Overview

URLhttp://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe?amp/=
IP194.160.223.146
ASNAS2607 Slovak Academic Network
Location Slovakia
Report completed2012-11-06 21:40:57 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-06 21:40:23 194.160.223.146 urlQuery Client3FILEMAGIC windows executable
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-06 21:40:23 194.160.223.146 urlQuery Client1FILE-IDENTIFY download of executable content - x-header
2012-11-06 21:40:23 194.160.223.146 urlQuery Client3FILE-IDENTIFY Portable Executable binary file magic detected


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 194.160.223.146

Date Alerts / IDS URL IP
2012-12-02 08:05:570 / 3http://gjgt.sk/~fuller/dotakeys1.3/dotakeys.exe194.160.223.146
2012-11-14 21:37:170 / 0http://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe?amp/;ampamp&amp/;ampampgt&f (...)194.160.223.146
2012-11-07 19:53:060 / 2http://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe?fakeparam2194.160.223.146
2012-11-07 19:02:270 / 3http://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe?/fakeparam=3d3d194.160.223.146
2012-11-07 17:42:200 / 2http://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe?fakeparam=3d3d3d3194.160.223.146
2012-11-07 16:46:140 / 2http://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe194.160.223.146

Last 6 reports on ASN: AS2607 Slovak Academic Network

Date Alerts / IDS URL IP
2013-02-07 17:18:230 / 0http://unknowncommute.su147.175.16.34
2013-02-02 21:43:360 / 0http://www.truni.sk193.87.54.168
2013-01-27 18:46:210 / 0http://unknowncommute.su/img1/count.htm147.175.16.34
2013-01-26 20:25:431 / 2http://www.biketrial.sk/147.175.15.55
2013-01-24 22:44:401 / 2http://www.biketrial.sk/index.php?name=Forums147.175.15.55
2013-01-23 13:49:300 / 0http://unknowncommute.su/img1/count.htm147.175.16.34

Last 6 reports on domain: gjgt.sk

Date Alerts / IDS URL IP
2012-12-02 08:05:570 / 3http://gjgt.sk/~fuller/dotakeys1.3/dotakeys.exe194.160.223.146
2012-11-14 21:37:170 / 0http://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe?amp/;ampamp&amp/;ampampgt&fakeparam2g (...)194.160.223.146
2012-11-07 19:53:060 / 2http://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe?fakeparam2194.160.223.146
2012-11-07 19:02:270 / 3http://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe?/fakeparam=3d3d194.160.223.146
2012-11-07 17:42:200 / 2http://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe?fakeparam=3d3d3d3194.160.223.146
2012-11-07 16:46:140 / 2http://gjgt.sk/~fuller/dotakeys1.3/autoupdate.exe194.160.223.146



JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response 
GET /~fuller/dotakeys1.3/autoupdate.exe?amp/= HTTP/1.1

Host: gjgt.sk

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: application/x-msdos-program

Date: Tue, 06 Nov 2012 20:40:23 GMT
Server: Apache
Last-Modified: Fri, 24 Aug 2007 18:12:31 GMT
Etag: "45e69c-3475c-43875f34bc1c0"
Accept-Ranges: bytes
Content-Length: 214876
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive