Report - github.com/PSGO/PPPwnGo/releases/download/v2.8-1028/PPPwnGo-v2.8-1028.zip

Report Overview

Visitedpublic

2024-11-01 19:15:28

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
github.com	1423	2007-10-09	2016-07-13	2024-10-30	527 B	4.3 kB	140.82.121.3
objects.githubusercontent.com	134060	2014-02-06	2021-11-01	2024-10-30	964 B	7.2 MB	185.199.108.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

objects.githubusercontent.com/github-production-release-asset-2e65be/794810266/4f736a50-67ac-4b56-9cd4-47935b6c0965?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241101%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241101T191501Z&X-Amz-Expires=300&X-Amz-Signature=4c816951102557040acca72fc8cf10fd346b059cb1de966a725dad870b3a5dc0&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DPPPwnGo-v2.8-1028.zip&response-content-type=application%2Foctet-stream

IP / ASN

185.199.108.133

#54113 FASTLY

File Overview

File TypeZip archive data, at least v2.0 to extract, compression method=deflate

Size7.2 MB (7213104 bytes)

MD54865097c4340b365430e409a282850b8

SHA160eee6312813a15205758d59e0f7c3918dd9d1f8

SHA2569d979aebfa9ee15298e15edb98212b3b00a4d97ebf836f9526566251d505df06

Archive (91)

Modified	Filename	Size	MD5	File type
2024-09-06 00:18	stage2.bin	2.7 kB	c976d00ec889926f2ac9fab2fd40ecfa	DOS executable (COM), start instruction 0xe96e0700 00534889
2024-09-06 00:18	stage2.bin	2.7 kB	bca7c2f584489f552b37d0867812be2f	DOS executable (COM), start instruction 0xe96e0700 00534889
2024-09-06 00:18	stage2.bin	2.7 kB	bca7c2f584489f552b37d0867812be2f	DOS executable (COM), start instruction 0xe96e0700 00534889
2024-09-06 00:18	stage2.bin	2.7 kB	bca7c2f584489f552b37d0867812be2f	DOS executable (COM), start instruction 0xe96e0700 00534889
2024-09-06 00:18	stage2.bin	2.7 kB	6b954dd1bab01a79c7f7033ae6d1fe71	DOS executable (COM), start instruction 0xe96e0700 00534889
2024-09-06 00:18	stage2.bin	2.7 kB	6b954dd1bab01a79c7f7033ae6d1fe71	DOS executable (COM), start instruction 0xe96e0700 00534889
2024-09-06 00:18	stage2.bin	2.7 kB	6b954dd1bab01a79c7f7033ae6d1fe71	DOS executable (COM), start instruction 0xe96e0700 00534889
2024-09-06 00:18	stage2.bin	2.7 kB	0c43112d611c3723adb27010c28a5c52	DOS executable (COM), start instruction 0xe96e0700 00534889
2024-05-10 23:54	Wait for other FWs	0 B	d41d8cd98f00b204e9800998ecf8427e
2024-06-19 16:51	Payload˵��readme.txt	261 B	56812b74f96d715f779fecc5399862fe	Unicode text, UTF-8 text, with CRLF line terminators
2024-10-28 13:09	goldhen.bin	260 kB	78c655db47c395434715fce94fa86743	DOS executable (COM), start instruction 0xe9861100 00f30f1e
2024-08-23 09:25	payload.bin	15 kB	a09599036497c3554dd6a73fb71f7812	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	15 kB	aeae08a07e580545066b5e28e208dd4f	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	4c6f0ccc08e5c7d6399d24e7817b7e3f	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	7bc8b565a82eddf7fe70b34311be86ac	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-10-28 13:09	goldhen.bin	260 kB	78c655db47c395434715fce94fa86743	DOS executable (COM), start instruction 0xe9861100 00f30f1e
2024-05-10 23:54	goldhen.bin	282 kB	9bf90ebe4f19699e41eaad1071392c6d	DOS executable (COM), start instruction 0xe9661000 00f30f1e
2024-05-10 23:54	goldhen.bin	283 kB	db7ed7262f90d2f9f8342b1ae57179f5	DOS executable (COM), start instruction 0xe9661000 00f30f1e
2024-06-19 16:50	GoldHEN vs VTX.png	43 kB	5fabbff85db7895beb2018b66d4c2e5a	PNG image data, 480 x 550, 8-bit/color RGBA, non-interlaced
2024-10-28 13:09	goldhen.bin	260 kB	78c655db47c395434715fce94fa86743	DOS executable (COM), start instruction 0xe9861100 00f30f1e
2024-10-28 13:09	goldhen.bin	260 kB	78c655db47c395434715fce94fa86743	DOS executable (COM), start instruction 0xe9861100 00f30f1e
2024-10-28 13:09	goldhen.bin	260 kB	78c655db47c395434715fce94fa86743	DOS executable (COM), start instruction 0xe9861100 00f30f1e
2024-10-28 13:09	goldhen.bin	260 kB	78c655db47c395434715fce94fa86743	DOS executable (COM), start instruction 0xe9861100 00f30f1e
2024-10-28 13:09	goldhen.bin	260 kB	78c655db47c395434715fce94fa86743	DOS executable (COM), start instruction 0xe9861100 00f30f1e
2024-10-28 13:09	goldhen.bin	260 kB	78c655db47c395434715fce94fa86743	DOS executable (COM), start instruction 0xe9861100 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	259a2fbed349517939de90fd3cf102ca	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	259a2fbed349517939de90fd3cf102ca	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	259a2fbed349517939de90fd3cf102ca	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	bd70d7919dd2e0f8cb8df59c7e7bc413	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	bd70d7919dd2e0f8cb8df59c7e7bc413	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	bd70d7919dd2e0f8cb8df59c7e7bc413	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	db1de0517866663ec98ab0b99d2ce3ab	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	db1de0517866663ec98ab0b99d2ce3ab	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	5ef1339fe2741d12a31d68dd3050e8bd	DOS executable (COM), start instruction 0xe9940200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	d9f75cf066b06470b7b759f81fa87ef3	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	payload.bin	16 kB	540a9e6326a6001207fa3631b1c48275	DOS executable (COM), start instruction 0xe9970200 00f30f1e
2024-08-23 09:24	stage2.bin	6.0 kB	1ae8c6d283a37ff3168c3401ac4e86a0	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	bfd749cd25b34373ba0184dc16165f3e	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	1ae8c6d283a37ff3168c3401ac4e86a0	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	bfd749cd25b34373ba0184dc16165f3e	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	1ae8c6d283a37ff3168c3401ac4e86a0	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	bfd749cd25b34373ba0184dc16165f3e	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	ca16956520dc8ce111856491aff89917	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	43d399fb566f47eaf0f21ab51893b661	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	ca16956520dc8ce111856491aff89917	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	43d399fb566f47eaf0f21ab51893b661	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	3967e107d97c66571b425377dc90ba2b	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	9da51f25f4f326952350124f6289fa84	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	9da51f25f4f326952350124f6289fa84	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:24	stage2.bin	6.0 kB	bf4e3a7df4dd01a29300cb57c0323620	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-08-23 09:25	stage2.bin	6.0 kB	bf4e3a7df4dd01a29300cb57c0323620	DOS executable (COM), start instruction 0xe96e0100 00534889
2024-07-11 18:32	PPPwnGo.exe	111 kB	1f2e533441f0511252c4505c10143463	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
2024-06-23 03:16	CPP_debug.ini	1.1 kB	4af5301123a3a8d83ee2367e8f101e78	Unicode text, UTF-8 text, with CRLF line terminators
2024-06-23 02:59	README.md	4.0 kB	9f4246fce21dcf5bbeb9df5308cd48eb	Unicode text, UTF-8 text
2024-06-23 02:55	˵��.txt	1.7 kB	45fad2b9eb1d96a8380e480c0d3edc4c	Unicode text, UTF-8 text
2024-05-03 14:59	4.��װpip��˫��.bat	40 B	58194b2a72727206780a3f6f0a1e51ae	ASCII text, with CRLF line terminators
2024-05-09 22:15	3.��װpython.txt	66 B	e69c776da0a2dda5c3927a1205f05c0f	Unicode text, UTF-8 text, with CRLF line terminators
2024-05-03 15:10	2.add Python to Path.png	103 kB	d6cb744eaec2c33afc6ba4c3ed93a028	PNG image data, 400 x 378, 8-bit/color RGB, non-interlaced
2024-06-23 02:51	1.��װnpcap.txt	454 B	699cdd28ed8cbc82f5f413bad33941cb	Unicode text, UTF-8 text, with CRLF line terminators
2024-05-03 08:29	5.��װscapy��˫��.bat	25 B	f75b5994777a0da1a7fdcda28546f454	ASCII text, with CRLF, LF line terminators
2024-06-16 23:57	pppwn.py	29 kB	c1908b4da915c4908f9d35fac921b709	Python script, ASCII text executable
2024-06-16 23:57	offsets.py	29 kB	d2cff007676aa9ba533bb831b9a7dfa6	ASCII text
2024-06-18 20:08	pppwn.exe	1.5 MB	ba2c3b1abcde339d0597ea0e32619b59	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections
2024-05-27 10:24	pppwn.exe	1.5 MB	87fd8e2c384052e9bfba97a92e4cd308	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections
2024-06-16 19:57	pppwn.exe	567 kB	520f94f2f218bd549e0dc2fbb9201bc9	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections
2024-06-01 18:38	pppwn.exe	567 kB	199f3d26b818603f961b0995aa5271b4	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed, 3 sections
2024-06-23 02:40	Go_debug.ini	621 B	415080b598b8e97f7a4da0314da57cd1	ASCII text, with CRLF line terminators
2024-06-02 17:19	ReadMe.txt	414 B	01c189b3483685952ad05fb01c6400e1	Unicode text, UTF-8 text, with CRLF line terminators
2024-05-07 06:10	stage1.bin	500 B	99b8083ac07bed4bf555f0ec02a7ffa4	data
2024-05-07 06:10	stage1.bin	500 B	99b8083ac07bed4bf555f0ec02a7ffa4	data
2024-05-03 01:49	stage1.bin	500 B	44f3cc05520077899c0cd51422811013	data
2024-05-03 01:50	stage1.bin	500 B	44f3cc05520077899c0cd51422811013	data
2024-05-03 01:50	stage1.bin	500 B	44f3cc05520077899c0cd51422811013	data
2024-05-03 00:23	stage1.bin	500 B	565a3867eb66b0baafdeb812037c95f8	data
2024-05-20 01:47	stage1.bin	500 B	1da7b4d77bcb45cbfef127c0b2892284	data
2024-05-20 01:47	stage1.bin	500 B	1da7b4d77bcb45cbfef127c0b2892284	data
2024-05-20 01:47	stage1.bin	500 B	1da7b4d77bcb45cbfef127c0b2892284	data
2024-05-06 22:06	stage1.bin	500 B	8f8d7e2777d51905e5b4e15a27a38219	data
2024-05-06 22:06	stage1.bin	500 B	8f8d7e2777d51905e5b4e15a27a38219	data
2024-05-06 22:06	stage1.bin	500 B	8f8d7e2777d51905e5b4e15a27a38219	data
2024-05-06 22:06	stage1.bin	500 B	896e8f979ea9621107546b49ec00ed86	data
2024-05-06 22:06	stage1.bin	500 B	896e8f979ea9621107546b49ec00ed86	data
2024-05-06 22:06	stage1.bin	500 B	896e8f979ea9621107546b49ec00ed86	data
2024-05-06 22:06	stage1.bin	500 B	411aab2f9f2947d66286c9dd8c9b7a63	data
2024-05-06 22:06	stage1.bin	500 B	411aab2f9f2947d66286c9dd8c9b7a63	data
2024-05-03 01:48	stage1.bin	500 B	ab7db32dbe6c6e4e8f80d642a41f5d05	data
2024-05-03 00:23	stage1.bin	500 B	e372c39870ae642dd32c28122f6727c9	data
2024-05-03 01:48	stage1.bin	500 B	e372c39870ae642dd32c28122f6727c9	data
2024-05-03 01:49	stage1.bin	500 B	57749fe2519d4b987da8a4291d1d9fd7	data
2024-05-07 04:08	stage1.bin	500 B	57749fe2519d4b987da8a4291d1d9fd7	data
2024-05-03 01:49	stage1.bin	500 B	57749fe2519d4b987da8a4291d1d9fd7	data

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
YARAhub by abuse.ch	malware	pe_detect_tls_callbacks
YARAhub by abuse.ch	malware	pe_detect_tls_callbacks
VirusTotal	malicious	VirusTotal - Scan result 23/69

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/PSGO/PPPwnGo/releases/download/v2.8-1028/PPPwnGo-v2.8-1028.zip

140.82.121.3

302 Found

0 B

URL

github.com/PSGO/PPPwnGo/releases/download/v2.8-1028/PPPwnGo-v2.8-1028.zip

IP / ASN

140.82.121.3

#36459 GITHUB

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5605896

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /PSGO/PPPwnGo/releases/download/v2.8-1028/PPPwnGo-v2.8-1028.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Fri, 01 Nov 2024 19:15:01 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/794810266/4f736a50-67ac-4b56-9cd4-47935b6c0965?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241101%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241101T191501Z&X-Amz-Expires=300&X-Amz-Signature=4c816951102557040acca72fc8cf10fd346b059cb1de966a725dad870b3a5dc0&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DPPPwnGo-v2.8-1028.zip&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: E54F:160BE3:13DA71:14425D:672528B5
X-Firefox-Spdy: h2

GET objects.githubusercontent.com/github-production-release-asset-2e65be/794810266/4f736a50-67ac-4b56-9cd4-47935b6c0965?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241101%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241101T191501Z&X-Amz-Expires=300&X-Amz-Signature=4c816951102557040acca72fc8cf10fd346b059cb1de966a725dad870b3a5dc0&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DPPPwnGo-v2.8-1028.zip&response-content-type=application%2Foctet-stream

185.199.108.133

200 OK

7.2 MB

URL

IP / ASN

185.199.108.133

#54113 FASTLY

Requested byN/A

Resource Info

File typeZip archive data, at least v2.0 to extract, compression method=deflate

First Seen2024-11-01

Last Seen2024-11-01

Times Seen1

Size7.2 MB (7213104 bytes)

MD54865097c4340b365430e409a282850b8

SHA160eee6312813a15205758d59e0f7c3918dd9d1f8

SHA2569d979aebfa9ee15298e15edb98212b3b00a4d97ebf836f9526566251d505df06

Certificate Info

IssuerDigiCert Inc

Subject*.github.io

Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28

ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 23/69

HTTP Headers

GET /github-production-release-asset-2e65be/794810266/4f736a50-67ac-4b56-9cd4-47935b6c0965?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241101%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241101T191501Z&X-Amz-Expires=300&X-Amz-Signature=4c816951102557040acca72fc8cf10fd346b059cb1de966a725dad870b3a5dc0&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DPPPwnGo-v2.8-1028.zip&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Mon, 28 Oct 2024 10:20:18 GMT
etag: "0x8DCF73A1F625D72"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b587e241-901e-004a-1497-2a42da000000
x-ms-version: 2024-08-04
x-ms-creation-time: Mon, 28 Oct 2024 10:20:18 GMT
x-ms-blob-content-md5: SGUJfENAs2VDDkCaKChQuA==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=PPPwnGo-v2.8-1028.zip
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 223
date: Fri, 01 Nov 2024 19:15:02 GMT
x-served-by: cache-iad-kiad7000047-IAD, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 246, 0
x-timer: S1730488502.825903,VS0,VE109
content-length: 7213104
X-Firefox-Spdy: h2