Overview

URL dl02.s3.amazonaws.com/installers/630157/oi_ezi_wni.exe
IP52.216.1.0
ASN
Location United States
Report completed2017-10-26 19:13:42 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-10-26 19:19:47 CEST 2  52.216.1.192 Client IP ET POLICY Executable served from Amazon S3
2017-10-26 19:19:47 CEST 1  52.216.1.192 Client IP ET POLICY PE EXE or DLL Windows file download HTTP


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-10-26 2 dl02.s3.amazonaws.com/installers/630157/oi_ezi_wni.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 4 reports on IP: 52.216.1.0

Date UQ / IDS / BL URL IP
2018-12-05 03:22:50 +0100
0 - 2 - 0 dl02.s3.amazonaws.com/installers/224609/id354 (...) 52.216.1.0
2018-08-18 03:20:06 +0200
0 - 2 - 1 dl02.s3.amazonaws.com/offers/2/chrome_search.exe 52.216.1.0
2018-05-10 01:06:44 +0200
0 - 0 - 0 polleverywhere-app.s3.amazonaws.com/win-stabl (...) 52.216.1.0
2018-04-17 00:13:04 +0200
0 - 0 - 0 aapcperfect.s3.amazonaws.com 52.216.1.0

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-03-21 09:43:29 +0100
0 - 2 - 1 cindyb.ca/wp-includes/customize/wwwwwwwz.exe 198.54.117.199
2019-03-21 09:43:15 +0100
0 - 0 - 1 videos.web44.net/videos.cpl 153.92.0.100
2019-03-21 09:43:13 +0100
0 - 0 - 0 landing.hentaiheroes.com/LP7/?cep=9C7ziUI3eeU (...) 144.217.67.42
2019-03-21 09:43:11 +0100
0 - 0 - 2 azyx6.yxhcqy.com/togoapps_1.2.5.apk 47.90.72.4
2019-03-21 09:43:07 +0100
1 - 0 - 1 mxrecords.nhlfan.net/css/svchotiii.exe 0.0.0.0
2019-03-21 09:42:54 +0100
0 - 2 - 1 3hr9o.2downloadstoragequick.stream/381e44b375 (...) 198.54.117.198
2019-03-21 09:42:47 +0100
0 - 1 - 0 soft.hackdos.com/hackdos.com_2012129155125.rar 49.51.10.192
2019-03-21 09:42:25 +0100
0 - 1 - 0 kkkkb.com/update/up1.exe 203.78.142.12
2019-03-21 09:42:25 +0100
0 - 1 - 0 kkkkb.com/update/up3.exe 203.78.142.12
2019-03-21 09:42:24 +0100
0 - 1 - 0 kkkkb.com/update/up7.exe 203.78.142.12

Last 10 reports on domain: dl02.s3.amazonaws.com

Date UQ / IDS / BL URL IP
2019-03-19 10:39:22 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/623963/oi_sn (...) 52.216.98.147
2019-03-13 21:50:58 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/802431/oi_rm (...) 52.216.171.99
2019-03-12 06:33:59 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/698223/oi_fl (...) 54.231.72.19
2019-03-05 00:03:24 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/621315/oi_tv (...) 52.216.166.27
2019-03-05 00:03:21 +0100
0 - 2 - 1 dl02.s3.amazonaws.com/installers/623875/oi_Cu (...) 52.216.166.27
2019-03-05 00:03:20 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/621565/oi_ie (...) 52.216.166.27
2019-02-23 05:13:19 +0100
0 - 2 - 1 dl02.s3.amazonaws.com/installers/231791/icqtr (...) 52.216.84.171
2019-02-21 21:17:29 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/226073/CuteP (...) 54.231.33.147
2019-02-20 11:59:41 +0100
0 - 2 - 1 dl02.s3.amazonaws.com/installers/840827/oi_Vi (...) 52.216.97.155
2019-02-14 18:46:32 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/224507/YouTu (...) 54.231.82.146


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /installers/630157/oi_ezi_wni.exe HTTP/1.1 
Host: dl02.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         52.216.1.192
HTTP/1.1 200 OK
Content-Type: application/x-msdos-program
                                        
x-amz-id-2: K7M9Xt9Xq16TdB1G+PtupDeZyKdnr3ddQJ1ZwYURpXujJNQdxemP8SWzVQhEXnkMukXcdmf30V8=
x-amz-request-id: 43958F8D4F788B47
Date: Thu, 26 Oct 2017 17:19:47 GMT
Last-Modified: Thu, 01 Dec 2011 04:10:27 GMT
Etag: "463c7470f71d4fd10cc9b937d7387068"
Accept-Ranges: bytes
Content-Length: 241744
Server: AmazonS3


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   241744
Md5:    463c7470f71d4fd10cc9b937d7387068
Sha1:   6211ad971494af0bad2d216582614c88939ca318
Sha256: 6eaf59433198d4ca335bc2a410ff46071ce0e8bbfc4ed6bd40b2dcc65e9b4cb9

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET POLICY Executable served from Amazon S3
    - ET POLICY PE EXE or DLL Windows file download HTTP