Report - github.com/ripsscanner/rips/archive/refs/tags/v0.55.zip

Report Overview

Submitted URL
github.com/ripsscanner/rips/archive/refs/tags/v0.55.zip
IP
140.82.121.4
ASN
#36459 GITHUB
Submitted
2024-05-10 11:55:42
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
codeload.github.com	62359	2007-10-09	2013-04-18	2024-05-08	512 B	138 kB	140.82.121.10
github.com	1423	2007-10-09	2016-07-13	2024-03-24	509 B	3.5 kB	140.82.121.4

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/ripsscanner/rips/zip/refs/tags/v0.55
IP
140.82.121.10
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
137 kB (137037 bytes)
Hash
a812a4c8227290a7bd24785f77e88945
2c6ccebf2ae0c5e37bd15cfef439b6a2ef180a84
ce0fc359e723cba08bbf23caf09dfb846b1c6c8a9f3e56f8d09e8e0f186d34f7

Archive (40)

Filename

Md5

File type

CHANGELOG

b8556f56c85f3acbc7ecca8118ec94c4

ASCII text

LICENSE

d32239bcb673463ab874e80d47fae504

ASCII text

general.php

16549226ae7eb9505e5b480d56a65919

PHP script, ASCII text

help.php

ee883a7a1f10afe20fa3b07a2ca4d88d

PHP script, ASCII text, with very long lines (583)

info.php

7c786e5aac1db20996c084160cf5ff44

PHP script, ASCII text

securing.php

c16095c8d0f474db4d6d60b4153d5eb9

PHP script, ASCII text

sinks.php

59f3b95cff44a4962c361802f1078063

PHP script, ASCII text

sources.php

79f77ea81d1946effdec7bae5d9e6512

PHP script, ASCII text

tokens.php

555542863651d6f543358fd2201c5266

PHP script, ASCII text

ayti.css

ba69accf1027851d2305b92fd65eaec5

ASCII text

barf.css

5320383716cabf94e76d3078e0a67080

ASCII text

code-dark.css

c7e672c2b6fd0041dae5595b4a667bb3

ASCII text

espresso.css

30fcd0ef60710353a1e887f621e71abd

ASCII text

notepad++.css

28793d913b557669d22d625c51fb3486

assembler source, ASCII text

phps.css

5016086eb287e80d2713aa5866797c6a

assembler source, ASCII text

print.css

74f71be406bd6e24dd764d5fc44111ec

ASCII text

rips.css

8e5def15906a52113cfc927f6b9d92c3

assembler source, ASCII text, with very long lines (1241)

rips.png

4e1a0a77e077b7dcfb29e8d68fcd622b

PNG image data, 122 x 52, 8-bit/color RGBA, non-interlaced

scanning.gif

5e2dd099285a1564bd757c6d0d733c78

GIF image data, version 89a, 91 x 121

term.css

1e4dd234e9603f8f78675e0a700ed77f

ASCII text

twilight.css

942bc2d0052d158e903167e7464f1867

ASCII text

index.php

3b8dafd98f1596b6f0d6280ec3cbdfb1

PHP script, ASCII text, with very long lines (480)

exploit.js

3faaa77e311f876f8d9df5c05e203067

ASCII text

hotpatch.js

a3c13aacb45a6790a7add3e710533156

ASCII text

netron.js

3129bfa233e0afb168c3df2baf2a741d

ASCII text

script.js

5f0957e5cc3557e4f7d9597e1d4a9b89

ASCII text

analyzer.php

0e469301f3d5456ef98b775467387fbc

PHP script, ASCII text

constructer.php

208eed47c9c8444268cff77b75965b5b

PHP script, ASCII text

filer.php

871fc6d87760d4607744a996c8d3823d

PHP script, ASCII text

printer.php

9fc129e273043b2c64d33951eeb18eb7

PHP script, ASCII text, with very long lines (383)

scanner.php

988195856ad911022a5a2f62c0a50b5c

PHP script, ASCII text, with very long lines (359)

searcher.php

ccaf5c04be172b13175ca981d0072cb8

PHP script, ASCII text

tokenizer.php

79a08d976f79f96326c811bca7a9f437

PHP script, ASCII text

main.php

0a168fcd5661e4c412c01baff472a7d4

PHP script, ASCII text, with very long lines (388)

code.php

189365d94b63e8538b027a569773d2fd

HTML document, ASCII text

exploit.php

32064a8c44e605892ffeb0f3f7866d04

PHP script, ASCII text

function.php

3df991bb6c78c64650544d3ceb78976c

HTML document, ASCII text

help.php

2c231b80b7e58ac0d20d87c9cfcda4b5

PHP script, ASCII text

hotpatch.php

ead16d578faf7dafa0a8267b36d46971

PHP script, ASCII text

leakscan.php

cde58660a3dccc6fec35e9584896ca5d

PHP script, ASCII text

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
Public Nextron YARA rules	malware	php webshell having some kind of input and some kind of payload. restricted to small files or big ones inclusing suspicious strings
Public Nextron YARA rules	malware	Generic PHP webshell which uses any eval/exec function in the same line with user input
VirusTotal	suspicious	VirusTotal - Scan result 2/62

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/ripsscanner/rips/archive/refs/tags/v0.55.zip

140.82.121.4

302 Found

0 B

URL User Request GET HTTP/2
github.com/ripsscanner/rips/archive/refs/tags/v0.55.zip
IP
140.82.121.4:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ripsscanner/rips/archive/refs/tags/v0.55.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Fri, 10 May 2024 11:55:16 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://codeload.github.com/ripsscanner/rips/zip/refs/tags/v0.55
cache-control: max-age=0, private
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FA58:3C7012:9EF5F48:A1C61F8:663E0B24
X-Firefox-Spdy: h2

codeload.github.com/ripsscanner/rips/zip/refs/tags/v0.55

140.82.121.10

200 OK

137 kB

URL User Request GET HTTP/2
codeload.github.com/ripsscanner/rips/zip/refs/tags/v0.55
IP
140.82.121.10:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subject*.github.com
Fingerprint0D:F6:EC:50:FA:ED:AE:6E:13:AF:82:94:52:F7:11:1B:0A:CF:7C:20
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
137 kB (137037 bytes)
Hash
a812a4c8227290a7bd24785f77e88945
2c6ccebf2ae0c5e37bd15cfef439b6a2ef180a84
ce0fc359e723cba08bbf23caf09dfb846b1c6c8a9f3e56f8d09e8e0f186d34f7

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/62

HTTP Headers

GET /ripsscanner/rips/zip/refs/tags/v0.55 HTTP/1.1
Host: codeload.github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=rips-0.55.zip
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
cross-origin-resource-policy: cross-origin
etag: W/"2fb51a18abdf0d1030062255c50e4e3cc7636e81392b33a86a170326ab562e7a"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
date: Fri, 10 May 2024 11:55:17 GMT
x-github-request-id: 32BF:2D63C1:43629E:53424A:663E0B24
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (40)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers