Report - update.itsupport247.net/zScc/ZDowFile.dll

Report Overview

Visitedpublic

2024-07-20 23:37:20

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-20 18:12:19	2.6 kB	7.1 kB	23.36.77.32
ocsp.e2m02.amazontrust.com	unknown	2007-05-11	2022-12-07 11:11:00	2024-07-19 16:08:45	338 B	671 B	143.204.53.97
update.itsupport247.net	12298	2006-07-25	2012-10-16 17:28:48	2023-12-19 12:26:42	495 B	115 kB	3.211.186.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

update.itsupport247.net/zScc/ZDowFile.dll

IP / ASN

3.211.186.16

#14618 AMAZON-AES

File Overview

File TypePE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

Size115 kB (114688 bytes)

MD5407d643f0bf4da685d2cc15883f2a723

SHA11015aa89769950186207f90b01a464af70777105

SHA256cd868f8ea191ff704ff1feb6789786326a84d256d73c492d8357c54d37e897fd

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/72

JavaScript (0)

HTTP Transactions (10)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen22664

Size504 B (504 bytes)

MD52f796f6340ac7eef4fa2891ac8f8aa1a

SHA127bbc7bb6314b31dcab89f198bc258b040593aa7

SHA256778d02decabf7dff03bf5ec4c4eb0f03ac789e89bcfe58353c266c9d66c08834

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "778D02DECABF7DFF03BF5EC4C4EB0F03AC789E89BCFE58353C266C9D66C08834"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18618
Expires: Sun, 21 Jul 2024 04:47:11 GMT
Date: Sat, 20 Jul 2024 23:36:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-20

Last Seen2024-08-19

Times Seen17507

Size504 B (504 bytes)

MD5f58a4b489ef65eff7896802c87e363e7

SHA1e7287b89b56c66407955bf95bd03133d2e5945d1

SHA256fb270cf16706247adde7efd430fe667555cb37ee35eae763593424a17c624bcd

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FB270CF16706247ADDE7EFD430FE667555CB37EE35EAE763593424A17C624BCD"
Last-Modified: Sat, 20 Jul 2024 19:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5999
Expires: Sun, 21 Jul 2024 01:16:52 GMT
Date: Sat, 20 Jul 2024 23:36:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen15508

Size504 B (504 bytes)

MD5cf41dddde2cb04d4f8b233b01318bde1

SHA1f7f9259cebf98c255ea506e7d7f0170c1e6a9604

SHA25690a7510dc4acc5716c9a82e10dcbb6074af14f502e3847f8b6c43caef244ca12

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "90A7510DC4ACC5716C9A82E10DCBB6074AF14F502E3847F8B6C43CAEF244CA12"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10196
Expires: Sun, 21 Jul 2024 02:26:49 GMT
Date: Sat, 20 Jul 2024 23:36:53 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-20

Last Seen2024-08-19

Times Seen18141

Size504 B (504 bytes)

MD500accea3155d7ac730285aec633670a9

SHA1fee8ca25b96d24d0c10951f7f4ea28389020e88d

SHA2569abd3b5f4de73d55417dcec4bbf72b38cc201842360ed32d763a4c65e35819d8

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9ABD3B5F4DE73D55417DCEC4BBF72B38CC201842360ED32D763A4C65E35819D8"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14633
Expires: Sun, 21 Jul 2024 03:40:47 GMT
Date: Sat, 20 Jul 2024 23:36:54 GMT
Connection: keep-alive

ocsp.e2m02.amazontrust.com/

143.204.53.97

279 B

URL

ocsp.e2m02.amazontrust.com/

IP / ASN

143.204.53.97

#16509 AMAZON-02

Requested byN/A

Resource Info

File typedata

First Seen2024-08-19

Last Seen2024-08-19

Times Seen1

Size279 B (279 bytes)

MD53da647bba767eda2f6c7bda78961b447

SHA10d38851df78ab380b367dd2ac5f9d6c265a8a4df

SHA256cee5c67d19361e66387507864ac378b9b2fd7d9d951e2b8e63af3d1f6f475241

HTTP Headers

POST / HTTP/1.1
Host: ocsp.e2m02.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 279
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sat, 20 Jul 2024 23:36:54 GMT
Server: ECAcc (amb/6BDA)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: mbv__he1b-C1gPN5nKUh7jAsTBKCrumS5JlFS5jsR7PxHlIQu4UFfg==

GET update.itsupport247.net/zScc/ZDowFile.dll

3.211.186.16

200 OK

115 kB

URL

update.itsupport247.net/zScc/ZDowFile.dll

IP / ASN

3.211.186.16

#14618 AMAZON-AES

Requested byN/A

Resource Info

File typePE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

First Seen2024-06-09

Last Seen2025-05-27

Times Seen42

Size115 kB (114688 bytes)

MD5407d643f0bf4da685d2cc15883f2a723

SHA11015aa89769950186207f90b01a464af70777105

SHA256cd868f8ea191ff704ff1feb6789786326a84d256d73c492d8357c54d37e897fd

Certificate Info

IssuerAmazon

Subject*.itsupport247.net

Fingerprint1D:EE:CF:3E:92:31:E6:38:A8:9C:14:00:D8:98:09:C1:5D:41:CD:98

ValidityMon, 19 Feb 2024 00:00:00 GMT - Wed, 19 Mar 2025 23:59:59 GMT

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/72

HTTP Headers

GET /zScc/ZDowFile.dll HTTP/1.1
Host: update.itsupport247.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Jul 2024 23:36:54 GMT
content-type: application/x-msdownload
content-length: 114688
last-modified: Wed, 10 Mar 2010 11:01:21 GMT
accept-ranges: bytes
etag: "e38379441c0ca1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen22540

Size504 B (504 bytes)

MD592fe046ed30974fab002b18924562af5

SHA1a80246a7f4813076cea6cc1629667b43a094fa97

SHA256151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12391
Expires: Sun, 21 Jul 2024 03:03:27 GMT
Date: Sat, 20 Jul 2024 23:36:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen22540

Size504 B (504 bytes)

MD592fe046ed30974fab002b18924562af5

SHA1a80246a7f4813076cea6cc1629667b43a094fa97

SHA256151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12391
Expires: Sun, 21 Jul 2024 03:03:27 GMT
Date: Sat, 20 Jul 2024 23:36:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen22540

Size504 B (504 bytes)

MD592fe046ed30974fab002b18924562af5

SHA1a80246a7f4813076cea6cc1629667b43a094fa97

SHA256151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12391
Expires: Sun, 21 Jul 2024 03:03:27 GMT
Date: Sat, 20 Jul 2024 23:36:56 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-07-21

Last Seen2024-08-19

Times Seen22540

Size504 B (504 bytes)

MD592fe046ed30974fab002b18924562af5

SHA1a80246a7f4813076cea6cc1629667b43a094fa97

SHA256151d89929b8b12751f94a9dd4fab74f68f20aa29ca5135a3b95aea9f366a34e7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "151D89929B8B12751F94A9DD4FAB74F68F20AA29CA5135A3B95AEA9F366A34E7"
Last-Modified: Sat, 20 Jul 2024 20:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12391
Expires: Sun, 21 Jul 2024 03:03:27 GMT
Date: Sat, 20 Jul 2024 23:36:56 GMT
Connection: keep-alive