Overview

URL www.thegtaplace.com/downloads/gtasa/trainers/gtasa10trainer.zip
IP104.28.9.104
ASNAS13335 CloudFlare, Inc.
Location United States
Report completed2018-05-16 23:30:04 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-05-16 2 www.thegtaplace.com/downloads/gtasa/trainers/gtasa10trainer.zip Malware
2018-05-16 2 www.thegtaplace.com/downloads/gtasa/trainers/gtasa10trainer.zip Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.28.9.104

Date UQ / IDS / BL URL IP
2018-08-14 14:31:42 +0200
0 - 0 - 2 www.thegtaplace.com/downloads/gtasa/trainers/ (...) 104.28.9.104
2018-08-14 09:30:52 +0200
0 - 0 - 2 www.thegtaplace.com/downloads/gtasa/trainers/ (...) 104.28.9.104
2018-08-14 02:15:45 +0200
0 - 0 - 2 www.thegtaplace.com/downloads/gtasa/trainers/ (...) 104.28.9.104
2018-08-14 01:30:42 +0200
0 - 0 - 2 www.thegtaplace.com/downloads/gtasa/trainers/ (...) 104.28.9.104
2018-08-14 01:15:36 +0200
0 - 0 - 2 www.thegtaplace.com/downloads/gtasa/trainers/ (...) 104.28.9.104
2018-08-13 22:31:37 +0200
0 - 0 - 2 www.thegtaplace.com/downloads/gtasa/trainers/ (...) 104.28.9.104
2018-08-13 21:15:51 +0200
0 - 0 - 2 www.thegtaplace.com/downloads/gtasa/trainers/ (...) 104.28.9.104
2018-08-13 19:15:37 +0200
0 - 0 - 2 www.thegtaplace.com/downloads/gtasa/trainers/ (...) 104.28.9.104
2018-08-13 17:15:57 +0200
0 - 0 - 2 www.thegtaplace.com/downloads/gtasa/trainers/ (...) 104.28.9.104
2018-08-13 14:31:52 +0200
0 - 0 - 2 www.thegtaplace.com/downloads/gtasa/trainers/ (...) 104.28.9.104

Last 10 reports on ASN: AS13335 CloudFlare, Inc.

Date UQ / IDS / BL URL IP
2018-08-15 17:30:07 +0200
0 - 0 - 1 downloadvideobokep.net/ 104.31.78.142
2018-08-15 17:25:49 +0200
0 - 0 - 0 https://paper.tuisec.win/detail/3ae05c1f04001ea 104.27.157.39
2018-08-15 17:25:38 +0200
0 - 0 - 0 104.16.160.215 104.16.160.215
2018-08-15 17:22:58 +0200
0 - 0 - 0 https://pastebin.com/LuPMpdei 104.20.208.21
2018-08-15 17:20:43 +0200
0 - 0 - 0 https://medium.com/p/7fc27c56d41c/ 104.16.122.127
2018-08-15 17:20:26 +0200
0 - 0 - 1 www.amazingproductclub.com/rty/INVOICE%20PAYM (...) 104.28.13.56
2018-08-15 17:12:35 +0200
0 - 0 - 0 https://cta-redirect.hubspot.com/cta/redirect (...) 104.16.251.5
2018-08-15 17:08:34 +0200
0 - 0 - 0 https://www.snapuptickets.com/events/detail/2 (...) 104.25.53.116
2018-08-15 17:06:25 +0200
0 - 0 - 0 104.16.109.30 104.16.109.30
2018-08-15 17:03:45 +0200
0 - 1 - 0 www.topshape.me/lp/2sh/index.html?cid=814151247 104.31.94.52

No other reports on domain: thegtaplace.com



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (7)


Request Response
                                        
                                            GET /downloads/gtasa/trainers/gtasa10trainer.zip HTTP/1.1 
Host: www.thegtaplace.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.28.9.104
HTTP/1.1 301 Moved Permanently
                                        
Date: Wed, 16 May 2018 21:29:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 16 May 2018 22:29:32 GMT
Location: https://www.thegtaplace.com/downloads/gtasa/trainers/gtasa10trainer.zip
Server: cloudflare
CF-RAY: 41c0f0b7a3e142af-OSL


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 13 May 2018 20:34:24 GMT
Etag: 998C0308C1D8B39A1399220214A729E799FCDF30
X-OCSP-Responder-ID: rmdccaocsp33
Content-Length: 279
Cache-Control: public, no-transform, must-revalidate, max-age=1781
Expires: Wed, 16 May 2018 21:59:13 GMT
Date: Wed, 16 May 2018 21:29:32 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   279
Md5:    5bbf0b7ada4fcd521a0564a24bd1b36e
Sha1:   998c0308c1d8b39a1399220214a729e799fcdf30
Sha256: 85b68835c10d4b8633e05708c288cc9743bcc5208da46039e4718f4810bb05e6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.comodoca4.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Tue, 15 May 2018 09:10:02 GMT
Etag: EE8EF524B2FE4FBE47694B7ACB85E084561CAFF5
X-OCSP-Responder-ID: rmdccaocsp19
Content-Length: 313
Cache-Control: public, no-transform, must-revalidate, max-age=785
Expires: Wed, 16 May 2018 21:42:37 GMT
Date: Wed, 16 May 2018 21:29:32 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   313
Md5:    de02959710d00fcbe6619f49e9a2a24f
Sha1:   ee8ef524b2fe4fbe47694b7acb85e084561caff5
Sha256: a9be9465a8254197793fa9fcaa3a2bbd18fdeef97b1b5e784be6a31edaea6800
                                        
                                            GET /404.html HTTP/1.1 
Host: thegtaplace.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d8bb308a5c58f56a49dfb6b449425cbe51526506172

                                         
                                         104.28.8.104
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Wed, 16 May 2018 21:29:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 22 May 2007 14:24:13 GMT
Vary: Accept-Encoding
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 41c0f0bc4ec34267-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   940
Md5:    830f465abbab86991f34805f3653b228
Sha1:   f0432c1fdd8f160c2b57567fc5bc513eade41065
Sha256: c2e370ef2aa1c493f7f9d23fdffffb2007577e7fa4cf05a1bd7016d0f628a8fb
                                        
                                            GET /images/tgtapcom.gif HTTP/1.1 
Host: thegtaplace.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: https://thegtaplace.com/404.html
Cookie: __cfduid=d8bb308a5c58f56a49dfb6b449425cbe51526506172

                                         
                                         104.28.8.104
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Wed, 16 May 2018 21:29:32 GMT
Content-Length: 2427
Connection: keep-alive
Last-Modified: Fri, 13 Apr 2007 17:37:11 GMT
Cache-Control: public, max-age=864000
Expires: Sat, 26 May 2018 21:29:32 GMT
CF-Cache-Status: HIT
Vary: Accept-Encoding
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 41c0f0bccf134267-OSL


--- Additional Info ---
Magic:  GIF image data, version 89a, 468 x 60
Size:   2427
Md5:    3a0ae89792c86394ad92f01b0570c59d
Sha1:   e15566f9049df1c067a376955f4af3612f994183
Sha256: d37c133a8764c65a8fd1987d95b4b02deb89ec0988545671b0bed4a93ca3ece3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: thegtaplace.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d8bb308a5c58f56a49dfb6b449425cbe51526506172

                                         
                                         104.28.8.104
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Wed, 16 May 2018 21:29:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 01 Aug 2011 14:31:01 GMT
CF-Cache-Status: REVALIDATED
Vary: Accept-Encoding
Expires: Wed, 23 May 2018 21:29:33 GMT
Cache-Control: public, max-age=604800
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 41c0f0bd3f4e4267-OSL
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1169
Md5:    097a05f958c6b430b9ce9e2d6e5a3ec8
Sha1:   fa6f0abedb97a6820293e60b074a1615b4f165a9
Sha256: 32110c8d9b37a903d7b30466c4fd92bb62982cb450cd67deba65ec2417dcda39
                                        
                                            GET /downloads/gtasa/trainers/gtasa10trainer.zip HTTP/1.1 
Host: www.thegtaplace.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.28.9.104
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Wed, 16 May 2018 21:29:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d8bb308a5c58f56a49dfb6b449425cbe51526506172; expires=Thu, 16-May-19 21:29:32 GMT; path=/; domain=.thegtaplace.com; HttpOnly; Secure
Location: https://thegtaplace.com/404.html
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 41c0f0bb185e428b-OSL


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware