Overview

URL css-navi.clan.su/_ld/0/76_1908_Crash..rar
IP195.216.243.40
ASNAS29226 CJSC Mastertel
Location Russian Federation
Report completed2018-09-23 22:26:00 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-09-23 22:25:26 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-09-23 22:25:27 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-09-23 22:25:30 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-09-23 22:25:27 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-09-23 22:25:27 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.216.243.40

Date UQ / IDS / BL URL IP
2018-10-13 03:53:42 +0200
0 - 1 - 11 klik1.ucoz.ru/ 195.216.243.40
2018-10-08 20:11:18 +0200
0 - 3 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-05 23:26:24 +0200
0 - 5 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-05 15:45:52 +0200
0 - 0 - 1 soft-downloads.3dn.ru/_ld/3/363_victoria_dout (...) 195.216.243.40
2018-10-05 14:26:01 +0200
0 - 2 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-04 13:25:44 +0200
0 - 4 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-04 07:25:42 +0200
0 - 2 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-04 05:25:44 +0200
0 - 2 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-03 20:25:34 +0200
0 - 1 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-10-03 13:25:48 +0200
0 - 5 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40

Last 10 reports on ASN: AS29226 CJSC Mastertel

Date UQ / IDS / BL URL IP
2018-10-16 17:19:57 +0200
0 - 5 - 0 kapatelu.clan.su/ 195.216.243.12
2018-10-16 06:25:27 +0200
0 - 2 - 0 enginegame.net/load/0-0-0-1440-20 195.216.243.130
2018-10-15 08:51:53 +0200
0 - 0 - 0 https://u.to/1vjLEw 195.216.243.155
2018-10-13 22:39:28 +0200
0 - 1 - 0 shrimps.clan.su/_ld/0/3_HideToolz.rar 195.216.243.20
2018-10-13 14:36:58 +0200
0 - 0 - 1 soft-life.3dn.ru/_ld/0/17_15_N-Vision_v1..zip 195.216.243.31
2018-10-13 13:12:19 +0200
0 - 0 - 1 soft-life.3dn.ru/_ld/0/17_15_N-Vision_v1..zip 195.216.243.31
2018-10-13 12:51:56 +0200
0 - 0 - 1 soft-life.3dn.ru/_ld/0/17_15_N-Vision_v1..zip 195.216.243.31
2018-10-13 12:33:38 +0200
0 - 0 - 2 nochnoyzhitomir.at.ua/board/ 195.216.243.145
2018-10-13 09:43:49 +0200
0 - 0 - 1 forcs.3dn.ru/Point_Blank_Cheats.rar 195.216.243.221
2018-10-13 07:39:27 +0200
0 - 0 - 1 c456.ru/_ld/2/250_3_m614kg.rar 195.216.243.218

No other reports on domain: clan.su



JavaScript

Executed Scripts (5)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (18)


Request Response
                                        
                                            GET /_ld/0/76_1908_Crash..rar HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.216.243.40
HTTP/1.1 503 Service Temporarily Unavailable
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Sun, 23 Sep 2018 20:25:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   2665
Md5:    4e8e963aac9e640a6a77df78ae5081c2
Sha1:   651bd0fdba4763620d267d4ff4b3994ac57f5374
Sha256: bf08c841f19786c02634029d819c7807594b1c713645cbabc02250aae1e4d014

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /.serr/css/style.css HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.8.0
Date: Sun, 23 Sep 2018 20:25:28 GMT
Last-Modified: Wed, 22 Aug 2018 12:29:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5b7d571b-4c25"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4288
Md5:    d0f39f32aaa12c4c859ceaa37cfc1939
Sha1:   4357fcee86a3ad7021ee86c488637b64a8fb5c71
Sha256: ca887f3286831ee1ff78614f4347ef203068bc41b7812a82ad4a271384f14e8a

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         216.58.207.234
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 32954
Date: Thu, 20 Sep 2018 21:20:16 GMT
Expires: Fri, 20 Sep 2019 21:20:16 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 255911


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   32954
Md5:    68263720f8747715639ad6a9020dd9fa
Sha1:   121c84759a7366e4a22da1c55f07bd25a3c3a6d9
Sha256: 8632e8030f860c40b4fef513a33ef06ba067b682d461e27d4ed4ff15ee87c836
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.216.243.40
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Sun, 23 Sep 2018 20:25:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2561
Md5:    5585aa3a5ee4b83b05b5ca496a21e659
Sha1:   dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /.serr/js/core.js HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.8.0
Date: Sun, 23 Sep 2018 20:25:28 GMT
Last-Modified: Wed, 22 Aug 2018 12:29:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5b7d571c-19e"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   234
Md5:    6d2afededfa7410e2a2a1e4ac9bebb2e
Sha1:   f83e4b38412d51d14d6ccae931ec81152ce4ed9b
Sha256: 287ef7fee8741c621fd524723adca348f2f1a9cf522ac12aa5c2971a5f1b6a3e
                                        
                                            GET /metrika/watch.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         77.88.21.119
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx/1.12.2
Date: Sun, 23 Sep 2018 20:25:27 GMT
Content-Length: 185
Connection: keep-alive
Location: https://mc.yandex.ru/metrika/watch.js


--- Additional Info ---
Magic:  HTML document text
Size:   185
Md5:    cb6ffbb4043c88e63023bdbe1273e7f6
Sha1:   51ab256fee07ae97343aea50861f5b9b0214cac2
Sha256: e2085b8ac766c65a76f7e31e2ee5d257f7728465331a46ee58005fd212575348
                                        
                                            GET /.serr/img/ulogo.svg HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/.serr/css/style.css

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx/1.8.0
Date: Sun, 23 Sep 2018 20:25:28 GMT
Content-Length: 4235
Last-Modified: Wed, 22 Aug 2018 12:29:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "5b7d571c-108b"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012 XML document text
Size:   4235
Md5:    993299552bfd263cd4a75ad398e75b58
Sha1:   3fc9ad991516b8ad0c6553a05de4a8c9759c5020
Sha256: c660064588748948fcadc6a86b73dcb981d124c370b0ba764fe8a210854f6cd5

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            POST /gsorganizationvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 23 Sep 2018 20:25:27 GMT
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=de265ca04baa4e079449a44016e82f5d11537734327; expires=Mon, 23-Sep-19 20:25:27 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 23 Sep 2018 19:40:28 GMT
Expires: Thu, 27 Sep 2018 19:40:28 GMT
Etag: "413a70f30e5a65d274a578847e0d1a65e87ed63f"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 45efbd9a909b4255-OSL


--- Additional Info ---
Magic:  data
Size:   1570
Md5:    4c0426ae057d0c1211daf784957f7c5e
Sha1:   413a70f30e5a65d274a578847e0d1a65e87ed63f
Sha256: c0f713121c1617b78400370cd6efc3fbef0ad7cb06a3261b444d6ce0bdd58207
                                        
                                            GET /.serr/img/404.png HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/.serr/css/style.css

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.8.0
Date: Sun, 23 Sep 2018 20:25:28 GMT
Content-Length: 93328
Last-Modified: Wed, 22 Aug 2018 12:29:16 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "5b7d571c-16c90"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 555 x 289, 8-bit/color RGBA, non-interlaced
Size:   93328
Md5:    b49480282d51d93c68a9d6fefd3fdbde
Sha1:   ea45a1ca56f4d4342316c357a6d4b961a775ccb8
Sha256: 12c702f931513d9a38b2d17ee2acae1308486e7b38fab5adc84c1f02b72ac620

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /metrika/watch.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         77.88.21.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.12.2
Date: Sun, 23 Sep 2018 20:25:27 GMT
Content-Length: 42857
Last-Modified: Fri, 14 Sep 2018 14:26:36 GMT
Connection: keep-alive
Etag: "5b9bc51c-a769"
Content-Encoding: gzip
Expires: Sun, 23 Sep 2018 21:25:27 GMT
Cache-Control: max-age=3600
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, from Unix, last modified: Fri Sep 14 15:16:33 2018
Size:   42857
Md5:    906d0e3642fe3b528ceaa49cd1774382
Sha1:   af097a6d4ba14c322ca57efa9c31eae767da5f34
Sha256: f1c93b9c50d03332b2264e57481945a9b677c4cf65c995c6e58c263a6febcedd
                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         77.88.21.119
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.12.2
Date: Sun, 23 Sep 2018 20:25:29 GMT
Content-Length: 61
Last-Modified: Mon, 12 Oct 2015 13:09:09 GMT
Connection: keep-alive
Etag: "561bb0f5-3d"
Content-Encoding: gzip
Expires: Sun, 23 Sep 2018 21:25:29 GMT
Cache-Control: max-age=3600
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, was "advert.gif", from Unix, last modified: Mon Oct 12 15:06:12 2015
Size:   61
Md5:    aad2d5e940637a676e25e6cc7a684a83
Sha1:   c77946775d4c1719c48eb691edfbcf873b0738f5
Sha256: d9d219b8ba39a549d43400945b848dde73269f25dab5b75b85439c451ca0a525
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ym_uid=1537734328529274798; _ym_d=1537734328

                                         
                                         195.216.243.40
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Sun, 23 Sep 2018 20:25:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2561
Md5:    5585aa3a5ee4b83b05b5ca496a21e659
Sha1:   dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            OPTIONS /watch/24122689?wmode=7&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180923222527%3Aet%3A1537734329%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A130163705246%3Arqn%3A1%3Arn%3A29174287%3Ahid%3A670350422%3Awn%3A11006%3Ahl%3A1%3Agdpr%3A14%3Av%3A1227%3Arqnl%3A1%3Ast%3A1537734329%3Au%3A1537734328529274798%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://css-navi.clan.su
Access-Control-Request-Method: POST

                                         
                                         77.88.21.119
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
                                        
Server: nginx/1.12.2
Date: Sun, 23 Sep 2018 20:25:29 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Max-Age: 1728000
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
                                        
                                            GET /watch/24122689?wmode=5&callback=_ymjsp997604685&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180923222527%3Aet%3A1537734329%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A130163705246%3Arqn%3A1%3Arn%3A29174287%3Ahid%3A670350422%3Awn%3A11006%3Ahl%3A1%3Agdpr%3A14%3Av%3A1227%3Arqnl%3A1%3Ast%3A1537734329%3Au%3A1537734328529274798%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         77.88.21.119
HTTP/1.1 302 Found
                                        
Server: nginx/1.12.2
Date: Sun, 23 Sep 2018 20:25:29 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: yandexuid=7823141071537734329; Expires=Mon, 23-Sep-2019 20:25:29 GMT; Domain=.yandex.ru; Path=/ yabs-sid=2474018781537734329; Path=/ i=/mtokCNm6paWm6eCqz9Zn9uUFgS4Xpiqjofic1mqZFvtW7bIC6oaNzxDObDTv1gx7a/vTZedh3hpDf9Gn6aAu9BpsCA=; Expires=Mon, 23-Sep-2019 20:25:29 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly yp=1569270329.yrts.1537734329#1569270329.yrtsi.1537734329; Expires=Wed, 20-Sep-2028 20:25:29 GMT; Domain=.yandex.ru; Path=/
Last-Modified: Sun, 23-Sep-2018 20:25:29 GMT
Expires: Sun, 23-Sep-2018 20:25:29 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Location: /watch/24122689/1?wmode=5&callback=_ymjsp997604685&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180923222527%3Aet%3A1537734329%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A130163705246%3Arqn%3A1%3Arn%3A29174287%3Ahid%3A670350422%3Awn%3A11006%3Ahl%3A1%3Agdpr%3A14%3Av%3A1227%3Arqnl%3A1%3Ast%3A1537734329%3Au%3A1537734328529274798%3At%3A503%20-%20Failed%20to%20load%20website
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
                                        
                                            GET /watch/24122689/1?wmode=5&callback=_ymjsp997604685&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180923222527%3Aet%3A1537734329%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A130163705246%3Arqn%3A1%3Arn%3A29174287%3Ahid%3A670350422%3Awn%3A11006%3Ahl%3A1%3Agdpr%3A14%3Av%3A1227%3Arqnl%3A1%3Ast%3A1537734329%3Au%3A1537734328529274798%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
Cookie: yandexuid=7823141071537734329; yabs-sid=2474018781537734329; i=/mtokCNm6paWm6eCqz9Zn9uUFgS4Xpiqjofic1mqZFvtW7bIC6oaNzxDObDTv1gx7a/vTZedh3hpDf9Gn6aAu9BpsCA=; yp=1569270329.yrts.1537734329#1569270329.yrtsi.1537734329

                                         
                                         77.88.21.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.12.2
Date: Sun, 23 Sep 2018 20:25:29 GMT
Content-Length: 111
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Sun, 23 Sep 2018 20:25:29 GMT
Expires: Sun, 23 Sep 2018 20:25:29 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: i=T50x0ndMNuLxNONNVJih0VEaXk0wMfd4IJCsx/ajuHqQSdBk2QbayBoSjj3edOX8BmvMnlQLCkhq0cGSjPVF4flmei8=; Expires=Mon, 23-Sep-2019 20:25:29 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly yp=1569270329.yrts.1537734329#1569270329.yrtsi.1537734329; domain=.yandex.ru; path=/; expires=Wed, 20-Sep-2028 20:25:29 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   111
Md5:    f504a7b6f850896e2c489c302ad05a25
Sha1:   a14e39151243cd728c5ee7740e55915dc584fe49
Sha256: bb18fadb9b4d72396cee084a3c83ac32740a352c70353d27d4396a7c2ff77017
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ym_uid=1537734328529274798; _ym_d=1537734328; _ym_isad=2; _ym_visorc_24122689=w

                                         
                                         195.216.243.40
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Sun, 23 Sep 2018 20:25:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2561
Md5:    5585aa3a5ee4b83b05b5ca496a21e659
Sha1:   dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            OPTIONS /watch/24122689?page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A7%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180923222544%3Aet%3A1537734344%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A274%3Als%3A130163705246%3Arqn%3A2%3Arn%3A1059922396%3Ahid%3A670350422%3Agdpr%3A14%3Av%3A1227%3Arqnl%3A1%3Ast%3A1537734344%3Au%3A1537734328529274798 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://css-navi.clan.su
Access-Control-Request-Method: POST

                                         
                                         77.88.21.119
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
                                        
Server: nginx/1.12.2
Date: Sun, 23 Sep 2018 20:25:44 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Max-Age: 1728000
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
                                        
                                            GET /watch/24122689?page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A4%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180923222544%3Aet%3A1537734344%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A274%3Als%3A130163705246%3Arqn%3A2%3Arn%3A1059922396%3Ahid%3A670350422%3Agdpr%3A14%3Av%3A1227%3Arqnl%3A1%3Ast%3A1537734344%3Au%3A1537734328529274798 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
Cookie: yandexuid=7823141071537734329; yabs-sid=2474018781537734329; i=T50x0ndMNuLxNONNVJih0VEaXk0wMfd4IJCsx/ajuHqQSdBk2QbayBoSjj3edOX8BmvMnlQLCkhq0cGSjPVF4flmei8=; yp=1569270329.yrts.1537734329#1569270329.yrtsi.1537734329

                                         
                                         77.88.21.119
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.12.2
Date: Sun, 23 Sep 2018 20:25:44 GMT
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Sun, 23 Sep 2018 20:25:44 GMT
Expires: Sun, 23 Sep 2018 20:25:44 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87