Overview

URLhttp://www.datawaregames.com/download/sap02pk.exe
IP216.104.183.224
ASNAS10732 TierraNet Inc.
Location United States
Report completed2012-11-08 01:36:10 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-08 01:35:41 216.104.183.224 urlQuery Client3FILEMAGIC windows executable
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-08 01:35:34 216.104.183.224 urlQuery Client1FILE-IDENTIFY download of executable content - x-header
2012-11-08 01:35:34 216.104.183.224 urlQuery Client3FILE-IDENTIFY Portable Executable binary file magic detected
2012-11-08 01:35:36 216.104.183.224 urlQuery Client3FILE-IDENTIFY Armadillo v1.71 packer file magic detected


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 216.104.183.224

Date Alerts / IDS URL IP
2013-01-20 16:51:110 / 3http://www.datawaregames.com/download/mg3pk.exe216.104.183.224
2013-01-20 03:35:390 / 4http://www.datawaregames.com/download/pz1pk.exe216.104.183.224
2013-01-17 09:46:490 / 3http://www.datawaregames.com/download/ccmfpk.exe216.104.183.224
2013-01-17 01:43:510 / 4http://www.datawaregames.com/download/ccmfpk.exe216.104.183.224
2013-01-14 02:15:150 / 3http://www.datawaregames.com/download/maze2pk.exe216.104.183.224
2013-01-13 21:31:080 / 3http://www.datawaregames.com/download/colorpk.exe216.104.183.224

Last 6 reports on ASN: AS10732 TierraNet Inc.

Date Alerts / IDS URL IP
2013-02-06 18:31:240 / 0http://thesportingclub.com216.104.170.184
2013-01-31 23:22:470 / 2http://the-wild-west.com/?ptrxcz_kllllmmmmmmmooooooopppppppqqqq216.104.165.31
2013-01-24 22:45:070 / 2http://www.mirc.com/downloads/openssl/openssl-1.0.1c-setup.exe209.240.130.48
2013-01-24 00:16:432 / 6http://911charity.com/216.104.165.11
2013-01-20 16:51:110 / 3http://www.datawaregames.com/download/mg3pk.exe216.104.183.224
2013-01-20 03:35:390 / 4http://www.datawaregames.com/download/pz1pk.exe216.104.183.224

Last 6 reports on domain: www.datawaregames.com

Date Alerts / IDS URL IP
2013-01-20 16:51:110 / 3http://www.datawaregames.com/download/mg3pk.exe216.104.183.224
2013-01-20 03:35:390 / 4http://www.datawaregames.com/download/pz1pk.exe216.104.183.224
2013-01-17 09:46:490 / 3http://www.datawaregames.com/download/ccmfpk.exe216.104.183.224
2013-01-17 01:43:510 / 4http://www.datawaregames.com/download/ccmfpk.exe216.104.183.224
2013-01-14 02:15:150 / 3http://www.datawaregames.com/download/maze2pk.exe216.104.183.224
2013-01-13 21:31:080 / 3http://www.datawaregames.com/download/colorpk.exe216.104.183.224



JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response 
GET /download/sap02pk.exe HTTP/1.1

Host: www.datawaregames.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: application/x-msdos-program

Date: Thu, 08 Nov 2012 00:35:35 GMT
Server: Apache
Last-Modified: Tue, 06 Nov 2012 02:59:22 GMT
Etag: "86202b-53472f-4cdcac9f1d680"
Accept-Ranges: bytes
Content-Length: 5457711
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive