Report - github.com/corpnewt/USBMap/archive/master.zip

Report Overview

Visited public
2024-06-21 01:31:42
Tags
URL
github.com/corpnewt/USBMap/archive/master.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.3
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-20 18:12:07	1.6 kB	4.4 kB	23.36.77.32
github.com	1423	2007-10-09	2016-07-13 12:28:22	2024-06-20 19:23:27	499 B	3.5 kB	140.82.121.3
codeload.github.com	62359	2007-10-09	2013-04-18 13:49:11	2024-06-13 15:11:51	513 B	619 kB	140.82.121.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/corpnewt/USBMap/zip/refs/heads/master
IP
140.82.121.10
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
618 kB (618244 bytes)
Hash
e488d44761f2f477c6cb3b63a9a771d6
2757584ce5ac1c54be84eb3dd3f17fb98886a5ab
dd046117a75d3ccfff9561840feeb95b3e252dc006eb2c263cd9076ea3958354

Archive (19)

Filename

Md5

File type

.gitattributes

aba76f6f4814c73c1effe0d037ac8302

ASCII text

.gitignore

8c53b7fd8530d248e8f35f7b603cfd6f

ASCII text

Information.md

0e5d567d8e902e4a0aae34e274f8fe27

Unicode text, UTF-8 text, with very long lines (1017)

LICENSE

d4eae1fe11ccc421907c2ef5f31aa1d6

ASCII text

README.md

db1d3c1ee5a58a077fe718873a3ce56d

Unicode text, UTF-8 text, with very long lines (537)

__init__.py

a2776c3b8a985f2b01bbd22e8ed5bc9c

Python script, ASCII text executable

ioreg.py

0d996502080ceffec3646dfeb834ca04

Python script, ASCII text executable, with CRLF line terminators

plist.py

1fc08f8765d06341c59f666237bb2a38

Python script, ASCII text executable

reveal.py

5f80514e59a4fdfb26a8cd664b9613dc

Python script, ASCII text executable

run.py

b96f5da65594328d810696f0bd5cc132

Python script, ASCII text executable, with CRLF line terminators

utils.py

602bb4b03fea260f79f36ff0a186ec6f

Python script, ASCII text executable

USBMap.command

97d9f4ce34c2c9a3aee32df6dc52b30f

Bourne-Again shell script, ASCII text executable

USBMap.py

3848d77baa0397030cd9f6ae775a6ea8

Python script, ASCII text executable

USBMapInjectorEdit.bat

f01ab6e699858aad7127bd1125c55b50

DOS batch file, ASCII text, with very long lines (679), with CRLF line terminators

USBMapInjectorEdit.command

97d9f4ce34c2c9a3aee32df6dc52b30f

Bourne-Again shell script, ASCII text executable

USBMapInjectorEdit.py

2ce90811a2054c331b268c8ed7aaaf23

Python script, ASCII text executable

USB3.png

5f4302d720865bf1bb2806f37a0f42be

PNG image data, 600 x 450, 8-bit/color RGBA, non-interlaced

imac171.png

0aecb3a341a43a539bbdd2dcd6b1c05e

PNG image data, 1003 x 620, 8-bit/color RGBA, non-interlaced

look-sir-ports.png

04ae0c1637d88465363d4902f2a61f48

PNG image data, 512 x 270, 8-bit/color RGB, non-interlaced

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects suspicious PowerShell code that downloads from web sites

JavaScript (0)

HTTP Transactions (7)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 6d997a3e4c838d12e34de2dd2d4208c3 386abb53e2df86f291b6a86765d9a6feb88ba30b 32e00abd54407308b80a14e2916a119d95d90b1e7842f8cf0e87df306287869c HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "32E00ABD54407308B80A14E2916A119D95D90B1E7842F8CF0E87DF306287869C" Last-Modified: Thu, 20 Jun 2024 13:53:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14298 Expires: Fri, 21 Jun 2024 05:29:34 GMT Date: Fri, 21 Jun 2024 01:31:16 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash c0fde0756f59aaa5fa85a62f5f528e74 3c2d990e14054ee3b407cc37d77e255533d91ed6 ca44d6619deb0e020993a84c6bfbf1993bf096b13863b706dc8a826499348276 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "CA44D6619DEB0E020993A84C6BFBF1993BF096B13863B706DC8A826499348276" Last-Modified: Wed, 19 Jun 2024 23:47:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=4654 Expires: Fri, 21 Jun 2024 02:48:50 GMT Date: Fri, 21 Jun 2024 01:31:16 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP 23.36.77.32:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 5a3268763aa8247d09e7b12f8a157bb5 fbddec6e9fb707501596ca331266c50e77e23f5b 6095004cca6c22ee09c33dc58574519973f162bb1ee183856ed65675281d551c HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "6095004CCA6C22EE09C33DC58574519973F162BB1EE183856ED65675281D551C" Last-Modified: Wed, 19 Jun 2024 16:21:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=18840 Expires: Fri, 21 Jun 2024 06:45:17 GMT Date: Fri, 21 Jun 2024 01:31:17 GMT Connection: keep-alive`

	github.com/corpnewt/USBMap/archive/master.zip	140.82.121.3	302 Found	0 B
URL User Request GET HTTP/2 github.com/corpnewt/USBMap/archive/master.zip IP 140.82.121.3:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subjectgithub.com FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /corpnewt/USBMap/archive/master.zip HTTP/1.1 Host: github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 302 Found server: GitHub.com date: Fri, 21 Jun 2024 01:31:17 GMT content-type: text/html; charset=utf-8 vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With location: https://codeload.github.com/corpnewt/USBMap/zip/refs/heads/master cache-control: max-age=0, private strict-transport-security: max-age=31536000; includeSubdomains; preload x-frame-options: deny x-content-type-options: nosniff x-xss-protection: 0 referrer-policy: no-referrer-when-downgrade content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions .actions.githubusercontent.com wss://.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ content-length: 0 x-github-request-id: 7170:3FE580:5AD90:5DDEF:6674D7E5 X-Firefox-Spdy: h2

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 6720792332fb717894b4e5221fdc3d86 f79b1d3611fb53cea950acb15000473ae7174149 67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965" Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6114 Expires: Fri, 21 Jun 2024 03:13:13 GMT Date: Fri, 21 Jun 2024 01:31:19 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.76.226		504 B
URL r10.o.lencr.org/ IP 23.36.76.226:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 6720792332fb717894b4e5221fdc3d86 f79b1d3611fb53cea950acb15000473ae7174149 67dd6ffe107c77c5f8bea4a3d6771b6026efc51bd4a9b26c66c8791c1ef48965 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "67DD6FFE107C77C5F8BEA4A3D6771B6026EFC51BD4A9B26C66C8791C1EF48965" Last-Modified: Thu, 20 Jun 2024 17:32:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6114 Expires: Fri, 21 Jun 2024 03:13:13 GMT Date: Fri, 21 Jun 2024 01:31:19 GMT Connection: keep-alive`

	codeload.github.com/corpnewt/USBMap/zip/refs/heads/master	140.82.121.10	200 OK	618 kB
URL User Request GET HTTP/2 codeload.github.com/corpnewt/USBMap/zip/refs/heads/master IP 140.82.121.10:443 ASN #36459 GITHUB Certificate IssuerSectigo Limited Subject.github.com Fingerprint0D:F6:EC:50:FA:ED:AE:6E:13:AF:82:94:52:F7:11:1B:0A:CF:7C:20 ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 618 kB (618244 bytes) Hash e488d44761f2f477c6cb3b63a9a771d6 2757584ce5ac1c54be84eb3dd3f17fb98886a5ab dd046117a75d3ccfff9561840feeb95b3e252dc006eb2c263cd9076ea3958354 HTTP Headers `GET /corpnewt/USBMap/zip/refs/heads/master HTTP/1.1 Host: codeload.github.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK access-control-allow-origin: https://render.githubusercontent.com content-disposition: attachment; filename=USBMap-master.zip content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox content-type: application/zip cross-origin-resource-policy: cross-origin etag: W/"a75b94ffac014ab809a3ae639f2e4528fb3a612f6bf9adb7677a0ca34b6b2c69" strict-transport-security: max-age=31536000 vary: Authorization,Accept-Encoding,Origin x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block date: Fri, 21 Jun 2024 01:31:17 GMT x-github-request-id: 3DED:347CDC:FDEA6:13D540:6674D7E5 X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (19)

Detections

JavaScript (0)

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers