Report - www.nirsoft.net/panel/ntfslinksview.exe

Report Overview

Visited public
2024-12-16 12:29:23
Tags
URL
www.nirsoft.net/panel/ntfslinksview.exe
Finishing URL
about:privatebrowsing
IP / ASN
107.190.138.58
#33182 DIMENOC
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.nirsoft.net	147497	2004-08-26	2012-05-21	2024-12-11	493 B	50 kB	107.190.138.58
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-12-11	512 B	6.5 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.nirsoft.net/panel/ntfslinksview.exe
IP
107.190.138.58
ASN
#33182 DIMENOC

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
50 kB (49872 bytes)
Hash
b9ddd583d5cee7b96b14259b69a2c2a7
34bea7a27efea6348f1c4fd0dcf34496d00d76f4
3624a17c9ea1172c4837bfb486601a27e04f41cdf87963484791cc06b05e35bc

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/69
ClamAV	malicious	Win.Virus.Sality-6815308-0

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

www.nirsoft.net/panel/ntfslinksview.exe

107.190.138.58

200 OK

50 kB

URL User Request GET HTTP/1.1
www.nirsoft.net/panel/ntfslinksview.exe
IP
107.190.138.58:443
ASN
#33182 DIMENOC

Certificate
IssuerLet's Encrypt
Subject*.win7dll.info
Fingerprint40:D6:42:BB:6D:E9:90:ED:20:BE:EF:0E:05:50:3C:D4:49:55:74:9D
ValidityTue, 22 Oct 2024 09:54:17 GMT - Mon, 20 Jan 2025 09:54:16 GMT

File type
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections
Size
50 kB (49872 bytes)
Hash
b9ddd583d5cee7b96b14259b69a2c2a7
34bea7a27efea6348f1c4fd0dcf34496d00d76f4
3624a17c9ea1172c4837bfb486601a27e04f41cdf87963484791cc06b05e35bc

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 4/69
ClamAV	malicious	Win.Virus.Sality-6815308-0

HTTP Headers

GET /panel/ntfslinksview.exe HTTP/1.1
Host: www.nirsoft.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 16 Dec 2024 12:28:58 GMT
Server: Apache
Last-Modified: Thu, 25 May 2017 17:41:12 GMT
Accept-Ranges: bytes
Content-Length: 49872
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

200 OK

5.8 kB

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
gzip compressed data, max speed, from Unix
Size
5.8 kB (5763 bytes)
Hash
dec750a073993a1406a9fd6f46dec823
5c8aee263aa9c97473f2f941c1d991619c8ed7de
c7bd32b78e289ede0dc43b34c9af33db6d85fae44b016124425e5da579aaac4a

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 16 Dec 2024 12:29:18 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2025-01-22-11-21-23.chain; p384ecdsa=JUIOqX6ydhYKRzt36LcH3JxHp2_uCnWA65ygC4kHaBNweu9g6uXSzf1nUHD99X766pjCY1ZHs25yy7M7-xGML8ceHsGO3P7lAcEKoQoYKmUMSryNo6yV7CplmGBkHyKb
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers