urlquery.net - Report

Overview

URL	sunroofeses.info/eucap.exe
IP	195.161.41.190
ASN	AS8342 OJSC RTComm.RU
Location	Russian Federation
Report completed	2018-12-24 10:50:03 CET
Status	Loading report..
urlquery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2018-12-24 10:49:31 CET	1	195.161.41.190	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2018-12-24 10:49:31 CET	3	195.161.41.190	Client IP	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

Blacklists

MDL

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Added / Verified	Severity	Host	Comment
2018-12-24	2	sunroofeses.info/eucap.exe	Malware

DNS-BH

No alerts detected

mnemonic secure dns

Added / Verified	Severity	Host	Comment
2018-12-24	2	sunroofeses.info	Blacklisted

Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.161.41.190

Date	UQ / IDS / BL	URL	IP
2019-02-14 06:46:05 +0100	0 - 0 - 2	sunroofeses.info/eutirkub.exe	195.161.41.190
2019-02-13 06:45:26 +0100	0 - 0 - 2	sunroofeses.info/eucap.exe	195.161.41.190
2019-02-12 10:38:03 +0100	0 - 0 - 2	freesoft.website/feel/rq.exe	195.161.41.190
2019-02-10 10:45:14 +0100	0 - 0 - 2	sunroofeses.info/bin.exe	195.161.41.190
2019-02-02 02:27:58 +0100	0 - 3 - 1	freesoft.website/US/market.exe	195.161.41.190
2019-02-01 16:53:16 +0100	0 - 0 - 1	freesoft.website/loads/top/topm.exe	195.161.41.190
2019-01-31 04:21:51 +0100	0 - 0 - 2	poroshenko-best.info/mx/mxmx.exe	195.161.41.190
2019-01-31 04:21:38 +0100	0 - 0 - 1	freesoft.website/korea.exe	195.161.41.190
2019-01-31 04:20:56 +0100	0 - 0 - 2	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-01-30 10:17:10 +0100	0 - 1 - 2	sunroofeses.info/mx/mxmx.exe	195.161.41.190

Last 10 reports on ASN: AS8342 OJSC RTComm.RU

Date	UQ / IDS / BL	URL	IP
2019-02-21 22:44:57 +0100	0 - 0 - 1	mvkm-ru.1gb.ru/	81.177.174.185
2019-02-21 21:15:41 +0100	0 - 0 - 4	hostingnewyork.ru/cube.exe	217.107.34.43
2019-02-21 20:07:02 +0100	0 - 0 - 0	pskovlub.ru/owa	81.177.6.121
2019-02-21 14:26:49 +0100	0 - 0 - 4	sub7.mambaddd4.ru/bonus/crypt.exe	81.177.6.122
2019-02-21 02:20:58 +0100	0 - 1 - 39	continent-sport.ru/komandy-vysshaya-liga-a/dy (...)	81.177.140.121
2019-02-21 01:45:28 +0100	0 - 1 - 0	down-vsofte.ru/hwmonitor_1.23-setup.exe	81.177.141.243
2019-02-21 01:24:33 +0100	0 - 0 - 2	sub6.hyui3ed.ru/crpt2002/crpt2002.exe	81.177.6.121
2019-02-21 01:17:38 +0100	0 - 0 - 2	sub6.hyui3ed.ru/crpt2002/test6.exe	81.177.6.121
2019-02-21 01:16:22 +0100	0 - 0 - 2	sub6.hyui3ed.ru/crpt2002/baldr.exe	81.177.6.121
2019-02-21 01:15:24 +0100	0 - 0 - 2	sub6.hyui3ed.ru/crpt2002/@djport666.exe	81.177.6.121

Last 10 reports on domain: sunroofeses.info

Date	UQ / IDS / BL	URL	IP
2019-02-14 06:46:05 +0100	0 - 0 - 2	sunroofeses.info/eutirkub.exe	195.161.41.190
2019-02-13 06:45:26 +0100	0 - 0 - 2	sunroofeses.info/eucap.exe	195.161.41.190
2019-02-10 10:45:14 +0100	0 - 0 - 2	sunroofeses.info/bin.exe	195.161.41.190
2019-01-31 04:20:56 +0100	0 - 0 - 2	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-01-30 10:17:10 +0100	0 - 1 - 2	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-01-20 03:42:51 +0100	0 - 0 - 2	sunroofeses.info/eucap.exe	195.161.41.190
2018-12-31 02:33:07 +0100	0 - 1 - 2	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2018-12-25 02:44:37 +0100	0 - 2 - 2	sunroofeses.info/eucap.exe	195.161.41.190
2018-12-20 12:00:57 +0100	0 - 0 - 2	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2018-12-20 01:32:08 +0100	0 - 0 - 2	sunroofeses.info/mx/mxmx.exe	195.161.41.190

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Request	Response
GET /eucap.exe HTTP/1.1 Host: sunroofeses.info User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	195.161.41.190 HTTP/1.1 200 OK Content-Type: application/octet-stream Date: Mon, 24 Dec 2018 09:49:31 GMT Content-Length: 207360 Connection: keep-alive Server: Jino.ru/mod_pizza Last-Modified: Sat, 08 Dec 2018 23:07:50 GMT Etag: "3ac16a2-32a00-57c8acd043b20" Accept-Ranges: bytes --- Additional Info --- Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit Size: 207360 Md5: 16bea5c08c3d6fa2dddcee24ea1eaafa Sha1: 69e182768cb7888d5439fe5a5a3a79e73e02e6a7 Sha256: 41342e74cbb476ec9a20aabc471cd85e37597a0595bddbe10bf9960ad7543980 Alerts: Blacklists: - fortinet: Malware - mnemonic_dns: Blacklisted IDS: - ET POLICY PE EXE or DLL Windows file download HTTP - ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

Request

Response

                                        
                                            GET /eucap.exe HTTP/1.1 

                                        
                                            
Host: sunroofeses.info

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 

                                        
                                            
Accept-Language: en-us,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip,deflate 

                                        
                                            
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 

                                        
                                            
Keep-Alive: 115 

                                        
                                            
Connection: keep-alive

                                         
                                         195.161.41.190

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/octet-stream

                                        

                                        
                                            
Date: Mon, 24 Dec 2018 09:49:31 GMT 

                                        
                                            
Content-Length: 207360 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Server: Jino.ru/mod_pizza 

                                        
                                            
Last-Modified: Sat, 08 Dec 2018 23:07:50 GMT 

                                        
                                            
Etag: "3ac16a2-32a00-57c8acd043b20" 

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit

                                                Size:   207360

                                                Md5:    16bea5c08c3d6fa2dddcee24ea1eaafa

                                                Sha1:   69e182768cb7888d5439fe5a5a3a79e73e02e6a7

                                                Sha256: 41342e74cbb476ec9a20aabc471cd85e37597a0595bddbe10bf9960ad7543980

                                            

                                            
                                                
Alerts:

                                                

                                                
                                                      Blacklists:

                                                    
                                                            - fortinet: Malware

                                                    
                                                            - mnemonic_dns: Blacklisted

                                                    
                                                
                                                
                                                
                                                      IDS:

                                                    
                                                            - ET POLICY PE EXE or DLL Windows file download HTTP 

                                                    
                                                            - ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)