Report - download.ntllab.com/allow

Report Overview

Submitted URL
download.ntllab.com/allow_port5080.zip
IP
203.248.19.70
ASN
#9952 Hostway IDC
Submitted
2024-03-29 10:36:27
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
download.ntllab.com	unknown	unknown	No data	No data	492 B	124 kB	203.248.19.70

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
download.ntllab.com/allow_port5080.zip
IP
203.248.19.70
ASN
#9952 Hostway IDC

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
124 kB (124117 bytes)
Hash
d151add0a72e300901111c81285138f3
1abbf3b7a4c62280d553fbfa5e28c46075ccbcdb
e77bc36c1bf213b75317589059f40d6cc02c8bcd1e87a9dd340480f4535efa4d

Archive (6)

Filename

Md5

File type

auto-firewall.bat

037a69aa04358541635d75345221dde2

ASCII text, with CRLF line terminators

NirCmd.chm

4e796f81fc6f1078c08e93d006d24e7a

MS Windows HtmlHelp Data

nircmd.exe

a1cd6a64e8f8ad5d4b6c07dc4113c7ec

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

nircmdc.exe

0e69b6bd18e064c83a11b48495c1b01e

PE32 executable (console) Intel 80386, for MS Windows, UPX compressed, 3 sections

run.bat

22f1e27e9f45bc68907b2327aeedb5a4

ASCII text, with CRLF line terminators

��뼳��.txt

51c1d0e9da44acb4d5bb2908940d30a5

Unicode text, UTF-8 text, with no line terminators

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	download.ntllab.com/allow_port5080.zip	203.248.19.70	200 OK	124 kB
URL User Request GET HTTP/2 download.ntllab.com/allow_port5080.zip IP 203.248.19.70:443 ASN #9952 Hostway IDC Certificate IssuerGlobalSign nv-sa Subject.ntllab.com Fingerprint4C:23:23:9C:CF:31:7C:7A:BA:10:EA:20:0B:23:EC:EA:E6:7C:13:21 ValidityMon, 26 Jun 2023 01:47:25 GMT - Sat, 27 Jul 2024 01:47:24 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 124 kB (124117 bytes) Hash d151add0a72e300901111c81285138f3 1abbf3b7a4c62280d553fbfa5e28c46075ccbcdb e77bc36c1bf213b75317589059f40d6cc02c8bcd1e87a9dd340480f4535efa4d HTTP Headers `GET /allow_port5080.zip HTTP/1.1 Host: download.ntllab.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/x-zip-compressed last-modified: Thu, 18 Jun 2020 08:11:47 GMT accept-ranges: bytes etag: "d643b91c4845d61:0" server: Microsoft-IIS/10.0 date: Fri, 29 Mar 2024 10:36:01 GMT content-length: 124117 X-Firefox-Spdy: h2`

download.ntllab.com/allow_port5080.zip

203.248.19.70

200 OK

124 kB

URL User Request GET HTTP/2
download.ntllab.com/allow_port5080.zip
IP
203.248.19.70:443
ASN
#9952 Hostway IDC

Certificate
IssuerGlobalSign nv-sa
Subject*.ntllab.com
Fingerprint4C:23:23:9C:CF:31:7C:7A:BA:10:EA:20:0B:23:EC:EA:E6:7C:13:21
ValidityMon, 26 Jun 2023 01:47:25 GMT - Sat, 27 Jul 2024 01:47:24 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
124 kB (124117 bytes)
Hash
d151add0a72e300901111c81285138f3
1abbf3b7a4c62280d553fbfa5e28c46075ccbcdb
e77bc36c1bf213b75317589059f40d6cc02c8bcd1e87a9dd340480f4535efa4d

HTTP Headers

GET /allow_port5080.zip HTTP/1.1
Host: download.ntllab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-zip-compressed
last-modified: Thu, 18 Jun 2020 08:11:47 GMT
accept-ranges: bytes
etag: "d643b91c4845d61:0"
server: Microsoft-IIS/10.0
date: Fri, 29 Mar 2024 10:36:01 GMT
content-length: 124117
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (6)

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers