbols version 1.0

NebulaAuth.runtimeconfig.json

07b9a30265ca4e69c7016a1b6e3ffc27

JSON text data

Newtonsoft.Json.dll

adf3e3eecde20b7c9661e9c47106a14a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NLog.config

12b9d3e064e2fe1a4f687fa414114fe3

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

NLog.dll

df75657b64bc76cec2a8beb3c042616b

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

NLog.Extensions.Logging.dll

ef954b8d36463033d1e2b146ace4582c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

protobuf-net.Core.dll

8ad7c12b2d3b20ad452c8b69f8258f15

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

protobuf-net.dll

b0d8807729d9e3347923cf84ba186633

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SteamLibForked.dll

6508608d3691bc5de4fbb4d7b55787d4

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SteamLibForked.pdb

5d7a423906e45029ba3be528b64ce604

Microsoft Roslyn C# debugging symbols version 1.0

System.IdentityModel.Tokens.Jwt.dll

64823a2a6a579a052945070b90969abb

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

AutoUpdater.NET.resources.dll

dc475d013af84e851cf5cf07d3b05db7

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

MaterialDesignExtensions.resources.dll

516b5ca33da24ba7edce5702b0ba6d06

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

WebView2Loader.dll

ac3f570dacb9d4559600ed7b9e9a7a46

PE32+ executable (DLL) (console) Aarch64, for MS Windows, 8 sections

WebView2Loader.dll

c2c3cd4eb17ebfc0b64f517a60ba3979

PE32+ executable (DLL) (console) x86-64, for MS Windows, 11 sections

WebView2Loader.dll

952e26b46db747c4f00cc6a59e082393

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 7 sections

AchiesUtilities.dll

217dd32fd15914d53f5a0a9098c994d5

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

AchiesUtilities.Newtonsoft.JSON.dll

91a2ebeda0a23451c16192294fb1de01

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

AchiesUtilities.Web.dll

8236fbbf66a6e01b3ea67e7922a26a9c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

AutoUpdater.NET.dll

802559e6e297ccc03a2f5e89e9090da8

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

CodingSeb.Localization.dll

7fb106da1717bd4e266ebafff4fe09b1

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

CodingSeb.Localization.FodyAddin.dll

0352aad17836497a8386cbf7998fcf5a

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

CodingSeb.Localization.JsonFileLoader.dll

337e5ae1e105fe0f218042bc965df021

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

CodingSeb.Localization.WPF.dll

6fd713ab024e1ca3381d5776faf73045

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

CommunityToolkit.Mvvm.dll

d6f719a63d795a3cfac0d85815d472f1

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

HtmlAgilityPack.dll

5629e004b68635f9e71c81dbc626bab6

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

JetBrains.Annotations.dll

4070dbd7e4f189212aee684204c0d56f

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

localization.loc.json

0a0b06184b263e04b305d6412d5cc1fc

JSON text data

MaterialDesignColors.dll

6f36e4d6808250f5591734f93fb2e1f2

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

MaterialDesignExtensions.dll

f5a13a2ec6b7d668474463b2eb429a3c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

MaterialDesignThemes.Wpf.dll

82133a3f99d3338f77b2508537ad196c

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.Configuration.Abstractions.dll

e1f852e450395bd9cad83625ca41afab

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Microsoft.Extensions.DependencyInjection.Abstractions.dll

38236f9c2408bda46c13efef364326fe

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 1/68

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/achiez/NebulaAuth-Steam-Desktop-Authenticator-by-Achies/releases/download/1.4.9/NebulaAuth.1.4.9.zip

140.82.121.4

302 Found

0 B

URL User Request GET HTTP/2
github.com/achiez/NebulaAuth-Steam-Desktop-Authenticator-by-Achies/releases/download/1.4.9/NebulaAuth.1.4.9.zip
IP
140.82.121.4:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /achiez/NebulaAuth-Steam-Desktop-Authenticator-by-Achies/releases/download/1.4.9/NebulaAuth.1.4.9.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Sat, 27 Apr 2024 03:19:22 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/751093437/ec118b36-1787-46f0-9455-45e31132ab78?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240427%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240427T031922Z&X-Amz-Expires=300&X-Amz-Signature=2af008a9bf6ab5ffa577385942e5d54ab2bdd2f60bf3a448afacf556599eb2bd&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=751093437&response-content-disposition=attachment%3B%20filename%3DNebulaAuth.1.4.9.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 86B3:1019A5:29993F9:2A3AC85:662C6EBA
X-Firefox-Spdy: h2

objects.githubusercontent.com/github-production-release-asset-2e65be/751093437/ec118b36-1787-46f0-9455-45e31132ab78?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240427%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240427T031922Z&X-Amz-Expires=300&X-Amz-Signature=2af008a9bf6ab5ffa577385942e5d54ab2bdd2f60bf3a448afacf556599eb2bd&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=751093437&response-content-disposition=attachment%3B%20filename%3DNebulaAuth.1.4.9.zip&response-content-type=application%2Foctet-stream

185.199.110.133

200 OK

8.6 MB

URL User Request GET HTTP/2
objects.githubusercontent.com/github-production-release-asset-2e65be/751093437/ec118b36-1787-46f0-9455-45e31132ab78?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240427%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240427T031922Z&X-Amz-Expires=300&X-Amz-Signature=2af008a9bf6ab5ffa577385942e5d54ab2bdd2f60bf3a448afacf556599eb2bd&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=751093437&response-content-disposition=attachment%3B%20filename%3DNebulaAuth.1.4.9.zip&response-content-type=application%2Foctet-stream
IP
185.199.110.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.6 MB (8638973 bytes)
Hash
e0fee8598acc998d9ba21e82111c975a
b6ededee1e519796f7f243ee0644be6d5b390de5
0a150c810e88676120e4ffd9893c1cb604f2fcd9652fd917b20fbd503318f78e

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/68

HTTP Headers

GET /github-production-release-asset-2e65be/751093437/ec118b36-1787-46f0-9455-45e31132ab78?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240427%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240427T031922Z&X-Amz-Expires=300&X-Amz-Signature=2af008a9bf6ab5ffa577385942e5d54ab2bdd2f60bf3a448afacf556599eb2bd&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=751093437&response-content-disposition=attachment%3B%20filename%3DNebulaAuth.1.4.9.zip&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Wed, 24 Apr 2024 23:59:53 GMT
etag: "0x8DC64BAA2912A76"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 578ac618-a01e-001c-6ca3-96b335000000
x-ms-version: 2020-10-02
x-ms-creation-time: Wed, 24 Apr 2024 23:59:53 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=NebulaAuth.1.4.9.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 0
date: Sat, 27 Apr 2024 03:19:23 GMT
x-served-by: cache-iad-kiad7000140-IAD, cache-hel1410026-HEL
x-cache: HIT, MISS
x-cache-hits: 7, 0
x-timer: S1714187963.975652,VS0,VE552
content-length: 8638973
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (49)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers