Overview

URL dl02.s3.amazonaws.com/installers/630157/oi_ezi_wni.exe
IP52.216.1.0
ASN
Location United States
Report completed2017-10-26 19:13:42 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-10-26 19:19:47 CEST 2  52.216.1.192 Client IP ET POLICY Executable served from Amazon S3
2017-10-26 19:19:47 CEST 1  52.216.1.192 Client IP ET POLICY PE EXE or DLL Windows file download HTTP


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2017-10-26 2 dl02.s3.amazonaws.com/installers/630157/oi_ezi_wni.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 4 reports on IP: 52.216.1.0

Date UQ / IDS / BL URL IP
2018-12-05 03:22:50 +0100
0 - 2 - 0 dl02.s3.amazonaws.com/installers/224609/id354 (...) 52.216.1.0
2018-08-18 03:20:06 +0200
0 - 2 - 1 dl02.s3.amazonaws.com/offers/2/chrome_search.exe 52.216.1.0
2018-05-10 01:06:44 +0200
0 - 0 - 0 polleverywhere-app.s3.amazonaws.com/win-stabl (...) 52.216.1.0
2018-04-17 00:13:04 +0200
0 - 0 - 0 aapcperfect.s3.amazonaws.com 52.216.1.0

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-01-19 18:49:58 +0100
0 - 0 - 22 curlicue.co.za/doc/Rech/DETAILS/Unsere-Rechnu (...) 52.213.10.143
2019-01-19 18:49:49 +0100
0 - 1 - 0 down.263209.com/cx/180619/36/PPJOY%E6%B1%89%E (...) 163.171.133.123
2019-01-19 18:49:37 +0100
0 - 1 - 1 dl.newstaticinfosrv.com/catchplusxyz/allp123/ (...) 64.95.103.184
2019-01-19 18:49:36 +0100
0 - 0 - 1 dl.newstaticinfosrv.com/baplus/full/monet/set (...) 64.95.103.184
2019-01-19 18:49:31 +0100
0 - 0 - 4 fundacionravera.com/Jul2018/US/New-Order-Upco (...) 168.197.51.144
2019-01-19 18:49:14 +0100
0 - 0 - 45 arterra.com.tr/pdf/En/Statement/Invoice-141865 89.252.186.72
2019-01-19 18:49:06 +0100
0 - 0 - 1 dl.newstaticinfosrv.com/25/all/hd/de/setup.exe 64.95.103.184
2019-01-19 18:49:03 +0100
0 - 0 - 5 datnamdanang.vn/doc/EN_en/Statement/Invoice-195891 103.95.197.42
2019-01-19 18:48:50 +0100
0 - 0 - 1 alvares.fun/AZOREG_12072018_21425.exe 81.171.14.136
2019-01-19 18:48:46 +0100
0 - 0 - 1 1eghv.otlbf.cn/app/and/mimibo_12707.apk 47.110.177.11

Last 10 reports on domain: dl02.s3.amazonaws.com

Date UQ / IDS / BL URL IP
2019-01-19 13:46:38 +0100
0 - 2 - 1 dl02.s3.amazonaws.com/installers/597801/PlayP (...) 52.216.107.44
2019-01-18 19:28:54 +0100
0 - 2 - 1 dl02.s3.amazonaws.com/installers/853845/setup (...) 52.216.137.220
2019-01-18 16:13:11 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/226921/BudRe (...) 52.216.22.59
2019-01-18 16:07:35 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/699593/oi_fl (...) 52.216.228.232
2019-01-18 16:02:47 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/762091/PageR (...) 52.216.229.75
2019-01-18 15:16:24 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/622405/oi_tv (...) 52.216.133.99
2019-01-18 15:11:53 +0100
0 - 0 - 1 dl02.s3.amazonaws.com/installers/622051/oi_ra (...) 52.216.129.115
2018-12-31 18:24:39 +0100
0 - 2 - 1 dl02.s3.amazonaws.com/installers/583293/setup (...) 52.216.83.0
2018-12-25 23:48:23 +0100
0 - 2 - 0 dl02.s3.amazonaws.com/installers/601319/setup (...) 54.231.114.11
2018-12-25 23:48:22 +0100
0 - 2 - 1 dl02.s3.amazonaws.com/installers/620983/setup (...) 54.231.114.11


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /installers/630157/oi_ezi_wni.exe HTTP/1.1 
Host: dl02.s3.amazonaws.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         52.216.1.192
HTTP/1.1 200 OK
Content-Type: application/x-msdos-program
                                        
x-amz-id-2: K7M9Xt9Xq16TdB1G+PtupDeZyKdnr3ddQJ1ZwYURpXujJNQdxemP8SWzVQhEXnkMukXcdmf30V8=
x-amz-request-id: 43958F8D4F788B47
Date: Thu, 26 Oct 2017 17:19:47 GMT
Last-Modified: Thu, 01 Dec 2011 04:10:27 GMT
Etag: "463c7470f71d4fd10cc9b937d7387068"
Accept-Ranges: bytes
Content-Length: 241744
Server: AmazonS3


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   241744
Md5:    463c7470f71d4fd10cc9b937d7387068
Sha1:   6211ad971494af0bad2d216582614c88939ca318
Sha256: 6eaf59433198d4ca335bc2a410ff46071ce0e8bbfc4ed6bd40b2dcc65e9b4cb9

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET POLICY Executable served from Amazon S3
    - ET POLICY PE EXE or DLL Windows file download HTTP