Overview

URL hacymasinuforbib.ru/lpQZqPsnRD.exe
IP104.18.34.197
ASNAS13335 CloudFlare, Inc.
Location United States
Report completed2018-12-15 20:19:47 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-15 2 hacymasinuforbib.ru/lpQZqPsnRD.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.18.34.197

Date UQ / IDS / BL URL IP
2019-03-19 08:17:22 +0100
0 - 0 - 1 hacymasinuforbib.ru/Q6BpzQ0A.exe 104.18.34.197
2019-03-19 08:17:21 +0100
0 - 0 - 1 hacymasinuforbib.ru/OY7T5ySe.exe 104.18.34.197
2019-03-19 08:17:21 +0100
0 - 0 - 1 hacymasinuforbib.ru/JbE4w2UR.exe 104.18.34.197
2019-03-19 08:17:19 +0100
0 - 0 - 1 hacymasinuforbib.ru/Q57LJJEd.exe 104.18.34.197
2019-03-19 08:17:17 +0100
0 - 0 - 1 hacymasinuforbib.ru/ePRdU7H0.exe 104.18.34.197
2019-03-19 08:17:17 +0100
0 - 0 - 1 hacymasinuforbib.ru/KH5t0NDH.exe 104.18.34.197
2019-03-19 08:17:14 +0100
0 - 0 - 1 hacymasinuforbib.ru/lxfSWdQR.exe 104.18.34.197
2019-03-19 08:17:13 +0100
0 - 0 - 1 hacymasinuforbib.ru/aXV9Lu0O.exe 104.18.34.197
2019-03-19 08:17:11 +0100
0 - 0 - 1 hacymasinuforbib.ru/mNSm90gK.exe 104.18.34.197
2019-03-19 08:17:09 +0100
0 - 0 - 1 hacymasinuforbib.ru/PdrLoPlL.exe 104.18.34.197

Last 10 reports on ASN: AS13335 CloudFlare, Inc.

Date UQ / IDS / BL URL IP
2019-03-19 22:52:43 +0100
0 - 0 - 0 https://rentw.work/impression/9673f0a3-62db-4 (...) 104.24.117.149
2019-03-19 22:49:38 +0100
0 - 0 - 1 https://digitalsa.xyz/click.php?key=67foc8zjk (...) 104.31.70.194
2019-03-19 22:44:17 +0100
0 - 0 - 0 booklikes.com/groups/info/1319/blockchain-sup (...) 104.31.64.11
2019-03-19 22:44:10 +0100
0 - 0 - 0 https://medium.com/s/story/ncaa-live-pvamu-vs (...) 104.16.123.127
2019-03-19 22:42:08 +0100
0 - 0 - 0 tribuna.com.mx 104.17.217.89
2019-03-19 22:41:39 +0100
0 - 0 - 0 booklikes.com/groups/info/1319/blockchain-sup (...) 104.31.64.11
2019-03-19 22:41:31 +0100
0 - 0 - 0 https://medium.com/watch-march-madness-2019/n (...) 104.16.124.127
2019-03-19 22:39:17 +0100
0 - 0 - 6 oswaldodigon.com/agenda/categoria/comedia 104.24.108.202
2019-03-19 22:37:09 +0100
0 - 0 - 0 fraumuller.cf/2013-pcx-150-manual.pdf 104.18.53.69
2019-03-19 22:32:18 +0100
0 - 0 - 3 https://consumerrewardscenter.com/go/to/2g48e (...) 104.18.48.11

Last 10 reports on domain: hacymasinuforbib.ru

Date UQ / IDS / BL URL IP
2019-03-19 08:17:22 +0100
0 - 0 - 1 hacymasinuforbib.ru/KXzcEnYN.exe 104.18.35.197
2019-03-19 08:17:22 +0100
0 - 0 - 1 hacymasinuforbib.ru/Q6BpzQ0A.exe 104.18.34.197
2019-03-19 08:17:22 +0100
0 - 0 - 1 hacymasinuforbib.ru/Wf67Zz09.exe 104.18.35.197
2019-03-19 08:17:21 +0100
0 - 0 - 1 hacymasinuforbib.ru/OY7T5ySe.exe 104.18.34.197
2019-03-19 08:17:21 +0100
0 - 0 - 1 hacymasinuforbib.ru/JbE4w2UR.exe 104.18.34.197
2019-03-19 08:17:20 +0100
0 - 0 - 1 hacymasinuforbib.ru/dQmWKg71.exe 104.18.35.197
2019-03-19 08:17:19 +0100
0 - 0 - 1 hacymasinuforbib.ru/Q57LJJEd.exe 104.18.34.197
2019-03-19 08:17:19 +0100
0 - 0 - 1 hacymasinuforbib.ru/qK9TniId.exe 104.18.35.197
2019-03-19 08:17:17 +0100
0 - 0 - 1 hacymasinuforbib.ru/uePNjNxD.exe 104.18.35.197
2019-03-19 08:17:17 +0100
0 - 0 - 1 hacymasinuforbib.ru/ePRdU7H0.exe 104.18.34.197


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /lpQZqPsnRD.exe HTTP/1.1 
Host: hacymasinuforbib.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.18.34.197
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Sat, 15 Dec 2018 19:19:14 GMT
Content-Length: 1299704
Connection: keep-alive
Set-Cookie: __cfduid=d9e5f20dd3e3000dae0e733d1bffc1cb41544901554; expires=Sun, 15-Dec-19 19:19:14 GMT; path=/; domain=.hacymasinuforbib.ru; HttpOnly
X-Powered-By: PHP/5.6.30
Content-Description: File Transfer
Content-Disposition: attachment; filename=lpQZqPsnRD.exe
Content-Transfer-Encoding: binary
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Server: cloudflare
CF-RAY: 489b42bcf2343d07-CPH


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   1299704
Md5:    85097e4d16097949e8db9dc2894e45ac
Sha1:   3b64ceb813a66688a88a329165c1deddf7be1a0b
Sha256: b6a295a0b87fd026904e2928007312408292d3ad1707dddeb6f6fe4c311be6b9

Alerts:
  Blacklists:
    - fortinet: Malware