Overview

URL https://cleartypeswitch.com/cleartypeswitch1.exe
IP46.21.147.251
ASNAS35017 Swiftway Sp. z o.o.
Location Netherlands
Report completed2019-02-20 22:20:31 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-02-20 2 cleartypeswitch.com/cleartypeswitch1.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 46.21.147.251

Date UQ / IDS / BL URL IP
2019-03-21 23:31:22 +0100
0 - 0 - 2 rivesam.com/zz/ASE.exe 46.21.147.251
2019-03-21 03:34:34 +0100
0 - 0 - 1 https://xtromac.com/index.php/?email=jingjung (...) 46.21.147.251
2019-03-11 22:26:20 +0100
0 - 0 - 8 mailveri.us/hate!.exe 46.21.147.251
2019-03-09 08:54:05 +0100
0 - 0 - 1 files3.download.sxd.gvti.info/contract1.doc 46.21.147.251
2019-03-06 23:59:05 +0100
0 - 0 - 1 intarmover.org/we/pk.exe 46.21.147.251
2019-03-06 03:26:55 +0100
0 - 0 - 8 cleartypeswitch.com/cleartypeswitch8.exe 46.21.147.251
2019-03-06 02:31:31 +0100
0 - 0 - 7 mailveri.us/oricryt.exe 46.21.147.251
2019-03-05 23:57:01 +0100
0 - 0 - 8 cleartypeswitch.com/cleartypeswitch8.exe 46.21.147.251
2019-03-05 11:03:22 +0100
0 - 0 - 8 cleartypeswitch.com/cleartypeswitch6.exe 46.21.147.251
2019-03-05 01:07:21 +0100
0 - 1 - 0 mailveri.us/oricryt.exe 46.21.147.251

Last 10 reports on ASN: AS35017 Swiftway Sp. z o.o.

Date UQ / IDS / BL URL IP
2019-03-24 14:22:31 +0100
0 - 1 - 0 c.paypalcom.giize.com/ 23.227.207.136
2019-03-23 11:22:35 +0100
3 - 0 - 10 inkopah.com/docusign/docusign/ 37.72.171.98
2019-03-23 08:31:48 +0100
3 - 2 - 10 inkopah.com/docusign/docusign/ 37.72.171.98
2019-03-23 05:53:32 +0100
0 - 1 - 0 thefappening.top/Madeline%20Kahn 37.1.211.173
2019-03-23 04:04:29 +0100
3 - 0 - 11 inkopah.com/docusign/docusign 37.72.171.98
2019-03-22 04:30:12 +0100
0 - 0 - 1 zhangqiufangchanwang.com/pub/02.doc 198.176.54.13
2019-03-22 04:29:59 +0100
0 - 0 - 1 zhangqiufangchanwang.com/pub/03.doc 198.176.54.13
2019-03-22 04:06:21 +0100
0 - 0 - 1 zhangqiufangchanwang.com/pub/08.doc 198.176.54.13
2019-03-22 04:06:19 +0100
0 - 0 - 1 zhangqiufangchanwang.com/pub/04.doc 198.176.54.13
2019-03-22 04:06:02 +0100
0 - 0 - 1 zhangqiufangchanwang.com/pub/06.doc 198.176.54.13

Last 10 reports on domain: cleartypeswitch.com

Date UQ / IDS / BL URL IP
2019-03-06 03:26:55 +0100
0 - 0 - 8 cleartypeswitch.com/cleartypeswitch8.exe 46.21.147.251
2019-03-05 23:57:01 +0100
0 - 0 - 8 cleartypeswitch.com/cleartypeswitch8.exe 46.21.147.251
2019-03-05 11:03:22 +0100
0 - 0 - 8 cleartypeswitch.com/cleartypeswitch6.exe 46.21.147.251
2019-03-04 10:44:32 +0100
0 - 0 - 1 cleartypeswitch.com/cleartypeswitch6.exe 46.21.147.251
2019-03-04 10:38:04 +0100
0 - 0 - 1 https://cleartypeswitch.com/cleartypeswitch8.exe 46.21.147.251
2019-02-22 05:27:27 +0100
0 - 2 - 1 cleartypeswitch.com/cleartypeswitch1.exe 46.21.147.251
2019-02-22 02:41:42 +0100
0 - 2 - 1 cleartypeswitch.com/cleartypeswitch1.exe 46.21.147.251
2019-02-20 09:00:57 +0100
0 - 1 - 1 cleartypeswitch.com/postback.exe 46.21.147.251
2019-02-19 21:04:09 +0100
0 - 0 - 1 cleartypeswitch.com/postback.exe 46.21.147.251
2019-02-19 17:16:08 +0100
0 - 0 - 1 https://cleartypeswitch.com/postback.exe 46.21.147.251


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (4)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.16
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Wed, 20 Feb 2019 11:08:33 GMT
Etag: 37F2A10817FCE3141C82947D0176278AE9CDBE42
X-OCSP-Responder-ID: mcdpcaocsp15
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=308313
Expires: Sun, 24 Feb 2019 10:58:32 GMT
Date: Wed, 20 Feb 2019 21:19:59 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    56175a906362498e0569a71f8ef9c1ad
Sha1:   37f2a10817fce3141c82947d0176278ae9cdbe42
Sha256: 816947199f42b84664fff7fb70b34af108037000f8734a4a1cf989a06e1883b0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 17 Feb 2019 02:40:12 GMT
Etag: 9EC8E0F9C53602803C901C929EA65ECBD9509031
X-OCSP-Responder-ID: mcdpcaocsp15
Content-Length: 727
Cache-Control: public, no-transform, must-revalidate, max-age=277817
Expires: Sun, 24 Feb 2019 02:30:16 GMT
Date: Wed, 20 Feb 2019 21:19:59 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   727
Md5:    2b28055256750cf4d532a32a9f885f9f
Sha1:   9ec8e0f9c53602803c901c929ea65ecbd9509031
Sha256: 3e384545a6b10c400264efc43c3a3bd09949eb564f2ae68fccc5cbbec8357cc4
                                        
                                            POST / HTTP/1.1 
Host: ocsp.usertrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Last-Modified: Sun, 17 Feb 2019 02:40:12 GMT
Etag: 20A9A89BCDEE3096FEC98B69322A1723EF629296
X-OCSP-Responder-ID: mcdpcaocsp15
Content-Length: 471
Cache-Control: public, no-transform, must-revalidate, max-age=277789
Expires: Sun, 24 Feb 2019 02:29:48 GMT
Date: Wed, 20 Feb 2019 21:19:59 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   471
Md5:    350e146a1e80a91a88eb04b5a6be5697
Sha1:   20a9a89bcdee3096fec98b69322a1723ef629296
Sha256: fbad8111efc3c578d9d2beb71d207e1cbaebf0d289f63ace837aaa37f2e4e7c4
                                        
                                            GET /cleartypeswitch1.exe HTTP/1.1 
Host: cleartypeswitch.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         46.21.147.251
HTTP/1.1 200 OK
Content-Type: application/x-msdownload
                                        
Etag: "410c00-5c6dbd9a-3e7df13b5845cd7d;;;"
Last-Modified: Wed, 20 Feb 2019 20:50:34 GMT
Content-Length: 4262912
Accept-Ranges: bytes
Date: Wed, 20 Feb 2019 21:19:59 GMT
Server: LiteSpeed
Alt-Svc: quic=":443"; ma=2592000; v="35,39,43,44"
Connection: Keep-Alive


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   4262912
Md5:    0753209ce0768a4c64dcea2ccbe26b5a
Sha1:   822b7a459a3e82135e2cd0378a053c068fd96def
Sha256: 42000e1721b4214b894a25806b32316027f731ab1ec09e8668bde8f6da698393

Alerts:
  Blacklists:
    - fortinet: Malware