Report Overview
Visitedpublic
2024-10-09 09:58:25
Tags
Submit Tags
URL
github.com/Flowseal/zapret-discord-youtube/archive/refs/heads/main.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.4
Title
about:privatebrowsing
Detections
urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
codeload.github.com 1 alert(s) on this Domain | 62359 | 2007-10-09 | 2013-04-18 13:49:11 | 2024-10-08 13:51:08 | 525 B | 1.2 MB | 140.82.121.10 | |
r11.o.lencr.org | unknown | 2020-06-29 | 2024-06-07 07:43:57 | 2024-10-07 19:37:45 | 1.3 kB | 3.5 kB |  23.33.119.27 | |
r10.o.lencr.org | unknown | 2020-06-29 | 2024-06-06 21:45:11 | 2024-10-07 19:37:44 | 1.3 kB | 3.6 kB | 23.36.77.32 | |
github.com | 1423 | 2007-10-09 | 2016-07-13 12:28:22 | 2024-09-30 08:19:04 | 524 B | 3.9 kB | 140.82.121.4 |
Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
No alerts detected
Threat Detection Systems
Public InfoSec YARA rules
No alerts detected
OpenPhish
No alerts detected
PhishTank
No alerts detected
mnemonic secure dns
No alerts detected
Quad9 DNS
No alerts detected
ThreatFox
No alerts detected
File detected
URL
codeload.github.com/Flowseal/zapret-discord-youtube/zip/refs/heads/main
IP / ASN
140.82.121.10
File Overview
File TypeZip archive data, at least v1.0 to extract, compression method=store
Size1.2 MB (1190660 bytes)
MD53408b063de31f5b30e088eebf9682881
SHA1bcae0fc15a8d56687f23488cc09a4a90b1124ff6
Archive (14)
| Filename | MD5 | File type |
|---|---|---|
| README.md | b6a1119432f4a5ff1510cd140583347a | Unicode text, UTF-8 text |
| WinDivert.dll | b2014d33ee645112d5dc16fe9d9fcbff | PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections |
| WinDivert64.sys | 89ed5be7ea83c01d0de33d3519944aa5 | PE32+ executable (native) x86-64, for MS Windows, 8 sections |
| cygwin1.dll | c50b50303fae4afe7248307339a00d13 | PE32+ executable (DLL) (console) x86-64, for MS Windows, 3 sections |
| discord.bat | 92bd2198b52fa1f69424fb254ef69e2a | ASCII text, with CRLF line terminators |
| discord_youtube.bat | d142d810c39ba859f5904d4cc3386eb2 | ASCII text, with CRLF line terminators |
| list-discord.txt | 6b11a60838a26a7b78f366036ac5e945 | ASCII text, with CRLF line terminators |
| list-general.txt | 973ce9fd99ce984a7c4ed77d41acaf3b | ASCII text, with CRLF line terminators |
| quic_initial_www_google_com.bin | 312526d39958d89b1f8ab67789ab985f | data |
| service_discord.bat | 22b7b6c45e0daee0b4c57976b7b97715 | ASCII text, with CRLF line terminators |
| service_discord_youtube.bat | 03eb7e8bb876160ad50c8cb667f6947d | ASCII text, with CRLF line terminators |
| service_remove.bat | 2b13379ee5f8beb73328aaad75595a37 | ASCII text |
| tls_clienthello_www_google_com.bin | 7ab7ad857c5b8794fbdf1091b494dc94 | data |
| winws.exe | 8c624e64742bc19447d52f61edec52db | PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections |
Detections
| Analyzer | Verdict | Alert |
|---|---|---|
| Public Nextron YARA rules | malware | Detects WinDivert User-Mode packet capturing driver |
| YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe |
| VirusTotal | suspicious |
JavaScript (0)
No JavaScripts
HTTP Transactions (10)
| URL | IP | Response | Size |
|---|