Report - download.nxzsoftware.cn/downloads/reiboot.exe?package=reiboot

Report Overview

Visitedpublic

2024-07-29 05:19:32

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-28 18:17:42	2.3 kB	6.2 kB	23.36.77.32
download.nxzsoftware.cn	unknown	2022-11-25	2022-12-15 04:21:27	2024-06-03 01:18:18	538 B	1.9 MB	180.163.146.102

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

download.nxzsoftware.cn/downloads/reiboot.exe?package=reiboot_223531245286723584.exe

IP / ASN

180.163.146.102

#4812 China Telecom Group

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

Size1.9 MB (1902352 bytes)

MD5ac146bb04ba940544624746fc5949fb1

SHA14e1e3625a590681b4b23b0e0bfe47708faeb62b4

SHA256fc5b77439d264db8533c0b57cecc4f642680edfab74ca0b71b26919db062fe2f

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/73

JavaScript (0)

HTTP Transactions (8)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-27

Last Seen2024-08-19

Times Seen27742

Size504 B (504 bytes)

MD51923cde36555abe065c52a358521a6f5

SHA11cfff065ff7d9706aa7142cc99855769a50f642e

SHA2569bdc1a9c47d76dc96134b04996050573491d15a2d8b6be4157791b9d6f0766c9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9BDC1A9C47D76DC96134B04996050573491D15A2D8B6BE4157791B9D6F0766C9"
Last-Modified: Sat, 27 Jul 2024 06:56:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2883
Expires: Mon, 29 Jul 2024 06:07:10 GMT
Date: Mon, 29 Jul 2024 05:19:07 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-27

Last Seen2024-08-19

Times Seen18604

Size504 B (504 bytes)

MD5b8e31d15afcf09f5bb82859001dd8709

SHA19cbcde3c0dfe955fa6116416d94a7a18746b50c7

SHA256552c092e8f81ebcd4575f45f58dbbc32e2813e6e6a988adf173122916658ae47

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "552C092E8F81EBCD4575F45F58DBBC32E2813E6E6A988ADF173122916658AE47"
Last-Modified: Sat, 27 Jul 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2893
Expires: Mon, 29 Jul 2024 06:07:20 GMT
Date: Mon, 29 Jul 2024 05:19:07 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-27

Last Seen2024-08-19

Times Seen27365

Size504 B (504 bytes)

MD5182b9c01b864c7d116c3fc28cbb58d6e

SHA1644efdd1cd6ee4e5d5ec976387b3dbf47ed51dc1

SHA2565d2cc1a96f886c04483d570f2fba83b9b430796d2faf9d6d115cca98bc6b713f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D2CC1A96F886C04483D570F2FBA83B9B430796D2FAF9D6D115CCA98BC6B713F"
Last-Modified: Sat, 27 Jul 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18098
Expires: Mon, 29 Jul 2024 10:20:45 GMT
Date: Mon, 29 Jul 2024 05:19:07 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-27

Last Seen2024-08-19

Times Seen17718

Size504 B (504 bytes)

MD50b1ec2ddc6f2bdcb53c4a68f0dadfffa

SHA16e2cca0a8a8c68f778c60628583b1c944c3cc2fc

SHA2567d7df3345b5736ccce59d0996a373c2ccc915b51d725a47131936cb170207467

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7D7DF3345B5736CCCE59D0996A373C2CCC915B51D725A47131936CB170207467"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12972
Expires: Mon, 29 Jul 2024 08:55:20 GMT
Date: Mon, 29 Jul 2024 05:19:08 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-27

Last Seen2024-08-19

Times Seen13637

Size504 B (504 bytes)

MD59a7aa74598eea5bc84f07fc2318a2e3c

SHA15de3cab9a17f1d5becc592a7e890fdf7270f6f68

SHA256b91855e23d5499619d9f797b60209740f0c9b5c3514d0939124ac1afa6b577bf

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B91855E23D5499619D9F797B60209740F0C9B5C3514D0939124AC1AFA6B577BF"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2531
Expires: Mon, 29 Jul 2024 06:01:20 GMT
Date: Mon, 29 Jul 2024 05:19:09 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-27

Last Seen2024-08-19

Times Seen13637

Size504 B (504 bytes)

MD59a7aa74598eea5bc84f07fc2318a2e3c

SHA15de3cab9a17f1d5becc592a7e890fdf7270f6f68

SHA256b91855e23d5499619d9f797b60209740f0c9b5c3514d0939124ac1afa6b577bf

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B91855E23D5499619D9F797B60209740F0C9B5C3514D0939124AC1AFA6B577BF"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2531
Expires: Mon, 29 Jul 2024 06:01:20 GMT
Date: Mon, 29 Jul 2024 05:19:09 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-27

Last Seen2024-08-19

Times Seen13637

Size504 B (504 bytes)

MD59a7aa74598eea5bc84f07fc2318a2e3c

SHA15de3cab9a17f1d5becc592a7e890fdf7270f6f68

SHA256b91855e23d5499619d9f797b60209740f0c9b5c3514d0939124ac1afa6b577bf

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B91855E23D5499619D9F797B60209740F0C9B5C3514D0939124AC1AFA6B577BF"
Last-Modified: Sat, 27 Jul 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2531
Expires: Mon, 29 Jul 2024 06:01:20 GMT
Date: Mon, 29 Jul 2024 05:19:09 GMT
Connection: keep-alive

GET download.nxzsoftware.cn/downloads/reiboot.exe?package=reiboot_223531245286723584.exe

180.163.146.102

200 OK

1.9 MB

URL

download.nxzsoftware.cn/downloads/reiboot.exe?package=reiboot_223531245286723584.exe

IP / ASN

180.163.146.102

#4812 China Telecom Group

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

First Seen2023-06-18

Last Seen2025-07-23

Times Seen266

Size1.9 MB (1902352 bytes)

MD5ac146bb04ba940544624746fc5949fb1

SHA14e1e3625a590681b4b23b0e0bfe47708faeb62b4

SHA256fc5b77439d264db8533c0b57cecc4f642680edfab74ca0b71b26919db062fe2f

Certificate Info

IssuerLet's Encrypt

Subjectdownload.nxzsoftware.cn

Fingerprint1D:9D:EF:87:D5:6C:CC:28:79:D7:84:AA:36:BD:D3:9F:3A:FA:46:A4

ValidityTue, 28 May 2024 19:17:47 GMT - Mon, 26 Aug 2024 19:17:46 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/73

HTTP Headers

GET /downloads/reiboot.exe?package=reiboot_223531245286723584.exe HTTP/1.1
Host: download.nxzsoftware.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/octet-stream
Content-Length: 1902352
Connection: keep-alive
Date: Mon, 29 Jul 2024 00:33:13 GMT
Accept-Ranges: bytes
Via: cache60.l2cn3022[162,171,304-0,H], cache17.l2cn3022[173,0], kunlun7.cn7174[0,0,200-0,H], kunlun1.cn7174[0,0]
Last-Modified: Thu, 01 Jun 2023 07:27:35 GMT
ETag: "64784867-1d0710"
Age: 17155
Ali-Swift-Global-Savetime: 1722213193
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
X-Swift-SaveTime: Mon, 29 Jul 2024 00:33:13 GMT
X-Swift-CacheTime: 172800
Content-Disposition: attachment;filename=reiboot_223531245286723584.exe
Timing-Allow-Origin: *
EagleId: b4a3921517222303486186491e