Report Overview
Visitedpublic
2024-10-09 09:58:25
Tags
Submit Tags
URL
github.com/Flowseal/zapret-discord-youtube/archive/refs/heads/main.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.4
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
5

Host Summary

HostRankRegisteredFirst SeenLast Seen
codeload.github.com
623592007-10-092013-04-18 13:49:112024-10-08 13:51:08
r11.o.lencr.org
unknown2020-06-292024-06-07 07:43:572024-10-07 19:37:45
r10.o.lencr.org
unknown2020-06-292024-06-06 21:45:112024-10-07 19:37:44
github.com
14232007-10-092016-07-13 12:28:222024-09-30 08:19:04

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


File detected

URL
codeload.github.com/Flowseal/zapret-discord-youtube/zip/refs/heads/main
IP / ASN
140.82.121.10
#36459 GITHUB
File Overview
File TypeZip archive data, at least v1.0 to extract, compression method=store
Size1.2 MB (1190660 bytes)
MD53408b063de31f5b30e088eebf9682881
SHA1bcae0fc15a8d56687f23488cc09a4a90b1124ff6
Archive (14)
FilenameMD5File type
README.mdb6a1119432f4a5ff1510cd140583347aUnicode text, UTF-8 text
WinDivert.dllb2014d33ee645112d5dc16fe9d9fcbffPE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections
WinDivert64.sys89ed5be7ea83c01d0de33d3519944aa5PE32+ executable (native) x86-64, for MS Windows, 8 sections
cygwin1.dllc50b50303fae4afe7248307339a00d13PE32+ executable (DLL) (console) x86-64, for MS Windows, 3 sections
discord.bat92bd2198b52fa1f69424fb254ef69e2aASCII text, with CRLF line terminators
discord_youtube.batd142d810c39ba859f5904d4cc3386eb2ASCII text, with CRLF line terminators
list-discord.txt6b11a60838a26a7b78f366036ac5e945ASCII text, with CRLF line terminators
list-general.txt973ce9fd99ce984a7c4ed77d41acaf3bASCII text, with CRLF line terminators
quic_initial_www_google_com.bin312526d39958d89b1f8ab67789ab985fdata
service_discord.bat22b7b6c45e0daee0b4c57976b7b97715ASCII text, with CRLF line terminators
service_discord_youtube.bat03eb7e8bb876160ad50c8cb667f6947dASCII text, with CRLF line terminators
service_remove.bat2b13379ee5f8beb73328aaad75595a37ASCII text
tls_clienthello_www_google_com.bin7ab7ad857c5b8794fbdf1091b494dc94data
winws.exe8c624e64742bc19447d52f61edec52dbPE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

Detections

AnalyzerVerdictAlert
Public Nextron YARA rulesmalware
Detects WinDivert User-Mode packet capturing driver
YARAhub by abuse.chmalware
files - file ~tmp01925d3f.exe
VirusTotalsuspicious

JavaScript (0)

HTTP Transactions (10)

URLIPResponseSize
r10.o.lencr.org/
23.36.77.32 504 B
r10.o.lencr.org/
23.36.77.32 504 B
r10.o.lencr.org/
23.36.77.32 504 B
r10.o.lencr.org/
23.36.77.32 504 B
GET github.com/Flowseal/zapret-discord-youtube/archive/refs/heads/main.zip
140.82.121.4302 Found0 B
GET codeload.github.com/Flowseal/zapret-discord-youtube/zip/refs/heads/main
140.82.121.10200 OK1.2 MB
r11.o.lencr.org/
23.33.119.27 504 B
r11.o.lencr.org/
23.33.119.27 504 B
r11.o.lencr.org/
23.33.119.27 504 B
r11.o.lencr.org/
23.33.119.27 504 B