Report - endpointprotectiontest.s3.amazonaws.com/1.exe

Report Overview

Visited public
2024-10-03 14:12:11
Tags
URL
endpointprotectiontest.s3.amazonaws.com/1.exe
Finishing URL
about:privatebrowsing
IP / ASN
52.219.117.153
#16509 AMAZON-02
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-02 18:12:28	1.3 kB	3.5 kB	23.36.76.249
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-10-02 18:12:27	1.3 kB	3.6 kB	23.36.76.225
endpointprotectiontest.s3.amazonaws.com	unknown	2005-08-18	2024-04-28 02:36:50	2024-09-26 12:06:00	499 B	74 kB	52.219.113.121

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-10-03	medium	endpointprotectiontest.s3.amazonaws.com/1.exe	Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
endpointprotectiontest.s3.amazonaws.com/1.exe
IP
52.219.113.121
ASN
#16509 AMAZON-02

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
74 kB (73802 bytes)
Hash
2a97f4e4eb9a642d864705758a636db9
3364f33bd4bd5eef06c16a69f7e71facaa93e250
76caba5f3e837a0098fa5838f22c695f9ea3bc761a4510051fc2d1100b50fca4

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
VirusTotal	malicious	VirusTotal - Scan result 64/70

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1ef80c744705527b3ea5e0d1f35d3b3a
693f25f915e0a83c3fd9245a94286facd7d91eae
677408261ae6acf6c34d9bd6fc2964ee17a60997c9b7825ccf58ec8c3dfc83cf

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "677408261AE6ACF6C34D9BD6FC2964EE17A60997C9B7825CCF58EC8C3DFC83CF"
Last-Modified: Thu, 03 Oct 2024 07:49:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13233
Expires: Thu, 03 Oct 2024 17:52:18 GMT
Date: Thu, 03 Oct 2024 14:11:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
701cda0115d2dddafb665ed755667ed6
2581d5abcf4e9f2836e4b22486d66f6698b791ed
b7f29d48807eb55ba269d5c07f8ae07238f88db1116eee840567cbbcc80469e9

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B7F29D48807EB55BA269D5C07F8AE07238F88DB1116EEE840567CBBCC80469E9"
Last-Modified: Thu, 03 Oct 2024 04:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2398
Expires: Thu, 03 Oct 2024 14:51:43 GMT
Date: Thu, 03 Oct 2024 14:11:45 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
37bec8073006175a281abf09f9019afe
ae47f964d87ddeed3c05747eb4e1a76bb87c86db
d5ffabecde9e1ebe75f1889972bb4902b35aa88020fae01f7e3dc01ab7552b29

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D5FFABECDE9E1EBE75F1889972BB4902B35AA88020FAE01F7E3DC01AB7552B29"
Last-Modified: Thu, 03 Oct 2024 04:15:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6644
Expires: Thu, 03 Oct 2024 16:02:30 GMT
Date: Thu, 03 Oct 2024 14:11:46 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c62edd4a5b68a44552fb51da41999548
bbada2707b221f2b1daee8a2e276d3314e99594a
5d7a0bc8afae39f6a488ec0e6f579f593a22ecf3428e35c07bd9706ab6ef4612

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "5D7A0BC8AFAE39F6A488EC0E6F579F593A22ECF3428E35C07BD9706AB6EF4612"
Last-Modified: Tue, 01 Oct 2024 20:05:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7437
Expires: Thu, 03 Oct 2024 16:15:43 GMT
Date: Thu, 03 Oct 2024 14:11:46 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.225

504 B

URL
r11.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9b27c49b8bf7401ddde12d0f77c754dc
eece7a3857a2500b86fadcef0d97b40ddaeb368c
0b6a970d6641426a36b3e7c389c8d9ead17c4587f8456ab6ecb285835d137179

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B6A970D6641426A36B3E7C389C8D9EAD17C4587F8456AB6ECB285835D137179"
Last-Modified: Thu, 03 Oct 2024 04:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12274
Expires: Thu, 03 Oct 2024 17:36:22 GMT
Date: Thu, 03 Oct 2024 14:11:48 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.249

504 B

URL
r11.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9b27c49b8bf7401ddde12d0f77c754dc
eece7a3857a2500b86fadcef0d97b40ddaeb368c
0b6a970d6641426a36b3e7c389c8d9ead17c4587f8456ab6ecb285835d137179

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B6A970D6641426A36B3E7C389C8D9EAD17C4587F8456AB6ECB285835D137179"
Last-Modified: Thu, 03 Oct 2024 04:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12181
Expires: Thu, 03 Oct 2024 17:34:49 GMT
Date: Thu, 03 Oct 2024 14:11:48 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.225

504 B

URL
r11.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9b27c49b8bf7401ddde12d0f77c754dc
eece7a3857a2500b86fadcef0d97b40ddaeb368c
0b6a970d6641426a36b3e7c389c8d9ead17c4587f8456ab6ecb285835d137179

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B6A970D6641426A36B3E7C389C8D9EAD17C4587F8456AB6ECB285835D137179"
Last-Modified: Thu, 03 Oct 2024 04:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12274
Expires: Thu, 03 Oct 2024 17:36:22 GMT
Date: Thu, 03 Oct 2024 14:11:48 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.225

504 B

URL
r11.o.lencr.org/
IP
23.36.76.225:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9b27c49b8bf7401ddde12d0f77c754dc
eece7a3857a2500b86fadcef0d97b40ddaeb368c
0b6a970d6641426a36b3e7c389c8d9ead17c4587f8456ab6ecb285835d137179

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0B6A970D6641426A36B3E7C389C8D9EAD17C4587F8456AB6ECB285835D137179"
Last-Modified: Thu, 03 Oct 2024 04:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12274
Expires: Thu, 03 Oct 2024 17:36:22 GMT
Date: Thu, 03 Oct 2024 14:11:48 GMT
Connection: keep-alive

endpointprotectiontest.s3.amazonaws.com/1.exe

52.219.113.121

200 OK

74 kB

URL User Request GET HTTP/1.1
endpointprotectiontest.s3.amazonaws.com/1.exe
IP
52.219.113.121:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint57:FE:C9:73:13:31:CA:2C:91:7F:05:C3:3B:16:FF:3F:1B:D8:7D:E2
ValidityMon, 22 Apr 2024 00:00:00 GMT - Mon, 07 Apr 2025 23:59:59 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
Size
74 kB (73802 bytes)
Hash
2a97f4e4eb9a642d864705758a636db9
3364f33bd4bd5eef06c16a69f7e71facaa93e250
76caba5f3e837a0098fa5838f22c695f9ea3bc761a4510051fc2d1100b50fca4

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects imphash often found in malware samples (Zero hits with with search for 'imphash:x p:0' on Virustotal)
VirusTotal	malicious	VirusTotal - Scan result 64/70

HTTP Headers

GET /1.exe HTTP/1.1
Host: endpointprotectiontest.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 7mXUYjwqT6x1er41b5C007uB2Trv9p5REPNkFVGen+pkjaxJaF4oMA+F6qqDXmYxYhWdzGRsqx0=
x-amz-request-id: D1PJK4CBM5X8QXPX
Date: Thu, 03 Oct 2024 14:11:48 GMT
Last-Modified: Mon, 17 Oct 2016 23:54:29 GMT
ETag: "2a97f4e4eb9a642d864705758a636db9"
Accept-Ranges: bytes
Content-Type: application/octet-stream
Server: AmazonS3
Content-Length: 73802

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (9)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP