Overview

URL hacymasinuforbib.ru/lpQZqPsnRD.exe
IP104.18.34.197
ASNAS13335 CloudFlare, Inc.
Location United States
Report completed2018-12-15 20:19:47 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-12-15 2 hacymasinuforbib.ru/lpQZqPsnRD.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.18.34.197

Date UQ / IDS / BL URL IP
2019-01-12 03:28:20 +0100
0 - 0 - 1 hacymasinuforbib.ru/isltfb.exe 104.18.34.197
2018-12-31 02:36:47 +0100
0 - 2 - 1 hacymasinuforbib.ru/filnf.exe 104.18.34.197
2018-12-31 02:36:12 +0100
0 - 0 - 1 hacymasinuforbib.ru/olirazk.exe 104.18.34.197
2018-12-31 01:57:05 +0100
0 - 0 - 1 hacymasinuforbib.ru/bLOZGJ.exe 104.18.34.197
2018-12-31 01:33:29 +0100
0 - 0 - 1 hacymasinuforbib.ru/proekt_dlya_ae___slayd-sh (...) 104.18.34.197
2018-12-31 00:55:52 +0100
0 - 0 - 1 hacymasinuforbib.ru/proekt_dlya_ae___slayd-sh (...) 104.18.34.197
2018-12-30 15:06:16 +0100
0 - 0 - 1 hacymasinuforbib.ru/olirazk.exe 104.18.34.197
2018-12-30 10:08:42 +0100
0 - 0 - 1 hacymasinuforbib.ru/olirazk.exe 104.18.34.197
2018-12-30 08:49:15 +0100
0 - 0 - 1 hacymasinuforbib.ru/bLOZGJ.exe 104.18.34.197
2018-12-30 08:18:45 +0100
0 - 2 - 1 hacymasinuforbib.ru/filnf.exe 104.18.34.197

Last 10 reports on ASN: AS13335 CloudFlare, Inc.

Date UQ / IDS / BL URL IP
2019-01-20 13:00:51 +0100
2 - 0 - 6 saltworld.net/forums/index.php?s=b21fedd5df5a (...) 104.31.79.224
2019-01-20 12:43:51 +0100
0 - 0 - 1 moondoge.co.in/ 104.18.59.240
2019-01-20 12:39:51 +0100
0 - 0 - 32 gigatuga.org/ 104.31.85.252
2019-01-20 12:36:59 +0100
0 - 2 - 0 opryzelp.com/Programs________________/oPryzev1.exe 104.28.10.120
2019-01-20 12:35:49 +0100
0 - 0 - 39 newloveclothing.com/ 104.31.82.195
2019-01-20 12:28:06 +0100
0 - 0 - 8 murrucino.it/ 104.31.73.102
2019-01-20 12:19:54 +0100
0 - 0 - 1 https://openload.pw/f/C1nQVBldnUA/auto_fh3.v10.zip 104.27.158.113
2019-01-20 12:12:16 +0100
0 - 0 - 6 lauderdalex.ml/ 104.18.35.99
2019-01-20 12:08:08 +0100
0 - 0 - 1 www.driveragentplus.com/files/re-skin/drvagen (...) 104.25.8.101
2019-01-20 12:03:12 +0100
2 - 1 - 6 saltworld.net/forums/index.php?s=e2e4f9183105 (...) 104.31.78.224

Last 10 reports on domain: hacymasinuforbib.ru

Date UQ / IDS / BL URL IP
2019-01-12 03:28:20 +0100
0 - 0 - 1 hacymasinuforbib.ru/isltfb.exe 104.18.34.197
2019-01-01 01:45:34 +0100
0 - 0 - 1 hacymasinuforbib.ru/9xos9MBh.exe 104.18.35.197
2019-01-01 01:45:15 +0100
0 - 2 - 1 hacymasinuforbib.ru/T3X74u34.exe 104.18.35.197
2019-01-01 01:40:48 +0100
0 - 2 - 1 hacymasinuforbib.ru/f0dgun.exe 104.18.35.197
2018-12-31 21:11:39 +0100
0 - 0 - 1 hacymasinuforbib.ru/QCsukmSd.exe 104.18.35.197
2018-12-31 18:44:39 +0100
0 - 2 - 1 hacymasinuforbib.ru/dFqTObTG.exe 104.18.35.197
2018-12-31 18:36:30 +0100
0 - 0 - 1 hacymasinuforbib.ru/bLOZGJ.exe 104.18.35.197
2018-12-31 18:32:32 +0100
0 - 0 - 1 hacymasinuforbib.ru/proekt_dlya_ae___slayd-sh (...) 104.18.35.197
2018-12-31 02:36:47 +0100
0 - 2 - 1 hacymasinuforbib.ru/filnf.exe 104.18.34.197
2018-12-31 02:36:12 +0100
0 - 0 - 1 hacymasinuforbib.ru/olirazk.exe 104.18.34.197


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /lpQZqPsnRD.exe HTTP/1.1 
Host: hacymasinuforbib.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.18.34.197
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Date: Sat, 15 Dec 2018 19:19:14 GMT
Content-Length: 1299704
Connection: keep-alive
Set-Cookie: __cfduid=d9e5f20dd3e3000dae0e733d1bffc1cb41544901554; expires=Sun, 15-Dec-19 19:19:14 GMT; path=/; domain=.hacymasinuforbib.ru; HttpOnly
X-Powered-By: PHP/5.6.30
Content-Description: File Transfer
Content-Disposition: attachment; filename=lpQZqPsnRD.exe
Content-Transfer-Encoding: binary
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Server: cloudflare
CF-RAY: 489b42bcf2343d07-CPH


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   1299704
Md5:    85097e4d16097949e8db9dc2894e45ac
Sha1:   3b64ceb813a66688a88a329165c1deddf7be1a0b
Sha256: b6a295a0b87fd026904e2928007312408292d3ad1707dddeb6f6fe4c311be6b9

Alerts:
  Blacklists:
    - fortinet: Malware