Report - covid19help.top/findbin.scr

Report Overview

Visited public
2024-05-21 04:10:56
Tags
Submit Tags
URL
covid19help.top/findbin.scr
Finishing URL
about:privatebrowsing
IP / ASN
172.67.175.222
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
covid19help.top	unknown	2024-02-09	2024-02-09 10:04:28	2024-04-18 11:04:30	481 B	1.3 MB	172.67.175.222

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-05-21 04:10:30	medium	Client IP	172.67.175.222	ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1
2024-05-21 04:10:30	medium	Client IP	172.67.175.222	ET HUNTING Suspicious TLS SNI Request for Possible COVID-19 Domain M1

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-05-20	medium	covid19help.top	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-20	medium	covid19help.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET covid19help.top/findbin.scr

172.67.175.222

200 OK

1.3 MB

URL User Request GET HTTP/2
covid19help.top/findbin.scr
IP
172.67.175.222:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectcovid19help.top
FingerprintB3:80:D0:4C:76:14:6C:3B:1E:29:87:4A:59:EF:61:46:D7:0B:6A:31
ValidityMon, 08 Apr 2024 07:41:29 GMT - Sun, 07 Jul 2024 07:41:28 GMT

File type
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
Size
1.3 MB (1269248 bytes)
Hash
7a2a3cc24199f86f3095d329335742bf
115f14e5c083de1d3281fe7bb9d2f995813fd185
8e68d12aa3dbfabcfc25976e7c1d441121e22b3b0c06c500f03cb6af35ee4ed2

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed
VirusTotal	malicious	VirusTotal - Scan result 32/73

HTTP Headers

GET /findbin.scr HTTP/1.1
Host: covid19help.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 21 May 2024 04:10:30 GMT
content-type: application/x-silverlight
content-length: 1269248
last-modified: Mon, 20 May 2024 09:10:04 GMT
etag: "135e00-618df111ed094"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aBjdjjjiaqpjBzQlx7jt6UTLoIOsr8mvzkFcBLxVTWsilxJ7GYB%2FH4ZDzDQsjgBzjjRBJetLbcgDjz7xlAHmclQuo9l2F3LT%2BkTVI0qxs3bmbHgVRkFbPa5hZ8emsC%2Bbxnw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8871b794edc20b4d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers