Report - github.com/decalage2/oletools/archive/master.zip

Report Overview

Visited public
2024-09-25 20:36:58
Tags
URL
github.com/decalage2/oletools/archive/master.zip
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.4
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-25 18:12:29	1.3 kB	3.5 kB	23.36.76.249
github.com	1423	2007-10-09	2016-07-13 12:28:22	2024-09-25 08:25:48	502 B	3.9 kB	140.82.121.3
codeload.github.com	62359	2007-10-09	2013-04-18 13:49:11	2024-09-25 16:04:45	514 B	3.4 MB	140.82.121.10
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-25 18:12:04	654 B	1.8 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/decalage2/oletools/zip/refs/heads/master
IP
140.82.121.10
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.4 MB (3367200 bytes)
Hash
20caea15b3b75d3951265f1d57118f93
dcc5135fe570d1387c14d3d343b95be5bef7d808
98ac99b9175621a60cd176ef7dc933026d1e420e76d43e413050e3f0b9225dc5

Archive (254)

Filename

Md5

File type

.gitattributes

3e69936f6f657d8026c2ebdb0ca40a4e

ASCII text, with CRLF line terminators

bug_report.md

239a93e0eb5a8cfcf11494de679b6394

ASCII text

feature_request.md

ed2255072a8baff5cc6ef57448dcffc8

ASCII text

unittests.yml

34338219f58aa9d2a8e43df646655968

ASCII text

.gitignore

d25f51d8f04b013bbcabbc5654c01a09

ASCII text

.travis.yml

7b89596593f8a555b4a5deb7fdc15459

ASCII text

INSTALL.txt

e56c2b2086098500562663b094b4c53b

ASCII text

LICENSE.md

062477247e75fcb78ae3e1280be9e4e1

ASCII text

MANIFEST.in

3a869f5273958d69c3579aa1a8973780

ASCII text

README.md

51cc20f676c44648a18a7b782a9e39d4

ASCII text

oletools_cheatsheet.docx

e707f31af630276af1146123ec71f463

Microsoft Word 2007+

oletools_cheatsheet.pdf

31ade96528fa4eae0ec851c1ceba669e

PDF document, version 1.5, 1 pages

empty_file.txt

22de49079e23ce339888806a02ce4491

ASCII text

install.bat

5db167313317ea397996249cc2cd375a

DOS batch file, ASCII text, with CRLF line terminators

DocVarDump.vba

394917860f4cd1ca1bf4dffd8dbe4117

ASCII text

LICENSE.txt

4cbec08a544c3f00b7e29e3f42677feb

ASCII text

README.html

7621dc7611dadd08cb6444885b49707b

HTML document, ASCII text

README.rst

8cccb690baae002c6bb7a92ae6f3771b

ASCII text

__init__.py

d41d8cd98f00b204e9800998ecf8427e

__init__.py

d41d8cd98f00b204e9800998ecf8427e

clsid.py

29cdec69b0d2363baf264e29fc435f84

Python script, ASCII text executable

codepages.py

a2a353b9cb740584498d950be6ef7471

Python script, ASCII text executable

errors.py

08c842296e09e35a1080a85ebfc09db7

Python script, ASCII text executable

io_encoding.py

e233bebbb5ed7e5c31723e0f4a055878

Python script, ASCII text executable

__init__.py

ac8c1572168face4fc1962c438cc5797

Python script, ASCII text executable

_json_formatter.py

7e81acebae1cce53ae1ed8d9139820f9

Python script, ASCII text executable

_logger_adapter.py

468cfe9a3fcc7e0a6a7fc84f910741d0

Python script, ASCII text executable

_root_logger_wrapper.py

b59de840f37a1a3a4ea39f1b9b3599f6

Python script, ASCII text executable

log_helper.py

82014e5d37a7784b121559d1378ffc98

Python script, ASCII text executable

crypto.py

5bf5605748e34d04da59495e8509ca57

Python script, ASCII text executable

Contribute.html

968a01ad8506dc550037d738c28d966b

HTML document, ASCII text

Contribute.md

fa103c694d9a5dc2e952a0ef64db4af5

ASCII text

Home.html

e1c5019af7c01c59b58da053558ea1d4

HTML document, Unicode text, UTF-8 text

Home.md

fba6225ab1c7b751611f073d60ecb583

ASCII text

Install.html

fc4733ae60a654eefe75f1d8f3bc77f5

HTML document, ASCII text

Install.md

3fdb9855a06e149defcaeb6e238a233a

ASCII text

License.html

09a19088cd48fff34f9d7c099315b90c

HTML document, Unicode text, UTF-8 text

License.md

aa474ab2444b7aa30a39588055b1cceb

ASCII text

mraptor.html

a0689b54a33f868af83eb4b8c0f695a8

HTML document, Unicode text, UTF-8 text

mraptor.md

479a0949f73a803b89ea286bf870bc10

ASCII text

mraptor1.png

117e17608d934428abb8af185cdf9b6d

PNG image data, 723 x 433, 8-bit/color RGB, non-interlaced

olebrowse.html

019b3f331c29414d5f9110c0cd6a6dee

HTML document, Unicode text, UTF-8 text

olebrowse.md

25d8d18e680eb37622bb049200713a06

ASCII text

olebrowse1_menu.png

874e2f509f5186141efe8d3ca1daf61d

PNG image data, 835 x 495, 8-bit/color RGB, non-interlaced

olebrowse2_stream.png

d1ebbe94ddb6c64b413d1e3139903d66

PNG image data, 835 x 495, 8-bit/color RGB, non-interlaced

olebrowse3_hexview.png

8d3ee6a1c01caa7a2aebbeddd5d2c7f1

PNG image data, 835 x 486, 8-bit/color RGB, non-interlaced

oledir.html

71ddea3bea662640263362bb3788c335

HTML document, ASCII text

oledir.md

171bc1fbc0695ee1dd16ad740dce3357

ASCII text

oledir.png

703acddb3d4ea55e05404776dd1f633d

PNG image data, 722 x 883, 8-bit/color RGB, non-interlaced

oleid.html

fe3a845fb3ad4b5f344e60fb2a5e2fd0

HTML document, Unicode text, UTF-8 text, with very long lines (526)

oleid.md

7bb74ddb20dd1da85f94cef792df7db8

ASCII text

olemap.html

cc859f457e5b6c65fd8aea011a70cb44

HTML document, ASCII text

olemap.md

e87315e594e9e3f555028ed77ba1322d

ASCII text

olemap1.png

d6e40951c32ba677eec3455338d68ac6

PNG image data, 719 x 668, 8-bit/color RGB, non-interlaced

olemap2.png

aa5dea1e23fbf5ed354c5fd4a47d5d9d

PNG image data, 716 x 766, 8-bit/color RGB, non-interlaced

olemeta.html

d4cbee67ff5d6315e97832c493a784d4

HTML document, Unicode text, UTF-8 text

olemeta.md

6d757783816709907238bd1b2918b95b

ASCII text

olemeta1.png

f19082ebe38d0de8203b0c9890b6d440

PNG image data, 707 x 628, 8-bit/color RGB, non-interlaced

oleobj.html

bd9c44fd9ef2ab46bfd1e000e7f89f62

HTML document, ASCII text

oleobj.md

3fc5ccbd856084ac39eeb12e6e1805b9

ASCII text

oletimes.html

8e112e146d026835156287dd9b7e01c4

HTML document, Unicode text, UTF-8 text

oletimes.md

79c4111ee36b96be93509d2972def13d

ASCII text

olevba.html

ab719ec0462c0cae88a364643fed4f98

HTML document, Unicode text, UTF-8 text, with very long lines (406)

olevba.md

bb8757cbba64b591061382b9c4a5dc58

ASCII text

pyxswf.html

d334651070caabb91ec234ea25cf9ce9

HTML document, Unicode text, UTF-8 text

pyxswf.md

3a8f4e861e843e245a039446430308c5

ASCII text

rtfobj.html

d3bf286cbdd96f48e886eca876e2cb6f

HTML document, Unicode text, UTF-8 text, with very long lines (365)

rtfobj.md

3447d7e6d687061db11fe5111919cbd9

Python script, ASCII text executable

ezhexviewer.py

16b50489ea5ffaa16f72c3c1fa9494c5

Python script, ASCII text executable

ftguess.py

85677eef299b49386751dda070942d0a

Python script, Unicode text, UTF-8 text executable

mraptor.py

d29d14a67627031e58369e93910c66de

Python script, ASCII text executable

mraptor3.py

48cbbadb90f47b3e2b76a39da6094f97

Python script, ASCII text executable

mraptor_milter.py

679875f7faca0790b77950af5db517c6

Python script, ASCII text executable

msodde.py

7a11d664390ea768ed85a30f3a1ef06e

Python script, ASCII text executable

olebrowse.py

d4ba5828546806318385887bf6d531eb

Python script, ASCII text executable

oledir.py

230a33612e009731434afe31c016c883

Python script, ASCII text executable

oleform.py

c3f5ab4d3e281326b5aa3f4414c5e4eb

Python script, ASCII text executable

oleid.py

608ab0f8f00c1f56c71a4cd3866b8578

Python script, ASCII text executable

olemap.py

d26f3aba3af0ee8af2b1165fa4366766

Python script, ASCII text executable

olemeta.py

3087e09ef406b1c4dd1dcc3fc163abae

Python script, ASCII text executable

oleobj.py

be3d4a17068f11367109307dd168ac26

Python script, ASCII text executable

oletimes.py

e436107206d1a2d4f8b00a50efc11461

Python script, ASCII text executable

olevba.py

1084b2908aefd9c1923aeeda79eb403e

Python script, ASCII text executable

olevba3.py

9e059ae7c5d98a933540a77e483b5139

Python script, ASCII text executable

ooxml.py

8c8109daa4b2b607a16b54b144ad84fc

Python script, ASCII text executable

ppt_parser.py

5307775ae19498770d39757664addee2

Python script, ASCII text executable

ppt_record_parser.py

f2e5de64c302784046154ad86049e0fd

Python script, ASCII text executable

pyxswf.py

37f2a53ed83975b78a3c0020f6266da2

Python script, ASCII text executable

record_base.py

87f5091b8c7e1092bf795f7ff4470a8a

Python script, ASCII text executable

rtfobj.py

e28b6976f62e097d62da2d798c63eff5

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

__init__.py

d41d8cd98f00b204e9800998ecf8427e

oledump_extract.py

5bce193bfdaa81f240750caf4d34689b

Python script, ASCII text executable

plugin_biff.py

e9a78444211d4c6f7473c6583484e1aa

Python script, ASCII text executable

CHANGELOG

50a5c2d026f9af36d48d255b760a0315

HTML document, ASCII text

COPYING

3e73500ffa52de5071cff65990055282

ASCII text

README

4648a7e376f2784cc3f31881e34ae5c4

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

prettytable.py

538a1660328eba4d987150cf1f7defb5

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

tablestream.py

cf6ecc59f20d6bf1ced55064c1be9715

Python script, ASCII text executable

LICENSE.txt

5b56c05cbfe684241d66eb7ad02e1dd0

ASCII text, with CRLF line terminators

__init__.py

a1544f034b441fc18643266f411d6ab2

Python script, ASCII text executable, with no line terminators

xglob.py

04b99b2a13d424a819a1689f02d6ccb9

Python script, ASCII text executable

LICENSE.txt

4fe869ee987a340198fb0d54c55c47f1

ASCII text

__init__.py

d41d8cd98f00b204e9800998ecf8427e

xxxswf.py

a4760ac1fc4cd2a0ff8244313a6d6af5

Python script, ASCII text executable

xls_parser.py

ae3c2b590351298ffb8f15cba425a94c

Python script, ASCII text executable

requirements.txt

83c6411b6dd069ea80450e903cd029f4

ASCII text

setup.py

4367c89d407fb9402a7a25d76bf44e74

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

__init__.py

d41d8cd98f00b204e9800998ecf8427e

__init__.py

d41d8cd98f00b204e9800998ecf8427e

log_helper_test_imported.py

c0a7fc90f7812ba8effa79fe7c3523de

Python script, ASCII text executable

log_helper_test_main.py

a2fce3ba585a54e0a79206a97421cbda

Python script, ASCII text executable

test_log_helper.py

df90b094f3cf3ec2ee4b2d5d0f48fa1f

Python script, ASCII text executable

third_party_importer.py

9d3bf6eb6ebb26ff679c5ae4c576baa0

Python script, ASCII text executable

test_clsid.py

b497d0b1f3301482eea84c732c3577e8

Python script, ASCII text executable

test_encoding_handler.py

cf36c1015548a0cbcd52af685945d826

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

587cbfde9a920941d05e38a6f24c4b02

Python script, ASCII text executable

howto_add_unittests.txt

86ad528927eb232c40a8fe37ca59b3f2

ASCII text

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

19bc6c63b36631beebf88d1219212e30

Python script, ASCII text executable

test_blacklist.py

53c4d2b5da31019fc547f0b75aa4db7c

Python script, ASCII text executable

test_crypto.py

6756b129862de03c519e40e69df8edc7

Python script, ASCII text executable

test_csv.py

c05efb4b2758b48727975039b6fb9583

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

857b5ef635a2f0530de8310e4694b782

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

fdd70bec57f29db95abf126cbfd34b99

Python script, ASCII text executable

test_issue_166.py

839a75616a36c3cc52d254c7c951ac17

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

98148f26ad1969c1c7571e3a8986a436

Python script, ASCII text executable

test_external_links.py

4405696b1016e3bc4524a9725d063a98

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

0078ad3046c29028f6dcc3e480a19224

Python script, ASCII text executable

test_crypto.py

1a2c29289e3b41c4aeee42a15a4452b3

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

0352836e312d17abd74b75a59b36254c

Python script, ASCII text executable

test_zip_sub_file.py

8234a8346aae137d387bae1141431c75

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

c9be2196efe2e5e08c908bcb876387e3

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_is_rtf.py

47a545c24b82631d81e1dfc0af9c1320

Python script, ASCII text executable

test_issue_185.py

f84abbb61fb2c66d3208de26d10c48dd

Python script, ASCII text executable

test_issue_251.py

591df53d535b74591acb9ea509ab3258

Python script, ASCII text executable

empty

d41d8cd98f00b204e9800998ecf8427e

encrypted.docx

9e2f4cffc1c06b52bb5f9fe5c88bce95

CDFV2 Encrypted

text

3cd7a0db76ff9dca48979e24c39b408c

ASCII text

autostart-encrypt-standardpassword.xls

f1c294d5859d3f6e7d2b1036a15fb362

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: schulung, Last Saved By: schulung, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Mar 11 09:35:45 2016, Last Saved Time/Date: Thu Mar 21 14:07:50 2019, Security: 1

autostart-encrypt-standardpassword.xlsb

d75671a00ba04b32dc27b59cf038b764

CDFV2 Encrypted

autostart-encrypt-standardpassword.xlsm

17697047fac464907679b25ef100580c

CDFV2 Encrypted

dde-test-encrypt-standardpassword.xls

eb95df4414959b738384a8d9df1ea68a

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Last Saved By: schulung, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Oct 26 07:56:11 2017, Last Saved Time/Date: Thu Mar 21 14:37:43 2019, Security: 1

dde-test-encrypt-standardpassword.xlsb

7e4bae56d2c264cf716a24a7e185c801

CDFV2 Encrypted

dde-test-encrypt-standardpassword.xlsm

f8f468ad25f5be2520b71cc647943bcf

CDFV2 Encrypted

dde-test-encrypt-standardpassword.xlsx

6717e7abddce6aee88eef75f91fd9ecb

CDFV2 Encrypted

encrypted.doc

643ccc25aa82c6254f03803374de318d

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Template: Normal.dotm, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Oct 17 12:27:00 2018, Last Saved Time/Date: Wed Oct 17 12:27:00 2018, Number of Pages: 1, Number of Words: 6, Number of Characters: 42, Security: 1

encrypted.docm

438b8d8238d3a871849d4032517ca2f9

CDFV2 Encrypted

encrypted.docx

e5be03f0f3972ab0d299173222b497ab

CDFV2 Encrypted

encrypted.ppt

89ff6bf91bf3e2347af26e758fe2a67e

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252

encrypted.pptm

8fada37bcd0443d31f4c42ffadb83e50

CDFV2 Encrypted

encrypted.pptx

fb0c6ff3389464a3968aa5a2a721f46d

CDFV2 Encrypted

encrypted.xls

f8d07ace7cc08a44f63f9a6054c96244

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Oct 17 12:30:05 2018, Last Saved Time/Date: Wed Oct 17 12:31:27 2018, Security: 1

encrypted.xlsb

164065b855a9aedf20b73feb374c6cf6

CDFV2 Encrypted

encrypted.xlsm

a87902fe8d9fe088109e922eb800e849

CDFV2 Encrypted

encrypted.xlsx

259309651a61e33cc0e2a03d7036662d

CDFV2 Encrypted

excel4_sample_macro.slk

dc9e132187e203f70c9331604ec23a8f

spreadsheet interchange document, created by Excel

excel4_sample_macro.xls

c0cb61993b5fc669aabe4936ad1eb5e0

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: user, Last Saved By: Philippe Lagadec, Name of Creating Application: Microsoft Excel, Create Time/Date: Sun Jan 20 07:17:53 2019, Last Saved Time/Date: Mon Oct 11 21:01:22 2021, Security: 0

excel4_sample_macro.xlsb

d86947cb677dad89420385f1f4e753ee

Microsoft Excel 2007+

excel4_sample_macro.xlsm

02c93bfe59ad2549226b2658fd03a8ab

Microsoft Excel 2007+

excel4_sample_macro.xlt

463ce1eaf2e5eb72f148bc9f819c4295

excel4_sample_macro.xltm

72f07772ef2c087555e0e3b522f5b5ec

Microsoft Excel 2007+

excel4_sample_macro_excel5_format.xls

052e30733751a339ae0aee6e206d6116

RTF-Spec-1.7.rtf

402490e0fbc9729ae68f68cfe61031a4

Rich Text Format data, version 1, Apple Macintosh, ANSI, code page 10000, default language ID 1033

dde-in-csv.csv

9c2123694b3e72be8a5be106751ec3f2

ASCII text, with CRLF line terminators

dde-in-excel2003.xml

96c71a9cef4866b886cb8d6d22096f3a

XML 1.0 document, ASCII text, with CRLF line terminators

dde-in-word2003.xml.zip

b5bcbddaee3e2cc9db20a0db92ad5c11

Zip archive data, at least v2.0 to extract, compression method=deflate

dde-in-word2007.xml.zip

7078ee60354abce9f5a41fc2798df931

Zip archive data, at least v2.0 to extract, compression method=deflate

dde-test-from-office2003.doc.zip

9c65bf0a5c6091e26ebc742396fc11e9

Zip archive data, at least v2.0 to extract, compression method=deflate

dde-test-from-office2013-utf_16le-korean.doc.zip

eec089e8b718ef6b3d2541ac8abfefa4

Zip archive data, at least v2.0 to extract, compression method=deflate

dde-test-from-office2016.doc.zip

21e03a6b87ca9e3fae66e2bea15faade

Zip archive data, at least v2.0 to extract, compression method=deflate

dde-test.docm

3045882cb01deb82d6c16f359729041e

Microsoft Word 2007+

dde-test.docx

081fb82bbdc3c89df4285cb7ad732696

Microsoft Word 2007+

dde-test.xlsb

f35a5121494bc5dda553734c91ebaf1a

Microsoft Excel 2007+

dde-test.xlsm

34e19d3f0d833706d751361cf0681207

Microsoft Excel 2007+

dde-test.xlsx

13fb5902e80484db65fdc693d3c893ae

Microsoft Excel 2007+

harmless-clean-2003.xml

09c8f181879ccdb747a280325ea3dce4

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (25925), with CRLF line terminators

harmless-clean.doc

d346a7cbed29c49378f9ac998ca0bb91

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: user, Template: Normal, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Oct 26 09:09:00 2017, Last Saved Time/Date: Thu Oct 26 09:09:00 2017, Number of Pages: 1, Number of Words: 39, Number of Characters: 250, Security: 0

harmless-clean.docm

67a81ca72ba335148fecdd8c369ee5dc

Microsoft Word 2007+

harmless-clean.docx

ce0fdaf82a24415c016b07e21f3a1ded

Microsoft Word 2007+

harmless-clean.xml

e01bd114d9452352909c9022067814b8

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (52882), with CRLF line terminators

oleform-PR314.docm

19400bf0638f691966aac762a4484ed5

Microsoft Word 2007+

embedded-simple-2007-as2003.xml

ddc1dc6d4a7d3cf354355065bda3c8c1

XML 1.0 document, ASCII text, with very long lines (9911), with CRLF line terminators

embedded-simple-2007.doc

c7088ad878e30bd4067a32e83921a459

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Template: Normal, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Jan 17 09:47:00 2018, Last Saved Time/Date: Wed Jan 17 09:47:00 2018, Number of Pages: 1, Number of Words: 11, Number of Characters: 73, Security: 0

embedded-simple-2007.docm

80c65cabc4f63b5d1467c82f05aad7d7

Microsoft Word 2007+

embedded-simple-2007.docx

df081d083ed0b83d30f0edc4f075cfce

Microsoft Word 2007+

embedded-simple-2007.dot

ba1b179dcea3245a8410d395813aa88a

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Template: embedded-simple-2007, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Jan 17 09:48:00 2018, Last Saved Time/Date: Wed Jan 17 09:48:00 2018, Number of Pages: 1, Number of Words: 11, Number of Characters: 73, Security: 0

embedded-simple-2007.dotm

d01ba54bf2ee0b60e5d9e3eb676387c8

Microsoft Word 2007+

embedded-simple-2007.dotx

1f15a1d1eb9cb761d4b538b29fbb89a2

Microsoft Word 2007+

embedded-simple-2007.odp

36e8d37000c2d4b8df892cf825653c13

OpenDocument Presentation

embedded-simple-2007.ods

5a7301ddc615485ad665e645a37528c5

OpenDocument Spreadsheet

embedded-simple-2007.odt

75c18cf8ddcee34f76c5f79011ab571f

OpenDocument Text

embedded-simple-2007.pot

11dc1b453c30173fab2ece9d37ea65ac

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Embedded Objects, Author: user, Last Saved By: user, Revision Number: 1, Name of Creating Application: Microsoft Office PowerPoint, Create Time/Date: Thu Jan 18 13:13:30 2018, Last Saved Time/Date: Thu Jan 18 13:15:25 2018, Number of Words: 16

embedded-simple-2007.potm

bf503e1673156c57d1fbfddb2026feb4

Microsoft PowerPoint 2007+

embedded-simple-2007.potx

289847d8f241a92a1d68e7f2730e23ea

Microsoft PowerPoint 2007+

embedded-simple-2007.pps

c2ba2286e756cb839e27f230e65da515

embedded-simple-2007.ppsm

6ca8e0fba2091c23397145226a74b343

Microsoft PowerPoint 2007+

embedded-simple-2007.ppsx

d5505ed6fc8c08b1acf4d7e152c4d17f

Microsoft PowerPoint 2007+

embedded-simple-2007.ppt

053bc6c96fd31bbc00327eb4c14e3dfe

embedded-simple-2007.pptm

991e23828593782c2b3ded0e8fed78f8

Microsoft PowerPoint 2007+

embedded-simple-2007.pptx

5e18f35c7562321fc4614c3e208176e9

Microsoft PowerPoint 2007+

embedded-simple-2007.xla

788923352834d2c98834de0e71e498f9

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 18 10:08:50 2018, Last Saved Time/Date: Thu Jan 18 13:07:40 2018, Security: 0

embedded-simple-2007.xlam

f27710458b0d0bced99a79ecfd4ab561

Microsoft Excel 2007+

embedded-simple-2007.xls

de9b5111fabb54953df6168558ef081b

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 18 10:08:50 2018, Last Saved Time/Date: Thu Jan 18 12:59:28 2018, Security: 0

embedded-simple-2007.xlsb

678383571f0fdd75f4e618b5db8b4008

Microsoft Excel 2007+

embedded-simple-2007.xlsm

673e30f02d63cd979aed76826a749f42

Microsoft Excel 2007+

embedded-simple-2007.xlsx

dd32449f5ead7f3c2baba5ec31bd2697

Microsoft Excel 2007+

embedded-simple-2007.xlt

3b97cdcb1a1585289c45738401ff7a40

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 18 10:08:50 2018, Last Saved Time/Date: Thu Jan 18 13:01:07 2018, Security: 0

embedded-simple-2007.xltm

d0f1263ac9b01c6cbd1c39d77747e24a

Microsoft Excel 2007+

embedded-simple-2007.xltx

1801e8b0e26c4921c94c2ec01f595730

Microsoft Excel 2007+

embedded-simple-2007.xml

fe14aef6c30439c2a96639330617a96e

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (27221), with CRLF line terminators

embedded-unicode-2007.docx

18a346a4644042f7d48bce064c60316a

Microsoft Word 2007+

embedded-unicode.doc

ed0d527c88a198d0fd331815c98b26d4

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: , Author: user, Template: Normal.dot, Last Saved By: user, Revision Number: 9, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Jan 12 11:20:00 2018, Last Saved Time/Date: Fri Jan 12 13:23:00 2018, Number of Pages: 1, Number of Words: 15, Number of Characters: 99, Security: 0

sample_with_external_link_to_doc.docm

5ba3f1dbd6dd15ea478f4028f939aa77

Microsoft Word 2007+

sample_with_external_link_to_doc.docx

72f6b9ca2a80b30d778238cafc38fb62

Microsoft OOXML

sample_with_external_link_to_doc.dotm

026acd91903c466bc31d9911d3ec8370

Microsoft Word 2007+

sample_with_external_link_to_doc.dotx

dceeb6ba7372e4a6658b798c8835fd0c

Microsoft Word 2007+

sample_with_external_link_to_doc.potm

48321bd181f2cd140b9eb3fdea9c48c6

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.potx

50c7622f7c21401515f9bf464e0a6778

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.ppsm

74e0a2ed3e60557f8236fa2244c8d454

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.ppsx

c3e7293674207b31aba8a9df52c57877

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.pptm

57fb553c88d9a8ef34b59de4cdd28952

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.pptx

9c15fd926b94cd7e70cbe70d231c6ee9

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.xlsb

ff50c1cbd617aed3bcaf9d01534f5a20

Microsoft Excel 2007+

sample_with_external_link_to_doc.xlsm

09ffea587bd12570f3553391a43c8493

Microsoft Excel 2007+

sample_with_external_link_to_doc.xlsx

4dbbb3f058d39a738a3eab61d0134688

Microsoft Excel 2007+

sample_with_calc_embedded.doc

258801e9816c4214a4c337f9adb198d3

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: xxxxxxxxxxxx, Template: Normal, Last Saved By: xxxxxxxxxxxx, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Mon Nov 13 21:27:00 2017, Last Saved Time/Date: Mon Nov 13 21:28:00 2017, Number of Pages: 1, Number of Words: 3, Number of Characters: 18, Security: 0

sample_with_lnk_file.doc

a5cf58415b0769123da4249d90584e78

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: , Author: user, Template: Normal, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Nov 30 09:33:00 2017, Last Saved Time/Date: Thu Nov 30 10:05:00 2017, Number of Pages: 1, Number of Words: 2, Number of Characters: 19, Security: 0

sample_with_lnk_file.pps

786650d2c3ce1f736d4bdecec6ae11ff

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Test, Author: user, Last Saved By: user, Revision Number: 1, Name of Creating Application: Microsoft Office PowerPoint, Create Time/Date: Thu Nov 30 10:21:24 2017, Last Saved Time/Date: Thu Nov 30 10:39:43 2017, Number of Words: 1

sample_with_lnk_file.ppt

0f6576d76d37a4a216307b9a115a0c4f

sample_with_lnk_to_calc.doc

2f885f6baf46c2eea1f026bc2706607c

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: zzzzzzzzzzzz, Template: Normal, Last Saved By: zzzzz zzzzzz, Revision Number: 5, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Mon Nov 13 21:39:00 2017, Last Saved Time/Date: Mon Nov 13 21:42:00 2017, Number of Pages: 1, Number of Words: 3, Number of Characters: 18, Security: 0

sample_with_vba.ppt

2ef2b3f05eb16524a3d983f72bff4705

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 949, Title: PPT VBA TEST, Author: , Last Saved By: , Revision Number: 7, Name of Creating Application: Microsoft Office PowerPoint, Total Editing Time: 17:46, Create Time/Date: Fri Nov 5 00:45:36 2021, Last Saved Time/Date: Fri Nov 5 01:03:23 2021, Number of Words: 3

dde-in-excel2003.xml

96c71a9cef4866b886cb8d6d22096f3a

XML 1.0 document, ASCII text, with CRLF line terminators

dde-in-word2003.xml.zip

53b60da5f207091fea53edaf12265027

Zip archive data, at least v2.0 to extract, compression method=deflate

harmless-clean-2003.xml

09c8f181879ccdb747a280325ea3dce4

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (25925), with CRLF line terminators

harmless-clean.xml

e01bd114d9452352909c9022067814b8

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (52882), with CRLF line terminators

presentation.xps

3eec101ea4c04bedb0abeaf086f095dd

Microsoft OOXML

issue_185.rtf.zip

58f216490c43ff0e2c8f5f238f174298

Zip archive data, at least v2.0 to extract, compression method=deflate

issue_251.rtf

875a296b6c96f54a5763b731f28895e1

Rich Text Format data, version 2, ANSI, code page 1181, default language ID 1094

__init__.py

84f95bd6ff88b75d772b79a9fa0b2bb4

Python script, ASCII text executable

testdata_reader.py

104d1cfcb649e59fd12c94c9bcbccb8d

Python script, ASCII text executable

utils.py

ceb84e60a9fd94852e91a39db67b6c9d

Python script, ASCII text executable

unittest_template.py

33de94d91a0f36e8d767adbfbf195211

Python script, ASCII text executable

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects Excel4 macro use with auto open / close
Public Nextron YARA rules	malware	Detects Excel4 macro use with auto open / close
Public Nextron YARA rules	malware	Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents.
VirusTotal	malicious	VirusTotal - Scan result 37/68

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
72e206e9b89445fb2fb4031a6abe6169
a18bebfb86a71685bd817c15e348cfb5ea438c72
856f85441e043130f88668be6cf68110187856f17999bddc4332437d383c79b6

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "856F85441E043130F88668BE6CF68110187856F17999BDDC4332437D383C79B6"
Last-Modified: Mon, 23 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6112
Expires: Wed, 25 Sep 2024 22:18:21 GMT
Date: Wed, 25 Sep 2024 20:36:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4d7d2c93c05c23af00bdd2de1aa8def8
5d690fe96336335097f6edc39f269282fc0c03d5
ad3bf98d190e8a00b304b608273e81b0d73805059020c0e08e318194738dbe08

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "AD3BF98D190E8A00B304B608273E81B0D73805059020C0E08E318194738DBE08"
Last-Modified: Wed, 25 Sep 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6053
Expires: Wed, 25 Sep 2024 22:17:22 GMT
Date: Wed, 25 Sep 2024 20:36:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e49ce6a2ffd1afe9fdb15fd32491f4c5
7def7bdba49613d39e69a640fbe216a4ffee38cb
6ddbcc3388c5458c7be8c867cbff8d6ae16d588349605db0c7b5996ea32de452

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6DDBCC3388C5458C7BE8C867CBFF8D6AE16D588349605DB0C7B5996EA32DE452"
Last-Modified: Wed, 25 Sep 2024 19:04:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16935
Expires: Thu, 26 Sep 2024 01:18:44 GMT
Date: Wed, 25 Sep 2024 20:36:29 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0db22d1bf08e17d0aa79837780ccb58e
8a1325f2825794922c84ae24bfa90fbef5c26c86
e7663af7161fb47ba9214420ac390365b05f832603cd07b2d71a5e58c21ff854

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "E7663AF7161FB47BA9214420AC390365B05F832603CD07B2D71A5E58C21FF854"
Last-Modified: Wed, 25 Sep 2024 01:06:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5902
Expires: Wed, 25 Sep 2024 22:14:51 GMT
Date: Wed, 25 Sep 2024 20:36:29 GMT
Connection: keep-alive

github.com/decalage2/oletools/archive/master.zip

140.82.121.3

302 Found

0 B

URL User Request GET HTTP/2
github.com/decalage2/oletools/archive/master.zip
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /decalage2/oletools/archive/master.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Wed, 25 Sep 2024 20:36:29 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://codeload.github.com/decalage2/oletools/zip/refs/heads/master
cache-control: max-age=0, private
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 71BA:107735:1258F3B:12B08AF:66F4744D
X-Firefox-Spdy: h2

codeload.github.com/decalage2/oletools/zip/refs/heads/master

140.82.121.10

200 OK

3.4 MB

URL User Request GET HTTP/2
codeload.github.com/decalage2/oletools/zip/refs/heads/master
IP
140.82.121.10:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subject*.github.com
Fingerprint0D:F6:EC:50:FA:ED:AE:6E:13:AF:82:94:52:F7:11:1B:0A:CF:7C:20
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.4 MB (3367200 bytes)
Hash
20caea15b3b75d3951265f1d57118f93
dcc5135fe570d1387c14d3d343b95be5bef7d808
98ac99b9175621a60cd176ef7dc933026d1e420e76d43e413050e3f0b9225dc5

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 37/68

HTTP Headers

GET /decalage2/oletools/zip/refs/heads/master HTTP/1.1
Host: codeload.github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=oletools-master.zip
content-length: 3367200
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
cross-origin-resource-policy: cross-origin
etag: W/"972750a1828748ecc8ebfd6ce4e0827e2cc651a927ff004507004bb8445bc626"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
date: Wed, 25 Sep 2024 20:36:30 GMT
x-github-request-id: C268:36C9D3:76874:9319B:66F4744D
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c16a3fe398c09ad4d309c60911d6a6b6
dc1148076d45d128cb6d0780ac0467aeba0902e9
5bd5f6cc031865b327cd4987c09f2266f9b994cc967eb6cf75bab5a58bcb7230

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5BD5F6CC031865B327CD4987C09F2266F9B994CC967EB6CF75BAB5A58BCB7230"
Last-Modified: Wed, 25 Sep 2024 02:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6458
Expires: Wed, 25 Sep 2024 22:24:09 GMT
Date: Wed, 25 Sep 2024 20:36:31 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c16a3fe398c09ad4d309c60911d6a6b6
dc1148076d45d128cb6d0780ac0467aeba0902e9
5bd5f6cc031865b327cd4987c09f2266f9b994cc967eb6cf75bab5a58bcb7230

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5BD5F6CC031865B327CD4987C09F2266F9B994CC967EB6CF75BAB5A58BCB7230"
Last-Modified: Wed, 25 Sep 2024 02:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6458
Expires: Wed, 25 Sep 2024 22:24:09 GMT
Date: Wed, 25 Sep 2024 20:36:31 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (254)

Detections

JavaScript (0)

HTTP Transactions (8)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size