Report - mikeshelpnow.loginto.me:8040/Bin/ScreenConnect.ClientService.exe

Report Overview

Visited public
2023-11-07 03:42:58
Tags
URL
mikeshelpnow.loginto.me:8040/Bin/ScreenConnect.ClientService.exe
Finishing URL
mikeshelpnow.loginto.me:8040/Bin/ScreenConnect.ClientService.exe
IP / ASN
68.2.96.15
#22773 ASN-CXA-ALL-CCI-22773-RDC
Title
mikeshelpnow.loginto.me:8040/Bin/ScreenConnect.ClientService.exe

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
	unknown				840 B	98 kB	68.2.96.15

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-07 03:42:40	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.loginto .me
2023-11-07 03:42:40	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.loginto .me
2023-11-07 03:42:40	medium	Client IP	68.2.96.15	ET INFO DYNAMIC_DNS HTTP Request to a *.loginto .me Domain
2023-11-07 03:42:40	medium	Client IP	68.2.96.15	ETPRO HUNTING EXE Request to NOIP DynDNS Domain
2023-11-07 03:42:40	high	68.2.96.15	Client IP	ET MALWARE Possible Windows executable sent when remote host claims to send html content
2023-11-07 03:42:40	low	68.2.96.15	Client IP	ET INFO Packed Executable Download
2023-11-07 03:42:41	high	68.2.96.15	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2023-11-07 03:42:41	high	68.2.96.15	Client IP	ETPRO POLICY ScreenConnect Successful Connection Response Inbound
2023-11-07 03:42:41	medium	Client IP	Internal IP	ET POLICY DNS Query to DynDNS Domain *.loginto .me
2023-11-07 03:42:41	low	68.2.96.15	Client IP	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
2023-11-07 03:42:41	medium	Client IP	68.2.96.15	ET INFO DYNAMIC_DNS HTTP Request to a *.loginto .me Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
mikeshelpnow.loginto.me:8040/Bin/ScreenConnect.ClientService.exe
IP
68.2.96.15
ASN
#22773 ASN-CXA-ALL-CCI-22773-RDC

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
96 kB (95520 bytes)
Hash
89d3d099b6d8731bd1b7f5a68b5bf17c
c6aed886840aafd08796207e2646d8805d012b81
bcaa3d8dcba6ba08bf20077eadd0b31f58a1334b7b9c629e475694c4eeafd924

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/72

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

mikeshelpnow.loginto.me:8040/Bin/ScreenConnect.ClientService.exe

68.2.96.15

200 OK

96 kB

URL User Request GET HTTP/1.1
mikeshelpnow.loginto.me:8040/Bin/ScreenConnect.ClientService.exe
IP
68.2.96.15:8040
ASN
#22773 ASN-CXA-ALL-CCI-22773-RDC

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
96 kB (95520 bytes)
Hash
89d3d099b6d8731bd1b7f5a68b5bf17c
c6aed886840aafd08796207e2646d8805d012b81
bcaa3d8dcba6ba08bf20077eadd0b31f58a1334b7b9c629e475694c4eeafd924

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/72

HTTP Headers

GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
Host: mikeshelpnow.loginto.me:8040
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 95520
Content-Type: text/html
Server: ScreenConnect/23.8.5.8707-2876940106 Microsoft-HTTPAPI/2.0
Date: Tue, 07 Nov 2023 03:42:41 GMT

mikeshelpnow.loginto.me:8040/favicon.ico

68.2.96.15

404 Not Found

1.9 kB

URL GET HTTP/1.1
mikeshelpnow.loginto.me:8040/favicon.ico
IP
68.2.96.15:8040
ASN
#22773 ASN-CXA-ALL-CCI-22773-RDC

Requested by
http://mikeshelpnow.loginto.me:8040/Bin/ScreenConnect.ClientService.exe

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.9 kB (1922 bytes)
Hash
fe13e7946b45b0110de267c1f85bd38c
b4d864661a98607f5751dcb81bf87df80ea80822
cb659eae953d8a427ea235c2df88ede9e4258a932594362364e857c8d8078ed9

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mikeshelpnow.loginto.me:8040
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mikeshelpnow.loginto.me:8040/Bin/ScreenConnect.ClientService.exe
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Length: 1922
Content-Type: text/html; charset=utf-8
Server: ScreenConnect/23.8.5.8707-2876940106 Microsoft-HTTPAPI/2.0
Date: Tue, 07 Nov 2023 03:42:41 GMT

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers