Report - github.com/dpradov/keynote-nf/releases/download/v1.9.2.1/KeyNote.NF

Report Overview

Submitted URL
github.com/dpradov/keynote-nf/releases/download/v1.9.2.1/KeyNote.NF_1.9.2.1.zip
IP
140.82.121.4
ASN
#36459 GITHUB
Submitted
2024-04-24 06:30:10
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
7

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-04-23	999 B	4.3 MB	185.199.110.133
github.com	1423	2007-10-09	2016-07-13	2024-03-24	533 B	3.9 kB	140.82.121.4

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
objects.githubusercontent.com/github-production-release-asset-2e65be/41261933/1299ee7d-a83b-4f2d-91dd-cf376a0994f4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T062943Z&X-Amz-Expires=300&X-Amz-Signature=2a715896ef74848c9c1c7de6c4a8298f881d5723cf5638379c8954e619eb8229&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=41261933&response-content-disposition=attachment%3B%20filename%3DKeyNote.NF_1.9.2.1.zip&response-content-type=application%2Foctet-stream
IP
185.199.110.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
4.3 MB (4261762 bytes)
Hash
14abb71eb49ee265d83a1abecf11f6d7
21c3bb9e7d00358e15efe6a26880536b410f59f8
d9719a8b55274fad81d3d62943d192d4e60a5b8386708fb6f9ea7cb535b0e88b

Archive (55)

Filename

Md5

File type

alert.wav

9bfedf478e442f4753d9f54c3465fae6

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz

clip.wav

ad2378ca21a0ca529df328261e07aed5

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz

dateformats.txt

cf8360cc1e0a89d47554466b35fd2193

ASCII text, with CRLF line terminators

acknowledgments.txt

904d3fe9af84919e0de0e5058d3b3912

ASCII text, with CRLF line terminators

Changes in 1.8.0 Beta1-6.txt

b31da0358e60bbe0af83ebec922295e0

data

Changes in 1.8.1 Beta1-6.txt

b8410b03e40e75c4f0157798220d6c66

Generic INItialization configuration [IMPORTANT]

Changes in 1.8.2 .01.txt

ffdd1baefd509df12d63603835b8388d

ASCII text, with CRLF line terminators

Changes in 1.8.3 .01.txt

f2cb52352e6d13ea2276586075620924

ASCII text, with CRLF line terminators

Changes in 1.8.4 .01.txt

c3ab6e0a93e2a351255f5a519412f4e5

ASCII text, with CRLF line terminators

Changes in 1.8.5 .01.txt

4b32671cc3bebd51c2a151d765074339

Unicode text, UTF-8 text, with CRLF line terminators

Changes in 1.9.0 .01.txt

4cc2fc1ca82adf4dd87a77c47dccc520

Generic INItialization configuration [ExtKNTLnkInNewInst]

Changes in 1.9.1 .01.txt

798aef29e07760722234851e522a8691

ASCII text, with CRLF line terminators

Changes in 1.9.2 .01.txt

86b1476be43b00fdd00591ae6264d1e2

Unicode text, UTF-8 text, with CRLF line terminators

dart.txt

917dd0d3cee2f2129f0ec81de6c601bb

ASCII text, with very long lines (882), with CRLF line terminators

dart_format.txt

fd34fc1c50c967983a9321128a2794ff

ASCII text, with CRLF line terminators

fileformat.knt

495d2ff4465080703f602dcddaabda76

a GFKNT 2.0 script, ASCII text executable, with CRLF line terminators

fileformat.txt

2cb5fab758e77fff47441d714bcaca5e

ASCII text, with very long lines (604), with CRLF line terminators

fileformat_1.6.5.txt

0f2b2749494c17b89bec7b1434feb588

ASCII text, with very long lines (604), with CRLF line terminators

fileformat_minimal.knt

2dddca1df49c8d16e969dc13516cf17a

a GFKNT 2.0 script, ASCII text executable, with CRLF line terminators

fileformat_readme.txt

c7f77fb73de6a51894325cf4fa6684c4

ASCII text, with CRLF line terminators

history.txt

1f3bb5d1020241eb1bddb3d44bb4da4d

ASCII text, with very long lines (951), with CRLF line terminators

LICENSE.txt

cfd7d66d2864c38232ec1ef20b27c13a

ASCII text, with CRLF line terminators

README.md

7c5fecec212f1f343be4448df642926f

HTML document, ASCII text, with very long lines (1088), with CRLF line terminators

README_News.txt

5145fe188742208672d15921066c7848

ISO-8859 text, with CRLF line terminators

References.md

fbae5868de950b5599127551e280e7ee

ASCII text, with CRLF line terminators

wordweb.txt

cd60ec978fac1a723b636443f238afe1

ASCII text, with very long lines (317), with CRLF line terminators

cmdline.txt

f6e7c5960fd1df809b0757b7adb26983

ASCII text, with very long lines (344), with CRLF line terminators

KeyNoteNF_Help.knt

b761564a7db62fe74f61cc676ae7e73a

data

keynote_hlp.ico

c8c22482a03e22decde2682c64f4d663

MS Windows icon resource - 3 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel

Profiles.txt.lnk

449c1113673ed11bf9b8e7999764564e

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Apr 1 21:32:52 2024, mtime=Mon Apr 1 21:32:52 2024, atime=Wed Mar 6 21:09:58 2024, length=4911, window=hide

keyboard.css

10c23941bbfdbd4cda4a0146ace6c1be

ASCII text, with CRLF line terminators

KeyNote NF Help.lnk

9315798f63b18ba111820a2a50cb8377

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Mon Apr 1 21:32:51 2024, mtime=Mon Apr 1 21:32:51 2024, atime=Mon Apr 1 20:00:00 2024, length=174184, window=hide

keynote.exe

cb4327df72a7090a5510f6ffbb26ff4b

PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections

KeyNote.tip

4814b026a9fd754fdb1a7b8341a573da

ASCII text, with CRLF line terminators

kntLauncher.exe

6dae42c48ae1071c932553d87ea00e5b

PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections

kntutils.dll

4cc119928319b05233baf117a64e06e8

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 10 sections

_AutoNewFile.knm

418532bde58c8ad9150eca86ccd11bca

ASCII text, with CRLF line terminators

_AutoNewNode.knm

12285ef1c30a8f7beaadaca042da0524

ASCII text, with CRLF line terminators

_AutoNewNote.knm

98f62d1545053e42c4ecd20962ef2e35

ASCII text, with CRLF line terminators

_AutoNewTree.knm

cd89c3363a8cc56c6382caf5bc735a2c

ASCII text, with CRLF line terminators

_Test_Macro.knm

5301e343d6dce33d2cdfdb10eb40ecb6

ASCII text, with CRLF line terminators

kncalendar.knl

c16b75e73e2752aa86ef388c8a442449

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

kncalendar_readme.txt

05d6c6bbf995f52b1cf2799cec2b847f

ASCII text, with CRLF line terminators

keynote.exp

18d772850bc4b0c22ddc8978078ad9fe

Non-ISO extended-ASCII text, with CRLF line terminators

keynote.icn

7ed65ad95f688930ebf42e8e6012c58a

Delphi compiled form 'TImageList'

keynote.kns

6a038b07d33bbee00e4c08a80990f670

Generic INItialization configuration [2]

nodehead.rtf

ee27b8b66039c1556bb06fd7f0e190ab

Rich Text Format data, version 1, ANSI

notehead.rtf

291fa585a984f899b3feb13bb3914bc3

Rich Text Format data, version 1, ANSI

keynote.ini

9ffc8db270e7c89190727428ebe79d39

Generic INItialization configuration [EditorOptions]

keynote.kns

6a038b07d33bbee00e4c08a80990f670

Generic INItialization configuration [2]

keynote.mgr

84a6be82368f5fc5cfa442068a2c103e

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

keynote.mru

89f7aecd277346667a35cde97886c4fd

Generic INItialization configuration [TB97aToolbar_Format]

Profiles.txt

acef66f8a141b2aab09b085c8ee62805

ASCII text, with CRLF line terminators

Meeting template - sample.rtf

d4c190cccceff50e28d254d85abbea1b

Rich Text Format data, version 1, ANSI, code page 1252

timeformats.txt

71012a176ce08b74eeb1c4a498702207

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
VirusTotal	suspicious	VirusTotal - Scan result 7/61

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/dpradov/keynote-nf/releases/download/v1.9.2.1/KeyNote.NF_1.9.2.1.zip

140.82.121.4

302 Found

0 B

URL User Request GET HTTP/2
github.com/dpradov/keynote-nf/releases/download/v1.9.2.1/KeyNote.NF_1.9.2.1.zip
IP
140.82.121.4:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dpradov/keynote-nf/releases/download/v1.9.2.1/KeyNote.NF_1.9.2.1.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Wed, 24 Apr 2024 06:29:43 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/41261933/1299ee7d-a83b-4f2d-91dd-cf376a0994f4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T062943Z&X-Amz-Expires=300&X-Amz-Signature=2a715896ef74848c9c1c7de6c4a8298f881d5723cf5638379c8954e619eb8229&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=41261933&response-content-disposition=attachment%3B%20filename%3DKeyNote.NF_1.9.2.1.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 1424:2DEC2F:DFC41CB:E1BEEF5:6628A6D7
X-Firefox-Spdy: h2

objects.githubusercontent.com/github-production-release-asset-2e65be/41261933/1299ee7d-a83b-4f2d-91dd-cf376a0994f4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T062943Z&X-Amz-Expires=300&X-Amz-Signature=2a715896ef74848c9c1c7de6c4a8298f881d5723cf5638379c8954e619eb8229&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=41261933&response-content-disposition=attachment%3B%20filename%3DKeyNote.NF_1.9.2.1.zip&response-content-type=application%2Foctet-stream

185.199.110.133

200 OK

4.3 MB

URL User Request GET HTTP/2
objects.githubusercontent.com/github-production-release-asset-2e65be/41261933/1299ee7d-a83b-4f2d-91dd-cf376a0994f4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T062943Z&X-Amz-Expires=300&X-Amz-Signature=2a715896ef74848c9c1c7de6c4a8298f881d5723cf5638379c8954e619eb8229&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=41261933&response-content-disposition=attachment%3B%20filename%3DKeyNote.NF_1.9.2.1.zip&response-content-type=application%2Foctet-stream
IP
185.199.110.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
4.3 MB (4261762 bytes)
Hash
14abb71eb49ee265d83a1abecf11f6d7
21c3bb9e7d00358e15efe6a26880536b410f59f8
d9719a8b55274fad81d3d62943d192d4e60a5b8386708fb6f9ea7cb535b0e88b

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 7/61

HTTP Headers

GET /github-production-release-asset-2e65be/41261933/1299ee7d-a83b-4f2d-91dd-cf376a0994f4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240424%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240424T062943Z&X-Amz-Expires=300&X-Amz-Signature=2a715896ef74848c9c1c7de6c4a8298f881d5723cf5638379c8954e619eb8229&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=41261933&response-content-disposition=attachment%3B%20filename%3DKeyNote.NF_1.9.2.1.zip&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
content-md5: FKu3HrSe4mXYOhq+zxH21w==
last-modified: Mon, 01 Apr 2024 21:45:20 GMT
etag: "0x8DC52950731995C"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 31ebd6a1-f01e-002e-1310-96b342000000
x-ms-version: 2020-10-02
x-ms-creation-time: Mon, 01 Apr 2024 21:45:20 GMT
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=KeyNote.NF_1.9.2.1.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 0
date: Wed, 24 Apr 2024 06:29:43 GMT
x-served-by: cache-iad-kcgs7200075-IAD, cache-hel1410020-HEL
x-cache: HIT, MISS
x-cache-hits: 3, 0
x-timer: S1713940183.269192,VS0,VE490
content-length: 4261762
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (55)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers