Report - test.l1n3.net/tools/nps_client/npc_windows_386

Report Overview

Visitedpublic

2024-09-16 21:10:22

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-15 18:12:18	1.3 kB	3.6 kB	23.36.76.226
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-15 18:13:05	654 B	1.8 kB	23.36.76.226
test.l1n3.net	unknown	2014-07-02	2019-12-18 23:54:29	2024-04-10 20:18:05	511 B	10 MB	47.75.55.165

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

test.l1n3.net/tools/nps_client/npc_windows_386_client.exe

IP / ASN

47.75.55.165

#45102 Alibaba US Technology Co., Ltd.

File Overview

File TypePE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections

Size10 MB (10245632 bytes)

MD574333efdbc06a393120cc420f835088f

SHA1252db34ee7b029dd9a754d7e70b09797081cbbb1

SHA256cab0376ec4e149f5242729bb3b5702772456bed3a601ce57bf0511196f5a5c6f

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 49/73

JavaScript (0)

HTTP Transactions (7)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-15

Last Seen2024-09-19

Times Seen27661

Size504 B (504 bytes)

MD5cbe3df23d7a1a604654e06ccca10ab85

SHA1907419e4690cac7c3af83a771260ec3dd8118bf3

SHA256a50cd1c21ca6fcd7b91806cc79bb4669602f2ed234d5722704df5959affecad0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A50CD1C21CA6FCD7B91806CC79BB4669602F2ED234D5722704DF5959AFFECAD0"
Last-Modified: Sun, 15 Sep 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6636
Expires: Mon, 16 Sep 2024 23:00:31 GMT
Date: Mon, 16 Sep 2024 21:09:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-16

Last Seen2024-09-19

Times Seen28960

Size504 B (504 bytes)

MD5b4ddabe3dc0fdf5ea3a82a9aebbb01c6

SHA1bfbff7cc66b83f1e16d8739a987f175866a6de68

SHA25673c53b2f9ea6cb310eb9df3e6d917f4649a2c2470b3ae7ee1e4bbb7102550016

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "73C53B2F9EA6CB310EB9DF3E6D917F4649A2C2470B3AE7EE1E4BBB7102550016"
Last-Modified: Sun, 15 Sep 2024 21:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13869
Expires: Tue, 17 Sep 2024 01:01:04 GMT
Date: Mon, 16 Sep 2024 21:09:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-15

Last Seen2024-09-19

Times Seen16054

Size504 B (504 bytes)

MD5050718ab9dc2838d2e9024055cb41483

SHA16e55983a400fc690d87e12582f4fa8553e7b95c6

SHA256d86c86521d6dffa0ae29cccbe08a53af825337b4d0e308884bf33122ee11e415

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D86C86521D6DFFA0AE29CCCBE08A53AF825337B4D0E308884BF33122EE11E415"
Last-Modified: Sun, 15 Sep 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6924
Expires: Mon, 16 Sep 2024 23:05:19 GMT
Date: Mon, 16 Sep 2024 21:09:55 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-15

Last Seen2024-09-19

Times Seen15319

Size504 B (504 bytes)

MD5dc2649e086d14b37f641e418f94b8dad

SHA10e5bcbba8b6c22a8652210eab920b0b3f02d18f3

SHA25690ea3c7af91be1cd66e22f44935435a8f844385ab37ce80dfb1f0d517fa91c02

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "90EA3C7AF91BE1CD66E22F44935435A8F844385AB37CE80DFB1F0D517FA91C02"
Last-Modified: Sun, 15 Sep 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16883
Expires: Tue, 17 Sep 2024 01:51:19 GMT
Date: Mon, 16 Sep 2024 21:09:56 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-19

Last Seen2024-09-19

Times Seen2

Size504 B (504 bytes)

MD56428044725a560df6149b917cecc2092

SHA11cf5d841622f7828878fe00a87302dd4bd002723

SHA256fc7a6f3c072df24804989834d0475b7fa35569c217392c98be0cbffd0a27441c

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FC7A6F3C072DF24804989834D0475B7FA35569C217392C98BE0CBFFD0A27441C"
Last-Modified: Sat, 14 Sep 2024 15:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21560
Expires: Tue, 17 Sep 2024 03:09:17 GMT
Date: Mon, 16 Sep 2024 21:09:57 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL HTTP

r11.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-09-15

Last Seen2024-09-19

Times Seen10856

Size504 B (504 bytes)

MD5ca723553e74ec93d39dd2f922b78cd33

SHA119488770f771507f7cc656302076d90be4453b52

SHA2567868b9d67d4d3aa59f3cfae358b4252f060290eee91b140396c820b9387af260

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7868B9D67D4D3AA59F3CFAE358B4252F060290EEE91B140396C820B9387AF260"
Last-Modified: Sun, 15 Sep 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3091
Expires: Mon, 16 Sep 2024 22:01:28 GMT
Date: Mon, 16 Sep 2024 21:09:57 GMT
Connection: keep-alive

GET test.l1n3.net/tools/nps_client/npc_windows_386_client.exe

47.75.55.165

200 OK

10 MB

URL User Request GET HTTPS

test.l1n3.net/tools/nps_client/npc_windows_386_client.exe

IP / ASN

47.75.55.165

#45102 Alibaba US Technology Co., Ltd.

Requested byN/A

Resource Info

File typePE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections

First Seen2023-08-13

Last Seen2024-12-01

Times Seen7

Size10 MB (10245632 bytes)

MD574333efdbc06a393120cc420f835088f

SHA1252db34ee7b029dd9a754d7e70b09797081cbbb1

SHA256cab0376ec4e149f5242729bb3b5702772456bed3a601ce57bf0511196f5a5c6f

Certificate Info

IssuerLet's Encrypt

Subjecttest.l1n3.net

FingerprintBB:F4:13:56:2B:31:63:B2:15:32:5F:1C:E9:38:20:E7:E5:A1:F1:FB

ValidityMon, 29 Jul 2024 10:42:58 GMT - Sun, 27 Oct 2024 10:42:57 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 49/73

HTTP Headers

GET /tools/nps_client/npc_windows_386_client.exe HTTP/1.1
Host: test.l1n3.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 16 Sep 2024 21:09:57 GMT
Server: Apache/2.4.59 (Debian)
Last-Modified: Thu, 08 Apr 2021 06:37:44 GMT
ETag: "9c5600-5bf7048e89e00"
Accept-Ranges: bytes
Content-Length: 10245632
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program