Report - nightly.link/rcmaehl/WhyNotWin11/workflows/wnw11/main/WNW11.zip

Report Overview

Submitted URL
nightly.link/rcmaehl/WhyNotWin11/workflows/wnw11/main/WNW11.zip
IP
45.32.185.199
ASN
#20473 AS-CHOOPA
Submitted
2024-05-08 00:50:43
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
nightly.link	unknown	2020-11-23	2020-11-23	2024-04-17	517 B	466 B	45.32.185.199
pipelinesghubeus25.actions.githubusercontent.com	unknown	2014-02-06	2023-08-22	2024-04-30	753 B	2.0 MB	20.72.125.48

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
pipelinesghubeus25.actions.githubusercontent.com/bPvGbUNZ1499qEG4k0HVp81iUo4L9bXSJTSgOND25p5lln26yw/_apis/pipelines/1/runs/1294/signedartifactscontent?artifactName=WNW11&urlExpires=2024-05-08T00%3A50%3A59.2485770Z&urlSigningMethod=HMACV2&urlSignature=eH7hNhElozcUWKPEjGijgGbrJU4AaE02cpt%2BaZWB96E%3D
IP
20.72.125.48
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
2.0 MB (1993086 bytes)
Hash
274af243a90108b3544350e8f2a49e51
bca43d1f0c80a4b93f129acb15371a3c5d62f283
9bc0305499aeecd6d10b8d5e693a70eac550abafd76620806e42a5497b842fba

Archive (3)

Filename

Md5

File type

checksums.sha256

017e5a31bab221077d0da93595b26fe6

ASCII text

WhyNotWin11.exe

97e6a7c01c86cf5b6eb388cecea2b5e0

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

WhyNotWin11_x86.exe

19f866c10aeaeded9182c763eee69e6a

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).
Public InfoSec YARA rules	malware	Identifies compiled AutoIT script (as EXE).

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	nightly.link/rcmaehl/WhyNotWin11/workflows/wnw11/main/WNW11.zip	45.32.185.199	302 Found	0 B
URL User Request GET HTTP/1.1 nightly.link/rcmaehl/WhyNotWin11/workflows/wnw11/main/WNW11.zip IP 45.32.185.199:443 ASN #20473 AS-CHOOPA Certificate IssuerLet's Encrypt Subjectnightly.link Fingerprint1E:78:94:01:E7:52:FE:EC:43:05:29:B2:21:2B:B7:FC:16:C7:07:95 ValidityTue, 30 Apr 2024 21:58:22 GMT - Mon, 29 Jul 2024 21:58:21 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /rcmaehl/WhyNotWin11/workflows/wnw11/main/WNW11.zip HTTP/1.1 Host: nightly.link User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 302 Found Server: nginx/1.22.1 Date: Wed, 08 May 2024 00:50:17 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Location: https://pipelinesghubeus25.actions.githubusercontent.com/bPvGbUNZ1499qEG4k0HVp81iUo4L9bXSJTSgOND25p5lln26yw/_apis/pipelines/1/runs/1294/signedartifactscontent?artifactName=WNW11&urlExpires=2024-05-08T00%3A50%3A59.2485770Z&urlSigningMethod=HMACV2&urlSignature=eH7hNhElozcUWKPEjGijgGbrJU4AaE02cpt%2BaZWB96E%3D`

	pipelinesghubeus25.actions.githubusercontent.com/bPvGbUNZ1499qEG4k0HVp81iUo4L9bXSJTSgOND25p5lln26yw/_apis/pipelines/1/runs/1294/signedartifactscontent?artifactName=WNW11&urlExpires=2024-05-08T00%3A50%3A59.2485770Z&urlSigningMethod=HMACV2&urlSignature=eH7hNhElozcUWKPEjGijgGbrJU4AaE02cpt%2BaZWB96E%3D	20.72.125.48	200 OK	2.0 MB
URL User Request GET HTTP/1.1 pipelinesghubeus25.actions.githubusercontent.com/bPvGbUNZ1499qEG4k0HVp81iUo4L9bXSJTSgOND25p5lln26yw/_apis/pipelines/1/runs/1294/signedartifactscontent?artifactName=WNW11&urlExpires=2024-05-08T00%3A50%3A59.2485770Z&urlSigningMethod=HMACV2&urlSignature=eH7hNhElozcUWKPEjGijgGbrJU4AaE02cpt%2BaZWB96E%3D IP 20.72.125.48:443 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Certificate IssuerDigiCert Inc Subject.actions.githubusercontent.com Fingerprint3E:A8:0E:90:2F:C3:85:F3:6B:C0:81:93:FB:C6:78:20:2D:57:29:94 ValidityWed, 20 Sep 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 2.0 MB (1993086 bytes) Hash 274af243a90108b3544350e8f2a49e51 bca43d1f0c80a4b93f129acb15371a3c5d62f283 9bc0305499aeecd6d10b8d5e693a70eac550abafd76620806e42a5497b842fba HTTP Headers GET /bPvGbUNZ1499qEG4k0HVp81iUo4L9bXSJTSgOND25p5lln26yw/_apis/pipelines/1/runs/1294/signedartifactscontent?artifactName=WNW11&urlExpires=2024-05-08T00%3A50%3A59.2485770Z&urlSigningMethod=HMACV2&urlSignature=eH7hNhElozcUWKPEjGijgGbrJU4AaE02cpt%2BaZWB96E%3D HTTP/1.1 Host: pipelinesghubeus25.actions.githubusercontent.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Content-Type: application/zip Date: Wed, 08 May 2024 00:50:17 GMT Server: Kestrel Cache-Control: no-store,no-cache Pragma: no-cache Transfer-Encoding: chunked Strict-Transport-Security: max-age=2592000 X-TFS-ProcessId: 4b3e6e21-794b-43c8-b7ec-5678be3c9c23 ActivityId: 6bfce2ab-f4c2-4c99-bdaa-d7ba96ff8216 X-TFS-Session: 6bfce2ab-f4c2-4c99-bdaa-d7ba96ff8216 X-VSS-E2EID: 6bfce2ab-f4c2-4c99-bdaa-d7ba96ff8216 X-VSS-SenderDeploymentId: 1139089e-89fd-ce7a-6851-1ac6328a300e Content-Disposition: attachment; filename=WNW11.zip; filename=UTF-8''WNW11.zip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (3)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers