urlquery.net - Report

Overview

URL	sunroofeses.info/eucap.exe
IP	195.161.41.190
ASN	AS8342 OJSC RTComm.RU
Location	Russian Federation
Report completed	2018-12-24 10:50:03 CET
Status	Loading report..
urlquery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2018-12-24 10:49:31 CET	1	195.161.41.190	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2018-12-24 10:49:31 CET	3	195.161.41.190	Client IP	ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

Blacklists

MDL

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Added / Verified	Severity	Host	Comment
2018-12-24	2	sunroofeses.info/eucap.exe	Malware

DNS-BH

No alerts detected

mnemonic secure dns

Added / Verified	Severity	Host	Comment
2018-12-24	2	sunroofeses.info	Blacklisted

Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.161.41.190

Date	UQ / IDS / BL	URL	IP
2019-04-13 20:19:55 +0200	0 - 0 - 1	ostappnp.myjino.ru/sc.exe	195.161.41.190
2019-04-13 05:34:13 +0200	0 - 0 - 4	sunroofeses.info/eutirkub.exe	195.161.41.190
2019-04-12 19:39:45 +0200	0 - 0 - 4	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-04-12 00:49:19 +0200	0 - 0 - 4	sunroofeses.info/eucap.exe	195.161.41.190
2019-03-22 22:13:56 +0100	0 - 0 - 4	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-03-22 20:32:47 +0100	0 - 0 - 4	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-03-21 09:35:51 +0100	0 - 0 - 4	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-03-07 12:04:29 +0100	0 - 0 - 2	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-03-07 11:56:30 +0100	0 - 0 - 2	freesoft.website/US/market.exe	195.161.41.190
2019-03-07 11:52:33 +0100	0 - 0 - 2	freesoft.website/feel/rq.exe	195.161.41.190

Last 10 reports on ASN: AS8342 OJSC RTComm.RU

Date	UQ / IDS / BL	URL	IP
2019-04-20 14:12:46 +0200	0 - 0 - 2	uxqr.boyuberq.ru/formgrab.exe	81.177.140.54
2019-04-20 12:00:52 +0200	0 - 0 - 2	uxqr.boyuberq.ru/formgrab.exe	81.177.140.54
2019-04-20 08:02:51 +0200	0 - 0 - 2	uxqr.boyuberq.ru/formgrab.exe	81.177.140.54
2019-04-20 08:00:32 +0200	0 - 0 - 1	prostocrack.ru/wp-content/uploads/2015/04/Scr (...)	81.177.135.169
2019-04-20 07:51:18 +0200	0 - 0 - 4	777ton.ru/80981fwphte/biz/smallbusiness	81.177.141.142
2019-04-20 06:56:38 +0200	0 - 0 - 17	mergroup.ru/76328	81.177.140.21
2019-04-20 05:46:46 +0200	0 - 0 - 16	mergroup.ru/category/furniture_1/category_827 (...)	81.177.140.21
2019-04-20 05:05:30 +0200	0 - 0 - 1	yumyumhostel.myjino.ru/	81.177.135.31
2019-04-20 04:58:31 +0200	0 - 0 - 39	continent-sport.ru/menedzher-liga-v/kalendar-igr	81.177.140.121
2019-04-20 04:50:43 +0200	0 - 0 - 1	angar.working-group.ru/wp-content/themes/MTBa (...)	81.177.141.82

Last 10 reports on domain: sunroofeses.info

Date	UQ / IDS / BL	URL	IP
2019-04-13 05:34:13 +0200	0 - 0 - 4	sunroofeses.info/eutirkub.exe	195.161.41.190
2019-04-12 19:39:45 +0200	0 - 0 - 4	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-04-12 00:49:19 +0200	0 - 0 - 4	sunroofeses.info/eucap.exe	195.161.41.190
2019-03-22 22:13:56 +0100	0 - 0 - 4	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-03-22 20:32:47 +0100	0 - 0 - 4	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-03-21 09:35:51 +0100	0 - 0 - 4	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-03-07 12:04:29 +0100	0 - 0 - 2	sunroofeses.info/mx/mxmx.exe	195.161.41.190
2019-03-07 11:47:11 +0100	0 - 0 - 2	sunroofeses.info/eucap.exe	195.161.41.190
2019-02-14 06:46:05 +0100	0 - 0 - 2	sunroofeses.info/eutirkub.exe	195.161.41.190
2019-02-13 06:45:26 +0100	0 - 0 - 2	sunroofeses.info/eucap.exe	195.161.41.190

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Request	Response
GET /eucap.exe HTTP/1.1 Host: sunroofeses.info User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	195.161.41.190 HTTP/1.1 200 OK Content-Type: application/octet-stream Date: Mon, 24 Dec 2018 09:49:31 GMT Content-Length: 207360 Connection: keep-alive Server: Jino.ru/mod_pizza Last-Modified: Sat, 08 Dec 2018 23:07:50 GMT Etag: "3ac16a2-32a00-57c8acd043b20" Accept-Ranges: bytes --- Additional Info --- Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit Size: 207360 Md5: 16bea5c08c3d6fa2dddcee24ea1eaafa Sha1: 69e182768cb7888d5439fe5a5a3a79e73e02e6a7 Sha256: 41342e74cbb476ec9a20aabc471cd85e37597a0595bddbe10bf9960ad7543980 Alerts: Blacklists: - fortinet: Malware - mnemonic_dns: Blacklisted IDS: - ET POLICY PE EXE or DLL Windows file download HTTP - ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

Request

Response

                                        
                                            GET /eucap.exe HTTP/1.1 

                                        
                                            
Host: sunroofeses.info

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 

                                        
                                            
Accept-Language: en-us,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip,deflate 

                                        
                                            
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 

                                        
                                            
Keep-Alive: 115 

                                        
                                            
Connection: keep-alive

                                         
                                         195.161.41.190

                                        
                                            HTTP/1.1 200 OK 

                                        
                                            
Content-Type: application/octet-stream

                                        

                                        
                                            
Date: Mon, 24 Dec 2018 09:49:31 GMT 

                                        
                                            
Content-Length: 207360 

                                        
                                            
Connection: keep-alive 

                                        
                                            
Server: Jino.ru/mod_pizza 

                                        
                                            
Last-Modified: Sat, 08 Dec 2018 23:07:50 GMT 

                                        
                                            
Etag: "3ac16a2-32a00-57c8acd043b20" 

                                        
                                            
Accept-Ranges: bytes 

                                        
                                            
 

                                        
                                        
                                            

                                            --- Additional Info ---

                                            
                                                Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit

                                                Size:   207360

                                                Md5:    16bea5c08c3d6fa2dddcee24ea1eaafa

                                                Sha1:   69e182768cb7888d5439fe5a5a3a79e73e02e6a7

                                                Sha256: 41342e74cbb476ec9a20aabc471cd85e37597a0595bddbe10bf9960ad7543980

                                            

                                            
                                                
Alerts:

                                                

                                                
                                                      Blacklists:

                                                    
                                                            - fortinet: Malware

                                                    
                                                            - mnemonic_dns: Blacklisted

                                                    
                                                
                                                
                                                
                                                      IDS:

                                                    
                                                            - ET POLICY PE EXE or DLL Windows file download HTTP 

                                                    
                                                            - ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)