Overview

URL css-navi.clan.su/_ld/0/76_1908_Crash..rar
IP195.216.243.40
ASNAS29226 CJSC Mastertel
Location Russian Federation
Report completed2018-07-13 03:26:51 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-07-13 03:26:06 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-07-13 03:26:05 CEST 2 Client IP  Internal IP ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2018-07-13 03:26:06 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-07-13 03:26:06 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.216.243.40

Date UQ / IDS / BL URL IP
2018-10-13 03:53:42 +0200
0 - 1 - 11 klik1.ucoz.ru/ 195.216.243.40
2018-10-08 20:11:18 +0200
0 - 3 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-05 23:26:24 +0200
0 - 5 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-05 15:45:52 +0200
0 - 0 - 1 soft-downloads.3dn.ru/_ld/3/363_victoria_dout (...) 195.216.243.40
2018-10-05 14:26:01 +0200
0 - 2 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-04 13:25:44 +0200
0 - 4 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-04 07:25:42 +0200
0 - 2 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-04 05:25:44 +0200
0 - 2 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-03 20:25:34 +0200
0 - 1 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-03 13:25:48 +0200
0 - 5 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40

Last 10 reports on ASN: AS29226 CJSC Mastertel

Date UQ / IDS / BL URL IP
2018-11-20 18:56:19 +0100
0 - 4 - 0 torrent-file.top/load/0-0-0-451-20 195.216.243.124
2018-11-19 11:46:24 +0100
0 - 0 - 0 https://u.to/iHQeFA 195.216.243.155
2018-11-18 11:00:43 +0100
0 - 0 - 14 aktivator-windows.net/load/aktivatory_dlja_wi (...) 195.216.243.12
2018-11-16 11:47:18 +0100
0 - 1 - 0 moneyzone.ucoz.net/ 195.216.243.43
2018-11-16 10:39:17 +0100
0 - 0 - 0 u.to 195.216.243.155
2018-11-16 10:30:41 +0100
0 - 0 - 1 only-vip.kz/ 195.216.243.17
2018-11-15 15:24:22 +0100
0 - 1 - 0 lotsman.su/ 195.216.243.218
2018-11-14 22:35:52 +0100
0 - 0 - 1 hramkgu.ru/ 195.216.243.31
2018-11-14 22:21:14 +0100
0 - 5 - 0 utu.su/ 195.216.243.124
2018-11-14 17:37:30 +0100
0 - 0 - 0 forworship.my1.ru/favicon.ico 195.216.243.130

No other reports on domain: clan.su



JavaScript

Executed Scripts (5)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (17)


Request Response
                                        
                                            GET /_ld/0/76_1908_Crash..rar HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.216.243.40
HTTP/1.1 503 Service Temporarily Unavailable
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 01:26:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   2665
Md5:    4e8e963aac9e640a6a77df78ae5081c2
Sha1:   651bd0fdba4763620d267d4ff4b3994ac57f5374
Sha256: bf08c841f19786c02634029d819c7807594b1c713645cbabc02250aae1e4d014
                                        
                                            GET /.serr/css/style.css HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 01:26:05 GMT
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5b45b395-4c25"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4288
Md5:    d0f39f32aaa12c4c859ceaa37cfc1939
Sha1:   4357fcee86a3ad7021ee86c488637b64a8fb5c71
Sha256: ca887f3286831ee1ff78614f4347ef203068bc41b7812a82ad4a271384f14e8a

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         172.217.21.170
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 32954
Date: Wed, 11 Jul 2018 12:42:43 GMT
Expires: Thu, 11 Jul 2019 12:42:43 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 132203


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   32954
Md5:    68263720f8747715639ad6a9020dd9fa
Sha1:   121c84759a7366e4a22da1c55f07bd25a3c3a6d9
Sha256: 8632e8030f860c40b4fef513a33ef06ba067b682d461e27d4ed4ff15ee87c836
                                        
                                            GET /.serr/js/core.js HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 01:26:06 GMT
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5b45b395-19e"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   234
Md5:    6d2afededfa7410e2a2a1e4ac9bebb2e
Sha1:   f83e4b38412d51d14d6ccae931ec81152ce4ed9b
Sha256: 287ef7fee8741c621fd524723adca348f2f1a9cf522ac12aa5c2971a5f1b6a3e

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /metrika/watch.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         93.158.134.119
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 01:26:06 GMT
Content-Length: 184
Connection: keep-alive
Location: https://mc.yandex.ru/metrika/watch.js


--- Additional Info ---
Magic:  HTML document text
Size:   184
Md5:    803493a1e438da1e67b84a76fa86bdda
Sha1:   9dca8b04cd8f0f715f14546b5f747aabbba7de47
Sha256: 82e7512bb763ef84d4ff4c9f8998fbff4b461ee5416741db743d5e4584d2ec45
                                        
                                            GET /.serr/img/ulogo.svg HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/.serr/css/style.css

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 01:26:06 GMT
Content-Length: 4235
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "5b45b395-108b"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012 XML document text
Size:   4235
Md5:    993299552bfd263cd4a75ad398e75b58
Sha1:   3fc9ad991516b8ad0c6553a05de4a8c9759c5020
Sha256: c660064588748948fcadc6a86b73dcb981d124c370b0ba764fe8a210854f6cd5
                                        
                                            POST /gsorganizationvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 13 Jul 2018 01:26:06 GMT
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d23000a8c60b5d9276f5c47bdcf25a1e61531445166; expires=Sat, 13-Jul-19 01:26:06 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Thu, 12 Jul 2018 22:31:38 GMT
Expires: Mon, 16 Jul 2018 22:31:38 GMT
Etag: "bed825272d7a25fd2df5e5281489855d7982d4e0"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4397f5a2603f4285-OSL


--- Additional Info ---
Magic:  data
Size:   1570
Md5:    7b0afef9973d91ed535d5074c08d71ad
Sha1:   bed825272d7a25fd2df5e5281489855d7982d4e0
Sha256: edaaa0756d34f40d56951cabe805e7f586d2a8080bb56831033406e82ca7cb06
                                        
                                            GET /metrika/watch.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 01:26:06 GMT
Content-Length: 42893
Last-Modified: Wed, 11 Jul 2018 12:52:56 GMT
Connection: keep-alive
Etag: "5b45fda8-a78d"
Content-Encoding: gzip
Expires: Fri, 13 Jul 2018 02:26:06 GMT
Cache-Control: max-age=3600
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, from Unix, last modified: Wed Jul 11 13:20:33 2018
Size:   42893
Md5:    b25438f962bb390cdb31b6764d2d8324
Sha1:   53360eb8759c949facd30b24dfc4d1b0f40db7b7
Sha256: c993c4cc851f929d93e0897b8d0a5f0e847b95a191510e0f9bb769dd1a67d8f3
                                        
                                            GET /.serr/img/404.png HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/.serr/css/style.css

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 01:26:06 GMT
Content-Length: 93328
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "5b45b395-16c90"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 555 x 289, 8-bit/color RGBA, non-interlaced
Size:   93328
Md5:    b49480282d51d93c68a9d6fefd3fdbde
Sha1:   ea45a1ca56f4d4342316c357a6d4b961a775ccb8
Sha256: 12c702f931513d9a38b2d17ee2acae1308486e7b38fab5adc84c1f02b72ac620
                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 01:26:08 GMT
Content-Length: 61
Last-Modified: Mon, 12 Oct 2015 13:09:09 GMT
Connection: keep-alive
Etag: "561bb0f5-3d"
Content-Encoding: gzip
Expires: Fri, 13 Jul 2018 02:26:08 GMT
Cache-Control: max-age=3600
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, was "advert.gif", from Unix, last modified: Mon Oct 12 15:06:12 2015
Size:   61
Md5:    aad2d5e940637a676e25e6cc7a684a83
Sha1:   c77946775d4c1719c48eb691edfbcf873b0738f5
Sha256: d9d219b8ba39a549d43400945b848dde73269f25dab5b75b85439c451ca0a525
                                        
                                            OPTIONS /watch/24122689?wmode=7&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x775%3Az%3A120%3Ai%3A20180713032607%3Aet%3A1531445168%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A851489646808%3Arqn%3A1%3Arn%3A957089657%3Ahid%3A1038494256%3Awn%3A15811%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531445168%3Au%3A1531445167895710315%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://css-navi.clan.su
Access-Control-Request-Method: POST

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 01:26:08 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
                                        
                                            GET /watch/24122689?wmode=5&callback=_ymjsp249541806&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x775%3Az%3A120%3Ai%3A20180713032607%3Aet%3A1531445168%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A851489646808%3Arqn%3A1%3Arn%3A957089657%3Ahid%3A1038494256%3Awn%3A15811%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531445168%3Au%3A1531445167895710315%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         93.158.134.119
HTTP/1.1 302 Found
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 01:26:08 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Fri, 13 Jul 2018 01:26:08 GMT
Expires: Fri, 13 Jul 2018 01:26:08 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: yandexuid=4259564601531445168; domain=.yandex.ru; path=/; expires=Sat, 13-Jul-2019 01:26:08 GMT yabs-sid=147190891531445168; path=/ i=FnUrMRm99DtJ2cAR2Xxtuh+yVSduO7t+F1+JXOCS47FE+GNY/3E8VLLnRlygx8nrfWt5Bhb7zqoAzzVQjQCDB1Ju/wI=; Expires=Sat, 13-Jul-2019 01:26:08 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly yp=1562981168.yrts.1531445168#1562981168.yrtsi.1531445168; domain=.yandex.ru; path=/; expires=Mon, 10-Jul-2028 01:26:08 GMT
Location: https://mc.yandex.ru/watch/24122689/1?wmode=5&callback=_ymjsp249541806&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x775%3Az%3A120%3Ai%3A20180713032607%3Aet%3A1531445168%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A851489646808%3Arqn%3A1%3Arn%3A957089657%3Ahid%3A1038494256%3Awn%3A15811%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531445168%3Au%3A1531445167895710315%3At%3A503%20-%20Failed%20to%20load%20website
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1171
Md5:    3b654d8f23f835babd9fb5337f91ddaf
Sha1:   72b1bd508b3c850d75c55a85718473c076acea45
Sha256: 2ee9ce85f16481613a1fa097da5a4a0fc2ff1ae5f91264e3e770106b95c2d167
                                        
                                            GET /watch/24122689/1?wmode=5&callback=_ymjsp249541806&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x775%3Az%3A120%3Ai%3A20180713032607%3Aet%3A1531445168%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A851489646808%3Arqn%3A1%3Arn%3A957089657%3Ahid%3A1038494256%3Awn%3A15811%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531445168%3Au%3A1531445167895710315%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
Cookie: yandexuid=4259564601531445168; yabs-sid=147190891531445168; i=FnUrMRm99DtJ2cAR2Xxtuh+yVSduO7t+F1+JXOCS47FE+GNY/3E8VLLnRlygx8nrfWt5Bhb7zqoAzzVQjQCDB1Ju/wI=; yp=1562981168.yrts.1531445168#1562981168.yrtsi.1531445168

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 01:26:08 GMT
Content-Length: 111
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Fri, 13 Jul 2018 01:26:08 GMT
Expires: Fri, 13 Jul 2018 01:26:08 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   111
Md5:    4d7e259fd048926075cab0474e3c6216
Sha1:   5f5e98e7b55a009dfd3c23a97edade0421a3655d
Sha256: a2590bec5a86c2098616622ac223c46573cbf8b70d280d1de2024dc2ab448597
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ym_uid=1531445167895710315; _ym_d=1531445167; _ym_isad=2; _ym_visorc_24122689=w

                                         
                                         195.216.243.40
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 01:26:09 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2561
Md5:    5585aa3a5ee4b83b05b5ca496a21e659
Sha1:   dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            OPTIONS /watch/24122689?page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A7%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x775%3Az%3A120%3Ai%3A20180713032623%3Aet%3A1531445183%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A298%3Als%3A851489646808%3Arqn%3A2%3Arn%3A886966098%3Ahid%3A1038494256%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531445183%3Au%3A1531445167895710315 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://css-navi.clan.su
Access-Control-Request-Method: POST

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 01:26:23 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
                                        
                                            GET /watch/24122689?page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A4%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x775%3Az%3A120%3Ai%3A20180713032623%3Aet%3A1531445183%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A298%3Als%3A851489646808%3Arqn%3A2%3Arn%3A886966098%3Ahid%3A1038494256%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531445183%3Au%3A1531445167895710315 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
Cookie: yandexuid=4259564601531445168; yabs-sid=147190891531445168; i=FnUrMRm99DtJ2cAR2Xxtuh+yVSduO7t+F1+JXOCS47FE+GNY/3E8VLLnRlygx8nrfWt5Bhb7zqoAzzVQjQCDB1Ju/wI=; yp=1562981168.yrts.1531445168#1562981168.yrtsi.1531445168

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 01:26:23 GMT
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Fri, 13 Jul 2018 01:26:23 GMT
Expires: Fri, 13 Jul 2018 01:26:23 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.216.243.40
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 01:26:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related