Report Overview
Submitted URL
github.com/ripsscanner/rips/archive/refs/tags/v0.55.zip
IP
140.82.121.4
ASN
#36459 GITHUB
Submitted
2024-05-10 11:55:42
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4
Domain Summary
Domain / FQDN | Rank | Registered | First Seen | Last Seen | Sent | Received | IP |
---|---|---|---|---|---|---|---|
codeload.github.com | 62359 | 2007-10-09 | 2013-04-18 | 2024-05-08 | 512 B | 138 kB | 140.82.121.10 |
github.com | 1423 | 2007-10-09 | 2016-07-13 | 2024-03-24 | 509 B | 3.5 kB | 140.82.121.4 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
Files detected
URL
codeload.github.com/ripsscanner/rips/zip/refs/tags/v0.55
IP
140.82.121.10
ASN
#36459 GITHUB
File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
137 kB (137037 bytes)
Hash
a812a4c8227290a7bd24785f77e88945
2c6ccebf2ae0c5e37bd15cfef439b6a2ef180a84
Archive (40)
Filename | Md5 | File type | ||||||
---|---|---|---|---|---|---|---|---|
CHANGELOG | b8556f56c85f3acbc7ecca8118ec94c4
| ASCII text | ||||||
LICENSE | d32239bcb673463ab874e80d47fae504 | ASCII text | ||||||
general.php | 16549226ae7eb9505e5b480d56a65919 | PHP script, ASCII text | ||||||
help.php | ee883a7a1f10afe20fa3b07a2ca4d88d
| PHP script, ASCII text, with very long lines (583) | ||||||
info.php | 7c786e5aac1db20996c084160cf5ff44 | PHP script, ASCII text | ||||||
securing.php | c16095c8d0f474db4d6d60b4153d5eb9 | PHP script, ASCII text | ||||||
sinks.php | 59f3b95cff44a4962c361802f1078063 | PHP script, ASCII text | ||||||
sources.php | 79f77ea81d1946effdec7bae5d9e6512 | PHP script, ASCII text | ||||||
tokens.php | 555542863651d6f543358fd2201c5266 | PHP script, ASCII text | ||||||
ayti.css | ba69accf1027851d2305b92fd65eaec5 | ASCII text | ||||||
barf.css | 5320383716cabf94e76d3078e0a67080 | ASCII text | ||||||
code-dark.css | c7e672c2b6fd0041dae5595b4a667bb3 | ASCII text | ||||||
espresso.css | 30fcd0ef60710353a1e887f621e71abd | ASCII text | ||||||
notepad++.css | 28793d913b557669d22d625c51fb3486 | assembler source, ASCII text | ||||||
phps.css | 5016086eb287e80d2713aa5866797c6a | assembler source, ASCII text | ||||||
print.css | 74f71be406bd6e24dd764d5fc44111ec | ASCII text | ||||||
rips.css | 8e5def15906a52113cfc927f6b9d92c3 | assembler source, ASCII text, with very long lines (1241) | ||||||
rips.png | 4e1a0a77e077b7dcfb29e8d68fcd622b | PNG image data, 122 x 52, 8-bit/color RGBA, non-interlaced | ||||||
scanning.gif | 5e2dd099285a1564bd757c6d0d733c78 | GIF image data, version 89a, 91 x 121 | ||||||
term.css | 1e4dd234e9603f8f78675e0a700ed77f | ASCII text | ||||||
twilight.css | 942bc2d0052d158e903167e7464f1867 | ASCII text | ||||||
index.php | 3b8dafd98f1596b6f0d6280ec3cbdfb1 | PHP script, ASCII text, with very long lines (480) | ||||||
exploit.js | 3faaa77e311f876f8d9df5c05e203067 | ASCII text | ||||||
hotpatch.js | a3c13aacb45a6790a7add3e710533156 | ASCII text | ||||||
netron.js | 3129bfa233e0afb168c3df2baf2a741d | ASCII text | ||||||
script.js | 5f0957e5cc3557e4f7d9597e1d4a9b89 | ASCII text | ||||||
analyzer.php | 0e469301f3d5456ef98b775467387fbc | PHP script, ASCII text | ||||||
constructer.php | 208eed47c9c8444268cff77b75965b5b | PHP script, ASCII text | ||||||
filer.php | 871fc6d87760d4607744a996c8d3823d | PHP script, ASCII text | ||||||
printer.php | 9fc129e273043b2c64d33951eeb18eb7 | PHP script, ASCII text, with very long lines (383) | ||||||
scanner.php | 988195856ad911022a5a2f62c0a50b5c | PHP script, ASCII text, with very long lines (359) | ||||||
searcher.php | ccaf5c04be172b13175ca981d0072cb8 | PHP script, ASCII text | ||||||
tokenizer.php | 79a08d976f79f96326c811bca7a9f437 | PHP script, ASCII text | ||||||
main.php | 0a168fcd5661e4c412c01baff472a7d4 | PHP script, ASCII text, with very long lines (388) | ||||||
code.php | 189365d94b63e8538b027a569773d2fd | HTML document, ASCII text | ||||||
exploit.php | 32064a8c44e605892ffeb0f3f7866d04 | PHP script, ASCII text | ||||||
function.php | 3df991bb6c78c64650544d3ceb78976c | HTML document, ASCII text | ||||||
help.php | 2c231b80b7e58ac0d20d87c9cfcda4b5 | PHP script, ASCII text | ||||||
hotpatch.php | ead16d578faf7dafa0a8267b36d46971 | PHP script, ASCII text | ||||||
leakscan.php | cde58660a3dccc6fec35e9584896ca5d | PHP script, ASCII text |
Detections
Analyzer | Verdict | Alert |
---|---|---|
Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input |
Public Nextron YARA rules | malware | php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings |
Public Nextron YARA rules | malware | Generic PHP webshell which uses any eval/exec function in the same line with user input |
VirusTotal | suspicious |
JavaScript (0)
HTTP Transactions (2)
URL | IP | Response | Size | |||||||
---|---|---|---|---|---|---|---|---|---|---|
github.com/ripsscanner/rips/archive/refs/tags/v0.55.zip | 140.82.121.4 | 302 Found | 0 B | |||||||
HTTP Headers
| ||||||||||
codeload.github.com/ripsscanner/rips/zip/refs/tags/v0.55 | 140.82.121.10 | 200 OK | 137 kB | |||||||
Detections
HTTP Headers
| ||||||||||