Report Overview

  1. Submitted URL

    github.com/andy-portmen/native-client/releases/download/0.9.5/windows.zip

  2. IP

    140.82.121.3

    ASN

    #36459 GITHUB

  3. Submitted

    2024-04-25 05:37:17

    Access

    public

  4. Website Title

    about:privatebrowsing

  5. Final URL

    about:privatebrowsing

  6. Tags

  7. urlquery detections

    No alerts detected

Detections

  2. urlquery

    0

  3. Network Intrusion Detection

    0

  4. Threat Detection Systems

    3

Domain Summary

Domain / FQDNRankRegisteredFirst SeenLast Seen
github.com14232007-10-092016-07-132024-03-24
objects.githubusercontent.com1340602014-02-062021-11-012024-04-24

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected


OpenPhish

No alerts detected


PhishTank

No alerts detected


mnemonic secure dns

No alerts detected


Quad9 DNS

No alerts detected


ThreatFox

No alerts detected


Files detected

  1. URL

    objects.githubusercontent.com/github-production-release-asset-2e65be/75613136/ee88abf3-f5a4-4255-b874-8104616726ad?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T053641Z&X-Amz-Expires=300&X-Amz-Signature=bdb116b52cdf6b66b1bc5ceb518929ce3254d158fc896d21c201bd5a932e0c5b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=75613136&response-content-disposition=attachment%3B%20filename%3Dwindows.zip&response-content-type=application%2Foctet-stream

  2. IP

    185.199.111.133

  3. ASN

    #54113 FASTLY

  1. File type

    Zip archive data, at least v1.0 to extract, compression method=store

    Size

    19 MB (18869820 bytes)

  2. Hash

    b9e7817e37d62621fbb13709416a0ca9

    347d88ba740f7179851bb081cc9318a00a10df5d

  1. Archive (11)

    2. FilenameMd5File type
    host.js
    e4904c2c342065799da9bcd8f7be990f
    		JavaScript source, ASCII text
    Writting
    ba7e4c5cca5f5588216448ada088cc1c
    		ASCII text, with CRLF line terminators
    config.js
    85b649365c98074f9c011bd8092a80aa
    		JavaScript source, ASCII text
    install.js
    7debc9f99cd9097a7dd7c2949b009e4a
    		JavaScript source, ASCII text
    messaging.js
    bd64f764db349a955ec8a2b44ee98d2d
    		JavaScript source, ASCII text
    follow-redirects.js
    f01453ee9b8d088303902dca0d779255
    		JavaScript source, Unicode text, UTF-8 text
    uninstall.bat
    f6de9a0dc385805e59826cbb0f086a22
    		DOS batch file, ASCII text, with CRLF line terminators
    install.bat
    c25ce99ca6c3ec6364c5fb8fce60fbee
    		DOS batch file, ASCII text, with CRLF line terminators
    ReadMe.txt
    54c91432366c51f359eadf8580a496db
    		ASCII text, with CRLF, LF line terminators
    node.exe
    ed5be0f7b8d8f9558974b714874845f8
    		PE32+ executable (console) x86-64, for MS Windows, 6 sections
    node.exe
    666d6775336a4d3b7c737f900d5d14ef
    		PE32 executable (console) Intel 80386, for MS Windows, 5 sections

    Detections

    AnalyzerVerdictAlert
    YARAhub by abuse.chmalware
    meth_get_eip
    YARAhub by abuse.chmalware
    meth_get_eip
    YARAhub by abuse.chmalware
    win_amadey_bytecodes_oct_2023

JavaScript (0)

HTTP Transactions (2)

URLIPResponseSize
github.com/andy-portmen/native-client/releases/download/0.9.5/windows.zip
140.82.121.3302 Found0 B
objects.githubusercontent.com/github-production-release-asset-2e65be/75613136/ee88abf3-f5a4-4255-b874-8104616726ad?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240425%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240425T053641Z&X-Amz-Expires=300&X-Amz-Signature=bdb116b52cdf6b66b1bc5ceb518929ce3254d158fc896d21c201bd5a932e0c5b&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=75613136&response-content-disposition=attachment%3B%20filename%3Dwindows.zip&response-content-type=application%2Foctet-stream
185.199.111.133200 OK19 MB