Overview

URL szudc.ru/AutoReg.exe
IP195.208.1.108
ASNAS25535 Autonomous Non-commercial Organization 'Regional Network Information Center'
Location Russian Federation
Report completed2019-06-07 11:54:14 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-06-07 11:53:44 CEST 3  195.208.1.108 Client IP ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
2019-06-07 11:53:43 CEST 1  195.208.1.108 Client IP ET POLICY PE EXE or DLL Windows file download HTTP


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.208.1.108

Date UQ / IDS / BL URL IP
2019-06-10 18:30:34 +0200
0 - 7 - 0 alfa-color.su/ 195.208.1.108
2019-06-10 11:33:04 +0200
0 - 0 - 1 elon-promo.org/ethers 195.208.1.108
2019-06-08 22:35:16 +0200
0 - 0 - 0 arttech.school/ 195.208.1.108
2019-06-05 00:46:23 +0200
0 - 1 - 0 sibirmebel.ru/ 195.208.1.108
2019-05-30 17:37:03 +0200
0 - 0 - 24 deltransmsk.ru/ 195.208.1.108
2019-05-26 14:27:00 +0200
0 - 6 - 0 satcontrol.su/ 195.208.1.108
2019-05-25 12:39:32 +0200
0 - 0 - 0 pandora-official.moscow 195.208.1.108
2019-05-21 07:51:38 +0200
0 - 1 - 0 www.animashooter.ru/download/AnimaShooter_Cap (...) 195.208.1.108
2019-05-19 06:04:55 +0200
0 - 4 - 0 pro-m.su/ 195.208.1.108
2019-05-14 05:08:18 +0200
0 - 0 - 1 dilon6800.ru/ 195.208.1.108

Last 10 reports on ASN: AS25535 Autonomous Non-commercial Organization 'Regional Network Information Center'

Date UQ / IDS / BL URL IP
2019-06-30 01:13:57 +0200
0 - 0 - 0 ogneuporgarant.ru 195.208.1.161
2019-06-30 01:10:04 +0200
0 - 0 - 0 vladmodels.tv 212.192.194.2
2019-06-30 01:04:25 +0200
0 - 0 - 0 ogneuporgarant.ru/seemed/whatever.php 195.208.1.161
2019-06-19 00:47:13 +0200
0 - 0 - 0 rmansys.ru 194.85.95.48
2019-06-18 20:19:37 +0200
0 - 0 - 0 leto-lm.ru 195.208.1.105
2019-06-17 09:02:09 +0200
0 - 0 - 0 izplastika.ru/vzfpqeic/development.html 195.208.1.105
2019-06-15 16:53:42 +0200
0 - 0 - 10 www.teslateam.online 195.208.1.105
2019-06-11 00:14:58 +0200
0 - 6 - 0 ist.spb.su/ 195.208.1.132
2019-06-10 22:28:48 +0200
0 - 1 - 0 iftp.ru/ 195.208.1.119
2019-06-10 20:31:36 +0200
0 - 0 - 1 millenniumplaza.ru/vdu1mdv0enhmodgyoxv4 195.208.1.105

Last 2 reports on domain: szudc.ru

Date UQ / IDS / BL URL IP
2019-02-12 08:11:26 +0100
0 - 0 - 1 szudc.ru/AutoReg.exe 195.208.1.108
2018-09-23 13:52:13 +0200
0 - 0 - 1 szudc.ru/AutoReg.exe 195.208.1.108


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /AutoReg.exe HTTP/1.1 
Host: szudc.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.208.1.108
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Server: openresty/1.13.6.2
Date: Fri, 07 Jun 2019 09:53:43 GMT
Content-Length: 611709
Connection: keep-alive
Last-Modified: Tue, 14 Feb 2017 00:52:53 GMT
Etag: "58a254e5-9557d"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   611709
Md5:    d312ef2af1d1a754df6069b54a198165
Sha1:   b79b200f9a9dfe8b6c76392590a8b7c3c8db0f24
Sha256: 6f39e416c412804b00c71cbd623557c78c3867e4e6fbd31b1f192f840c416f08

Alerts:
  IDS:
    - ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
    - ET POLICY PE EXE or DLL Windows file download HTTP