Report - github.com/APTIRAN/C2/raw/refs/heads/main/nighthawkc2.7z

Report Overview

Visited public
2025-01-31 05:26:40
Tags
URL
github.com/APTIRAN/C2/raw/refs/heads/main/nighthawkc2.7z
Finishing URL
about:privatebrowsing
IP / ASN
140.82.121.3
#36459 GITHUB
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2025-01-29	522 B	3.9 kB	140.82.121.3
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2025-01-29	533 B	3.5 MB	185.199.110.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
raw.githubusercontent.com/APTIRAN/C2/refs/heads/main/nighthawkc2.7z
IP
185.199.110.133
ASN
#54113 FASTLY

File type
7-zip archive data, version 0.4
Size
3.5 MB (3521138 bytes)
Hash
75684b6de11a1f15d24ab861e80c924f
bbb39af7ac7160140553514b71ca350161ef9a29
fdc5cd90afc597b0455878a4753dac6fbbb87728a5b97a173044b144cd1acde8

Archive (96)

Filename

Md5

File type

agent_config.py

c3c69223b771a9614839cf83695d9a09

Python script, ASCII text executable, with CRLF line terminators

agent_config.pyc

58fc6cf71d91c055e2cb8d45d652c0b6

python 2.7 byte-compiled

apimanager.py

1a242482287ecbaa9d03bda41ba32240

Python script, ASCII text executable, with CRLF line terminators

apimanager.pyc

a9ed68a4ba64a6ce5ecb2710527256dc

python 2.7 byte-compiled

apiserver.py

1e0394a47786a846ab08556760ce3cff

Python script, ASCII text executable, with CRLF line terminators

Implant.x64.raw-artifact

a83cfa91bcc081e0ca5db25c21e609cd

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

Implant.x64.rdll

1dac9046c2ec7a33818e773c2d285cb8

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

Implant.x86.raw-artifact

cd0d4d7f093238144f088c9b3ca05e20

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Implant.x86.rdll

58c7542fa1aa5e6de7147304cfad14d3

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

Implant.x64.raw-artifact

a83cfa91bcc081e0ca5db25c21e609cd

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

Implant.x64.rdll

1dac9046c2ec7a33818e773c2d285cb8

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

Implant.x86.raw-artifact

cd0d4d7f093238144f088c9b3ca05e20

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

Implant.x86.rdll

58c7542fa1aa5e6de7147304cfad14d3

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

c2resources.py

bc89d1b8a953880f0b2609a7284eef08

ASCII text, with CRLF line terminators

c2resources.pyc

f15624a1899678d852ba53912c4eeb91

python 2.7 byte-compiled

controlresources.py

5ff2b9e8da5d6e583c42e8b7d008d36b

Python script, ASCII text executable, with CRLF line terminators

controlresources.pyc

31acf4c8d4cb92c1e4a2b50ecc611f6a

python 2.7 byte-compiled

database.py

d21e7dc1761e059a62b6488a8e43b896

Python script, ASCII text executable, with CRLF line terminators

database.pyc

2f3430c69f4117a275d76145b5c8c25b

python 2.7 byte-compiled

test.db

7ba1c60b8d6970b98916c84a661eb738

SQLite 3.x database, last written using SQLite version 3008011, page size 1024, file counter 50, database pages 13, cookie 0x30, schema 4, UTF-8, version-valid-for 50

deployc2.py

1ff110d42a109bf147fbd49188b19393

Python script, ASCII text executable, with CRLF line terminators

deployc2.pyc

b40367bef858f413033f2737c4861c71

python 2.7 byte-compiled

embed_profile.py

7c8d3d1e0140adccebe69a961c2db522

Python script, ASCII text executable, with CRLF line terminators

embed_profile.pyc

e91ae1eae59e93b2f95827a9097543ba

python 2.7 byte-compiled

exoldr.x64.exe.bin

1337d039b2be99d896238777f1679b95

data

exoldr.x86.exe.bin

00331995de5f67eaecd15d0525f56587

data

gen_keying_shellcode.py

a7e027f00ca855572da7a8e36b5bd461

Python script, ASCII text executable, with CRLF line terminators

gen_keying_shellcode.pyc

9bfe611697c7567cf24be96466ad8731

python 2.7 byte-compiled

gen_shellcode.py

c82ea9375d8c08d5fac7af725ede8968

Python script, ASCII text executable, with CRLF line terminators

gen_shellcode.pyc

5254bfea11393ad7f15be8228c692f39

python 2.7 byte-compiled

helpers.py

cc3186dad712ae0cee5b73fb86808b25

Python script, ASCII text executable, with CRLF line terminators

helpers.pyc

15980a1c9eeb2fc71272a9141a3cac94

python 2.7 byte-compiled

logexporter.py

9b06fff6bb305f8e861ef079729c4afd

Python script, ASCII text executable, with CRLF line terminators

nighthawk_version.bin

465468e7a72047e2630adb5417506f68

data

payload_gen.py

43c480df771aa87183301fd4517f18a9

Python script, ASCII text executable, with CRLF line terminators

payload_gen.pyc

08adb27ce0ec0d48012977f8470c0baa

python 2.7 byte-compiled

rdll_properties_x64.py

7d4097e8a1b75eb169343b3990eac99d

Python script, ASCII text executable

rdll_properties_x64.pyc

95cbdba631eebf7c29edaec5cf780474

python 2.7 byte-compiled

rdll_properties_x86.py

10c44f0ff38104b1a87986d018bbd570

Python script, ASCII text executable

rdll_properties_x86.pyc

3afbcd3496fa743787dacb3f96a0b2f9

python 2.7 byte-compiled

sessionresources.py

fc9e02737e1dadeaf6d458cb978eb3d9

Python script, ASCII text executable, with CRLF line terminators

sessionresources.pyc

1c0811c5c301280b861930ea25a4a64a

python 2.7 byte-compiled

sockshandler.py

edf59d2d9967af6e0269fbde0e70e7fb

Python script, ASCII text executable, with CRLF line terminators

sockshandler.pyc

ece4f3e3cee1b840699f5359ddb5d78b

python 2.7 byte-compiled

stegoldr.py

231dd301a46d81399cca750dfdb53228

Python script, ASCII text executable, with CRLF line terminators

stegoldr.x64.exe.bin

94bf80a5c8a4289d4a9ec7e3abe52a4f

data

stegoldr.x86.exe.bin

17537e517b72bf006fb529fed11c07bf

data

stego_stager_gen.py

d076c1a447c8f34244f9f15c5fad1f7a

Python script, ASCII text executable, with CRLF line terminators

apiclient.py

e5982aefdd3dce5651140741fb333fb4

Python script, ASCII text executable, with CRLF line terminators

apiclient.pyc

bb7e549509ff0c61321c76080bbbba60

python 2.7 byte-compiled

builtinencoders.py

d80715cc634489326e93b10ac8ae8893

Python script, ASCII text executable, with CRLF line terminators

builtinencoders.pyc

9a0d8b4e7ec7d69f16533aca6cf3aa18

python 2.7 byte-compiled

c2server.py

7ad5d872c0b4434a2d23354a6f6d5708

Python script, ASCII text executable, with CRLF line terminators

endpoint_base.py

ba6f46c987223271e6a2b5ae26b0461b

Python script, ASCII text executable, with CRLF line terminators

endpoint_base.pyc

94801eb660c21222561a23976eb866ee

python 2.7 byte-compiled

helpers.py

1cae031f56b0dad3dc9d7c1d5fbb7b5c

Python script, ASCII text executable, with CRLF line terminators

helpers.pyc

bed2ee9d546490a4a1dbd384c12cb7d5

python 2.7 byte-compiled

http_endpoint.py

54daf0eb39afd5e1f6286cb5fff00557

Python script, ASCII text executable, with CRLF line terminators

http_endpoint.pyc

dd8cae14df6c6d83e98674ae217bfe16

python 2.7 byte-compiled

office365.json

12638b651b45a3c24e9cbad7fd2482b0

JSON text data

c2-logo.png

d9468e23b4331e1839a08e225c18c159

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

c2_logo.ico

7b6da8f630204baab329321f42d0c1b9

MS Windows icon resource - 4 icons, 32x32, 32 bits/pixel, 64x64, 32 bits/pixel

download.png

c0ea9fb3b156b64a4d5b37e308cebb85

PNG image data, 491 x 491, 8-bit/color RGBA, non-interlaced

drive.png

a4a4a50b95b131bd1cbce658e1708b58

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

file.png

521f0b00b264707bea2734d0dcf4351a

PNG image data, 1600 x 1600, 8-bit/color RGBA, non-interlaced

folder-closed.png

4f0f9fdcf90166e4a5ecec2b0cd85ae8

PNG image data, 1463 x 1463, 8-bit/color RGBA, non-interlaced

folder-open.png

cdebd056a7e3058c87c67adcce669fab

PNG image data, 1600 x 1600, 8-bit/color RGBA, non-interlaced

linux.png

416d19673212e2f912c0c43955398ecd

PNG image data, 344 x 344, 8-bit/color RGBA, non-interlaced

mac-os.png

8321db7d153650ca38d1540f9e1ce513

PNG image data, 344 x 344, 8-bit/color RGBA, non-interlaced

process-x64.png

1a6e270f0fb3d7d4fc37e10ef9ea0449

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

process-x86.png

716a6a1ac8ab2428731858b89c64270c

PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced

process.png

2671d2f2f54a25cdccd21b788b2971ee

PNG image data, 512 x 512, 8-bit colormap, non-interlaced

soroush.jpg

6793a222ca9764888b2b4b4248ad2cac

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6], baseline, precision 8, 258x224, components 3

tabclose.png

3515fe4848122a700d8a6eead8e1c1d8

PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced

unknown.png

1464eb608dccc13e2c409f9e2d9b7071

PNG image data, 512 x 512, 8-bit colormap, non-interlaced

upload.png

93927384fbc05b396d887b38fd554137

PNG image data, 491 x 491, 8-bit/color RGBA, non-interlaced

windows-client.png

29b6bf7e88a80b1b5715e564d72b05d2

PNG image data, 344 x 344, 8-bit/color RGBA, non-interlaced

windows-logo.png

e437f40274b14e4bec09703c453b205e

PNG image data, 344 x 344, 8-bit/color RGBA, non-interlaced

windows-server.png

6f4e7c830cec9f2fe17ec75a6bb17368

PNG image data, 1938 x 2500, 8-bit/color RGBA, non-interlaced

logodark-halloween.jpg

eab9ea4355e65f370abb36d60f7782f8

JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=9], baseline, precision 8, 2764x3088, components 3

logodark.jpg

28e4842d1fed68a10e4309ff23c2f05c

JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=9], baseline, precision 8, 2764x3088, components 3

logogrey.png

785c82985e58e92f1b0bdceeae9b1a6c

PNG image data, 2764 x 2874, 8-bit/color RGBA, non-interlaced

Nighthawk.xml

59a3d9a15e931b7496bdd81c10dff121

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

NLog.config

55673fbe430ff691e5fcee4a6dda6b48

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Implant.x64.dll

a3935489f5fd1feb8ea4948d4097570a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

Implant.x64.exe

887b5c82c51a8356461dc01b25d815fc

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

Implant.x86.dll

5125d40c02a99d0d50548a0d2d964506

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

Implant.x86.exe

ea855cd4c78fb714a5b0c2ac314f3981

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

Implant.x64.dll

a3935489f5fd1feb8ea4948d4097570a

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

Implant.x64.exe

887b5c82c51a8356461dc01b25d815fc

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

Implant.x86.dll

5125d40c02a99d0d50548a0d2d964506

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

Implant.x86.exe

ea855cd4c78fb714a5b0c2ac314f3981

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

InProcessDotNet.x64.dll

aea4d88d950d8f4c8853285cc9c360bc

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 9 sections

InProcessDotNet.x86.dll

4d8eb3de85216300e12b817099d09f0c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections

C2_Client.exe

ad512160c557ecc226c552e2bbc278c4

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections

NLog.dll

5ab6a621a1b53f0e607979f36dcdaf10

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects Nighthawk RAT
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	Detect pe file that no import table
Malpedia's yara-signator rules	malware	Detects win.nighthawk.
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public Nextron YARA rules	malware	Detects Nighthawk RAT
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	Detect pe file that no import table
Malpedia's yara-signator rules	malware	Detects win.nighthawk.
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	Detect pe file that no import table
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Elastic Security YARA Rules	malware	Windows.Trojan.Nighthawk
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public Nextron YARA rules	malware	Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Public Nextron YARA rules	malware	Detects Reflective DLL Loader
Public Nextron YARA rules	malware	Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
YARAhub by abuse.ch	malware	Detect pe file that no import table
VirusTotal	malicious	VirusTotal - Scan result 33/63

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/APTIRAN/C2/raw/refs/heads/main/nighthawkc2.7z

140.82.121.3

302 Found

0 B

URL User Request GET HTTP/2
github.com/APTIRAN/C2/raw/refs/heads/main/nighthawkc2.7z
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /APTIRAN/C2/raw/refs/heads/main/nighthawkc2.7z HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Fri, 31 Jan 2025 05:26:09 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin: 
location: https://raw.githubusercontent.com/APTIRAN/C2/refs/heads/main/nighthawkc2.7z
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: BD98:2532F2:187C4:19C95:679C5EF0
X-Firefox-Spdy: h2

raw.githubusercontent.com/APTIRAN/C2/refs/heads/main/nighthawkc2.7z

185.199.110.133

200 OK

3.5 MB

URL User Request GET HTTP/2
raw.githubusercontent.com/APTIRAN/C2/refs/heads/main/nighthawkc2.7z
IP
185.199.110.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
7-zip archive data, version 0.4
Size
3.5 MB (3521138 bytes)
Hash
75684b6de11a1f15d24ab861e80c924f
bbb39af7ac7160140553514b71ca350161ef9a29
fdc5cd90afc597b0455878a4753dac6fbbb87728a5b97a173044b144cd1acde8

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 33/63

HTTP Headers

GET /APTIRAN/C2/refs/heads/main/nighthawkc2.7z HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: W/"adce74c03b315f05ac5a1f87d0f2bb53cb1850e3f4fb227b5a943f36ad246a0a"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 8189:40731:156DDC:16E5AC:679C5EE0
accept-ranges: bytes
date: Fri, 31 Jan 2025 05:26:09 GMT
via: 1.1 varnish
x-served-by: cache-hel1410025-HEL
x-cache: HIT
x-cache-hits: 1
x-timer: S1738301170.578960,VS0,VE2
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 97810fd65d4ab791b5e899bba17c9d8fa3591eba
expires: Fri, 31 Jan 2025 05:31:09 GMT
source-age: 17
content-length: 3521138
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (96)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers