Overview

URLhttp://vse-oshibki.ru/files/setup_996302.exe
IP87.107.121.134
ASNAS21341 Soroush Rasanheh Company Ltd
Location Iran, Islamic Republic of
Report completed2012-11-13 20:38:32 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-13 20:37:58 urlQuery Client 87.107.121.1341ET CURRENT_EVENTS Potential Fast Flux Rogue Antivirus (Setup_245.exe)
2012-11-13 20:37:58 31.7.62.154 urlQuery Client3FILEMAGIC Zip archive data
Snort /w Sourcefire VRT No alerts detected


Recent reports on same IP/ASN/Domain

Last 5 reports on IP: 87.107.121.134

Date Alerts / IDS URL IP
2012-11-14 20:52:520 / 2http://vse-oshibki.ru/files/setup_698685.exe87.107.121.134
2012-11-14 09:51:360 / 1http://vse-oshibki.ru/dl/setup_848640.exe87.107.121.134
2012-11-03 20:19:530 / 1http://vse-oshibki.ru/files/setup_974588.exe87.107.121.134
2012-10-31 19:13:490 / 2http://vse-oshibki.ru/files/setup_302736.exe87.107.121.134
2012-10-31 08:36:050 / 2http://vse-oshibki.ru/files/setup_199282.exe87.107.121.134

Last 6 reports on ASN: AS21341 Soroush Rasanheh Company Ltd

Date Alerts / IDS URL IP
2013-04-11 11:03:401 / 6http://hseexpert.shoploger.com/87.107.121.221
2013-04-08 16:42:080 / 0http://shia-news.com81.12.27.2
2013-04-08 00:04:470 / 1http://radio.irib.ir/farhang/images/logos.gif?1c1bf=69081062.220.120.23
2013-04-08 00:04:460 / 1http://radio.irib.ir/farhang/images/logos.gif?21cd1=27689862.220.120.23
2013-04-06 18:11:010 / 1http://radio.irib.ir/farhang/images/logos.gif?22de9=42847562.220.120.23
2013-04-06 18:00:200 / 1http://radio.irib.ir/farhang/images/logos.gif?22b4a=14215462.220.120.23

Last 6 reports on domain: vse-oshibki.ru

Date Alerts / IDS URL IP
2013-04-08 16:06:320 / 1http://vse-oshibki.ru/dl/setup_691434.exe67.214.175.92
2013-04-03 08:09:350 / 1http://vse-oshibki.ru/files/setup_619192.exe67.214.175.92
2013-03-31 03:35:150 / 1http://vse-oshibki.ru/dl/setup_276381.exe67.214.175.92
2013-03-30 08:54:520 / 1http://vse-oshibki.ru/dl/setup_569130.exe67.214.175.92
2013-03-29 10:58:110 / 1http://vse-oshibki.ru/dl/setup_744319.exe67.214.175.92
2013-03-29 08:17:060 / 1http://vse-oshibki.ru/dl/setup_945975.exe67.214.175.92



JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (2)


Request Response 
GET /files/setup_996302.exe HTTP/1.1

Host: vse-oshibki.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=iso-8859-1

Server: nginx
Date: Tue, 13 Nov 2012 19:37:56 GMT
Content-Length: 319
Connection: keep-alive
Keep-Alive: timeout=60
Location: http://file6.ru/files/2ead608a8aa0a3ff1cfcdf736e0be5a3/setup_996302.zip
Expires: Wed, 14 Nov 2012 19:37:56 GMT
Cache-Control: max-age=86400
GET /files/2ead608a8aa0a3ff1cfcdf736e0be5a3/setup_996302.zip HTTP/1.1

Host: file6.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: application/zip

Server: nginx
Date: Tue, 13 Nov 2012 19:41:09 GMT
Content-Length: 2045507
Connection: keep-alive
Last-Modified: Tue, 13 Nov 2012 15:52:36 GMT
Etag: "e7d6f-1f3643-4ce626828091d"
Accept-Ranges: bytes