Report - github.com/Flowseal/zapret-discord-youtube/archive/refs/heads/main.zip

Report Overview

Visited public
2024-10-09 09:58:25
Tags
URL
github.com/Flowseal/zapret-discord-youtube/archive/refs/heads/main.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.4
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

5

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
codeload.github.com	62359	2007-10-09	2013-04-18 13:49:11	2024-10-08 13:51:08	525 B	1.2 MB	140.82.121.10
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-10-07 19:37:45	1.3 kB	3.5 kB	23.33.119.27
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-07 19:37:44	1.3 kB	3.6 kB	23.36.77.32
github.com	1423	2007-10-09	2016-07-13 12:28:22	2024-09-30 08:19:04	524 B	3.9 kB	140.82.121.4

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/Flowseal/zapret-discord-youtube/zip/refs/heads/main
IP
140.82.121.10
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.2 MB (1190660 bytes)
Hash
3408b063de31f5b30e088eebf9682881
bcae0fc15a8d56687f23488cc09a4a90b1124ff6
db9b600a916bbaa59dbe08b87bc33041c296997be013e3dbc4b35d2b47ebce7f

Archive (14)

Filename

Md5

File type

README.md

b6a1119432f4a5ff1510cd140583347a

Unicode text, UTF-8 text

WinDivert.dll

b2014d33ee645112d5dc16fe9d9fcbff

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

WinDivert64.sys

89ed5be7ea83c01d0de33d3519944aa5

PE32+ executable (native) x86-64, for MS Windows, 8 sections

cygwin1.dll

c50b50303fae4afe7248307339a00d13

PE32+ executable (DLL) (console) x86-64, for MS Windows, 3 sections

discord.bat

92bd2198b52fa1f69424fb254ef69e2a

ASCII text, with CRLF line terminators

discord_youtube.bat

d142d810c39ba859f5904d4cc3386eb2

ASCII text, with CRLF line terminators

list-discord.txt

6b11a60838a26a7b78f366036ac5e945

ASCII text, with CRLF line terminators

list-general.txt

973ce9fd99ce984a7c4ed77d41acaf3b

ASCII text, with CRLF line terminators

quic_initial_www_google_com.bin

312526d39958d89b1f8ab67789ab985f

data

service_discord.bat

22b7b6c45e0daee0b4c57976b7b97715

ASCII text, with CRLF line terminators

service_discord_youtube.bat

03eb7e8bb876160ad50c8cb667f6947d

ASCII text, with CRLF line terminators

service_remove.bat

2b13379ee5f8beb73328aaad75595a37

ASCII text

tls_clienthello_www_google_com.bin

7ab7ad857c5b8794fbdf1091b494dc94

data

winws.exe

8c624e64742bc19447d52f61edec52db

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects WinDivert User-Mode packet capturing driver
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	suspicious	VirusTotal - Scan result 3/65

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c3fbe0b62fa278b1a007491908bb16f2
2ae17f1c5ae52ff197923ec0189f34ad3f43e645
a4eca96abeac5f2760f850db06e2fa5bf29dc017d9d33eabf73943fa4bb94197

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A4ECA96ABEAC5F2760F850DB06E2FA5BF29DC017D9D33EABF73943FA4BB94197"
Last-Modified: Wed, 09 Oct 2024 04:48:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14294
Expires: Wed, 09 Oct 2024 13:56:09 GMT
Date: Wed, 09 Oct 2024 09:57:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7338853386defad2f045b3bee05dd9c8
6aaf1269eb3b9e16629c1b20652ee2dbd12c7182
50b50dc294c0c33b05390bd82ad7a823a64b8c24a0de5b92b770e8cfd4e5259f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "50B50DC294C0C33B05390BD82AD7A823A64B8C24A0DE5B92B770E8CFD4E5259F"
Last-Modified: Tue, 08 Oct 2024 04:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5451
Expires: Wed, 09 Oct 2024 11:28:46 GMT
Date: Wed, 09 Oct 2024 09:57:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
46338129794811f186a0b7a4f44fa3ec
f2e9fd21618da6188e9b28d1abaf563cabf4d29d
c062cb8b7804448db2cfb7aec7389f996d3c14fe2699a038ab536c7e0a99ae88

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C062CB8B7804448DB2CFB7AEC7389F996D3C14FE2699A038AB536C7E0A99AE88"
Last-Modified: Tue, 08 Oct 2024 04:15:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13345
Expires: Wed, 09 Oct 2024 13:40:20 GMT
Date: Wed, 09 Oct 2024 09:57:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
31fc782bf1efb76a7251d3e45007b986
7cfef07644e0e4aad99bfa3dd10cf975f7c06f89
663061e811010828ed222146cbb81114a49ba635f6c6547f3601ae0c3de1409d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "663061E811010828ED222146CBB81114A49BA635F6C6547F3601AE0C3DE1409D"
Last-Modified: Tue, 08 Oct 2024 04:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16888
Expires: Wed, 09 Oct 2024 14:39:23 GMT
Date: Wed, 09 Oct 2024 09:57:55 GMT
Connection: keep-alive

github.com/Flowseal/zapret-discord-youtube/archive/refs/heads/main.zip

140.82.121.4

302 Found

0 B

URL User Request GET HTTP/2
github.com/Flowseal/zapret-discord-youtube/archive/refs/heads/main.zip
IP
140.82.121.4:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Flowseal/zapret-discord-youtube/archive/refs/heads/main.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Wed, 09 Oct 2024 09:57:56 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://codeload.github.com/Flowseal/zapret-discord-youtube/zip/refs/heads/main
cache-control: max-age=0, private
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 5EBE:2C79D9:BB7DF1:BDDACE:670653A3
X-Firefox-Spdy: h2

codeload.github.com/Flowseal/zapret-discord-youtube/zip/refs/heads/main

140.82.121.10

200 OK

1.2 MB

URL User Request GET HTTP/2
codeload.github.com/Flowseal/zapret-discord-youtube/zip/refs/heads/main
IP
140.82.121.10:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subject*.github.com
Fingerprint0D:F6:EC:50:FA:ED:AE:6E:13:AF:82:94:52:F7:11:1B:0A:CF:7C:20
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
1.2 MB (1190660 bytes)
Hash
3408b063de31f5b30e088eebf9682881
bcae0fc15a8d56687f23488cc09a4a90b1124ff6
db9b600a916bbaa59dbe08b87bc33041c296997be013e3dbc4b35d2b47ebce7f

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 3/65

HTTP Headers

GET /Flowseal/zapret-discord-youtube/zip/refs/heads/main HTTP/1.1
Host: codeload.github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=zapret-discord-youtube-main.zip
content-length: 1190660
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
cross-origin-resource-policy: cross-origin
etag: W/"cdf6e75b7d2d9080eb23ca30ef58cdb9ae196e428ef50976a8653b5c7878d9f8"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
date: Wed, 09 Oct 2024 09:57:56 GMT
x-github-request-id: A502:3B8A50:48834D:568EA2:670653A4
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3cf5b831394346ce92389a4b14031e7e
661e683ac2694009198b44080ade347ab3ae2e77
e18c33da95cba38655a2fa56a25be87e85c332776b1f8bd5bfc9fa05fc94a5a7

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E18C33DA95CBA38655A2FA56A25BE87E85C332776B1F8BD5BFC9FA05FC94A5A7"
Last-Modified: Tue, 08 Oct 2024 15:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3318
Expires: Wed, 09 Oct 2024 10:53:15 GMT
Date: Wed, 09 Oct 2024 09:57:57 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3cf5b831394346ce92389a4b14031e7e
661e683ac2694009198b44080ade347ab3ae2e77
e18c33da95cba38655a2fa56a25be87e85c332776b1f8bd5bfc9fa05fc94a5a7

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E18C33DA95CBA38655A2FA56A25BE87E85C332776B1F8BD5BFC9FA05FC94A5A7"
Last-Modified: Tue, 08 Oct 2024 15:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3318
Expires: Wed, 09 Oct 2024 10:53:15 GMT
Date: Wed, 09 Oct 2024 09:57:57 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3cf5b831394346ce92389a4b14031e7e
661e683ac2694009198b44080ade347ab3ae2e77
e18c33da95cba38655a2fa56a25be87e85c332776b1f8bd5bfc9fa05fc94a5a7

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E18C33DA95CBA38655A2FA56A25BE87E85C332776B1F8BD5BFC9FA05FC94A5A7"
Last-Modified: Tue, 08 Oct 2024 15:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3318
Expires: Wed, 09 Oct 2024 10:53:15 GMT
Date: Wed, 09 Oct 2024 09:57:57 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
3cf5b831394346ce92389a4b14031e7e
661e683ac2694009198b44080ade347ab3ae2e77
e18c33da95cba38655a2fa56a25be87e85c332776b1f8bd5bfc9fa05fc94a5a7

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E18C33DA95CBA38655A2FA56A25BE87E85C332776B1F8BD5BFC9FA05FC94A5A7"
Last-Modified: Tue, 08 Oct 2024 15:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3318
Expires: Wed, 09 Oct 2024 10:53:15 GMT
Date: Wed, 09 Oct 2024 09:57:57 GMT
Connection: keep-alive