Report - a1support.live/Bin/ScreenConnect.WindowsFileManager.exe

Report Overview

Visitedpublic

2024-10-04 20:29:56

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-03 18:12:15	327 B	887 B	23.33.119.27
a1support.live	unknown	2024-09-26	2024-09-26 16:14:22	2024-09-26 16:14:22	974 B	85 kB	172.67.169.15

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-04	medium	a1support.live	Sinkholed
2024-10-04	medium	a1support.live	Sinkholed

ThreatFox

No alerts detected

File detected

URL

a1support.live/Bin/ScreenConnect.WindowsFileManager.exe

IP / ASN

172.67.169.15

#13335 CLOUDFLARENET

File Overview

File TypeMS-DOS executable, MZ for MS-DOS

Size82 kB (81696 bytes)

MD536d8018b2eb381f91b865954ebf659c9

SHA17550c411801866baf77a46737f5693f7e51633b1

SHA256c16f99dc58407093875ded957cb6ef133131c92c16ff9a6477fcf80348594fd2

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL

r10.o.lencr.org/

IP / ASN

23.33.119.27

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-10-04

Last Seen2024-10-06

Times Seen16823

Size504 B (504 bytes)

MD53edd7e02dd93d4fa92970165e37ea200

SHA1fdb009fd9b963ab8cc365829be152f0a424e0933

SHA25685ad693617bfd03634246d0c9e3ee02c6d21d9824d25459e5e63bc51b646cc00

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "85AD693617BFD03634246D0C9E3EE02C6D21D9824D25459E5E63BC51B646CC00"
Last-Modified: Fri, 04 Oct 2024 14:08:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6969
Expires: Fri, 04 Oct 2024 22:25:39 GMT
Date: Fri, 04 Oct 2024 20:29:30 GMT
Connection: keep-alive

GET a1support.live/Bin/ScreenConnect.WindowsFileManager.exe

172.67.169.15

200 OK

82 kB

URL

a1support.live/Bin/ScreenConnect.WindowsFileManager.exe

IP / ASN

172.67.169.15

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeMS-DOS executable, MZ for MS-DOS

First Seen2024-10-02

Last Seen2025-04-14

Times Seen14

Size82 kB (81696 bytes)

MD536d8018b2eb381f91b865954ebf659c9

SHA17550c411801866baf77a46737f5693f7e51633b1

SHA256c16f99dc58407093875ded957cb6ef133131c92c16ff9a6477fcf80348594fd2

Certificate Info

IssuerGoogle Trust Services

Subjecta1support.live

Fingerprint09:91:E9:79:14:12:41:F9:36:43:F9:60:46:F3:BB:81:47:93:28:86

ValiditySat, 28 Sep 2024 06:55:28 GMT - Fri, 27 Dec 2024 06:55:27 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
Host: a1support.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 04 Oct 2024 20:29:31 GMT
content-type: text/html
cache-control: private
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=69%2B5Qrj59uIow4XLO2VpivZI327x%2BpIfKLl%2FFhZiAV83H2TWvRVhjJNY1uI4ebRMSz23YKTc2jRHjhG1SK4uIbetRd%2FURXnLzk4Ky5wNc7i2%2BK2w7DalF8KYP%2FcSpipR7g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cd7ecaedcbb0b45-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET a1support.live/favicon.ico

172.67.169.15

404 Not Found

1.9 kB

URL

a1support.live/favicon.ico

IP / ASN

172.67.169.15

#13335 CLOUDFLARENET

Requested byhttps://a1support.live/Bin/ScreenConnect.WindowsFileManager.exe

Resource Info

File typeHTML document, ASCII text, with very long lines (1998), with no line terminators

First Seen2023-09-26

Last Seen2025-04-06

Times Seen490

Size1.9 kB (1896 bytes)

MD505304ce8e0b404bf960a780c569ac81d

SHA1d55aaa239062b3cf35aa1441e77f2ba7be360b49

SHA25646a34189f1d4398478f43218affd615d6e004f069de70550a6dd8c65e64c0186

Certificate Info

IssuerGoogle Trust Services

Subjecta1support.live

Fingerprint09:91:E9:79:14:12:41:F9:36:43:F9:60:46:F3:BB:81:47:93:28:86

ValiditySat, 28 Sep 2024 06:55:28 GMT - Fri, 27 Dec 2024 06:55:27 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a1support.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a1support.live/Bin/ScreenConnect.WindowsFileManager.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Fri, 04 Oct 2024 20:29:31 GMT
content-type: text/html; charset=utf-8
cache-control: private
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NQu5v9LIkrn4PHVDrWWgUFGTDYsA%2FzdX8a465%2Bt9XntsKZY3VkXUA%2Bn4mPD%2BR1KfDYC1hPp%2Fyg7DJQU6qFhngEXa%2Bc7h7Lu0caBdrLlWe8ALPPBFG90HYwNkV6tdt8Dz%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8cd7ecb00e1e0b45-OSL
content-encoding: br
X-Firefox-Spdy: h2