Overview

URL css-navi.clan.su/_ld/0/76_1908_Crash..rar
IP195.216.243.40
ASNAS29226 CJSC Mastertel
Location Russian Federation
Report completed2018-07-13 02:26:04 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-07-13 02:25:32 CEST 2 Client IP  Internal IP ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2018-07-13 02:25:32 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-07-13 02:25:33 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-07-13 02:25:32 CEST 1 Client IP  195.216.243.40 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.216.243.40

Date UQ / IDS / BL URL IP
2018-09-21 22:26:02 +0200
0 - 1 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 22:09:31 +0200
0 - 0 - 13 klik1.ucoz.ru/dir/domashnij_ochag/detskaja_ko (...) 195.216.243.40
2018-09-21 21:26:30 +0200
0 - 4 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 20:26:33 +0200
0 - 1 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 19:26:13 +0200
0 - 1 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 18:25:50 +0200
0 - 1 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 17:28:15 +0200
0 - 4 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 15:25:44 +0200
0 - 3 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 12:26:42 +0200
0 - 2 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 10:25:40 +0200
0 - 5 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40

Last 10 reports on ASN: AS29226 CJSC Mastertel

Date UQ / IDS / BL URL IP
2018-09-21 22:26:02 +0200
0 - 1 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 22:09:31 +0200
0 - 0 - 13 klik1.ucoz.ru/dir/domashnij_ochag/detskaja_ko (...) 195.216.243.40
2018-09-21 21:30:24 +0200
0 - 0 - 1 cs-xgm.ucoz.net/anticheat/MyAC_1.5.9.rar 195.216.243.38
2018-09-21 21:26:30 +0200
0 - 4 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 20:31:44 +0200
0 - 0 - 1 cs-xgm.ucoz.net/anticheat/MyAC_1.5.9.rar 195.216.243.38
2018-09-21 20:26:33 +0200
0 - 1 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 19:26:13 +0200
0 - 1 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 18:25:50 +0200
0 - 1 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40
2018-09-21 17:32:57 +0200
0 - 0 - 1 cs-xgm.ucoz.net/anticheat/MyAC_1.5.9.rar 195.216.243.38
2018-09-21 17:28:15 +0200
0 - 4 - 0 css-navi.clan.su/_ld/0/76_1908_Crash..rar 195.216.243.40

No other reports on domain: clan.su



JavaScript

Executed Scripts (5)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (18)


Request Response
                                        
                                            GET /_ld/0/76_1908_Crash..rar HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.216.243.40
HTTP/1.1 503 Service Temporarily Unavailable
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 00:25:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   2665
Md5:    4e8e963aac9e640a6a77df78ae5081c2
Sha1:   651bd0fdba4763620d267d4ff4b3994ac57f5374
Sha256: bf08c841f19786c02634029d819c7807594b1c713645cbabc02250aae1e4d014

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /.serr/css/style.css HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 00:25:34 GMT
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5b45b395-4c25"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4288
Md5:    d0f39f32aaa12c4c859ceaa37cfc1939
Sha1:   4357fcee86a3ad7021ee86c488637b64a8fb5c71
Sha256: ca887f3286831ee1ff78614f4347ef203068bc41b7812a82ad4a271384f14e8a
                                        
                                            GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         172.217.20.42
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 32954
Date: Thu, 12 Jul 2018 13:10:02 GMT
Expires: Fri, 12 Jul 2019 13:10:02 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 40530


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   32954
Md5:    68263720f8747715639ad6a9020dd9fa
Sha1:   121c84759a7366e4a22da1c55f07bd25a3c3a6d9
Sha256: 8632e8030f860c40b4fef513a33ef06ba067b682d461e27d4ed4ff15ee87c836
                                        
                                            GET /.serr/js/core.js HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 00:25:34 GMT
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"5b45b395-19e"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   234
Md5:    6d2afededfa7410e2a2a1e4ac9bebb2e
Sha1:   f83e4b38412d51d14d6ccae931ec81152ce4ed9b
Sha256: 287ef7fee8741c621fd524723adca348f2f1a9cf522ac12aa5c2971a5f1b6a3e
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.216.243.40
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 00:25:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2561
Md5:    5585aa3a5ee4b83b05b5ca496a21e659
Sha1:   dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /metrika/watch.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         93.158.134.119
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 00:25:32 GMT
Content-Length: 184
Connection: keep-alive
Location: https://mc.yandex.ru/metrika/watch.js


--- Additional Info ---
Magic:  HTML document text
Size:   184
Md5:    803493a1e438da1e67b84a76fa86bdda
Sha1:   9dca8b04cd8f0f715f14546b5f747aabbba7de47
Sha256: 82e7512bb763ef84d4ff4c9f8998fbff4b461ee5416741db743d5e4584d2ec45
                                        
                                            GET /.serr/img/ulogo.svg HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/.serr/css/style.css

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 00:25:34 GMT
Content-Length: 4235
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "5b45b395-108b"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012 XML document text
Size:   4235
Md5:    993299552bfd263cd4a75ad398e75b58
Sha1:   3fc9ad991516b8ad0c6553a05de4a8c9759c5020
Sha256: c660064588748948fcadc6a86b73dcb981d124c370b0ba764fe8a210854f6cd5
                                        
                                            POST /gsorganizationvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 13 Jul 2018 00:25:32 GMT
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d7773c70b7aa6dfebde02aac84331b6c71531441532; expires=Sat, 13-Jul-19 00:25:32 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Thu, 12 Jul 2018 23:07:34 GMT
Expires: Mon, 16 Jul 2018 23:07:34 GMT
Etag: "6818f4e3b475a0ab8c0429ceb3985102e74c5bb6"
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 43979cec629e4279-OSL


--- Additional Info ---
Magic:  data
Size:   1570
Md5:    1ac25e8bbfb7aa89a9efd0b1e2ad2cd1
Sha1:   6818f4e3b475a0ab8c0429ceb3985102e74c5bb6
Sha256: 81d1bf0bb5500320f8de5083d0755dcf718b81e4d6ea1a3a907a4bb211e10b3a
                                        
                                            GET /.serr/img/404.png HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/.serr/css/style.css

                                         
                                         195.216.243.40
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 00:25:34 GMT
Content-Length: 93328
Last-Modified: Wed, 11 Jul 2018 07:36:53 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "5b45b395-16c90"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 555 x 289, 8-bit/color RGBA, non-interlaced
Size:   93328
Md5:    b49480282d51d93c68a9d6fefd3fdbde
Sha1:   ea45a1ca56f4d4342316c357a6d4b961a775ccb8
Sha256: 12c702f931513d9a38b2d17ee2acae1308486e7b38fab5adc84c1f02b72ac620
                                        
                                            GET /metrika/watch.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 00:25:32 GMT
Content-Length: 42893
Last-Modified: Wed, 11 Jul 2018 12:52:56 GMT
Connection: keep-alive
Etag: "5b45fda8-a78d"
Content-Encoding: gzip
Expires: Fri, 13 Jul 2018 01:25:32 GMT
Cache-Control: max-age=3600
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, from Unix, last modified: Wed Jul 11 13:20:33 2018
Size:   42893
Md5:    b25438f962bb390cdb31b6764d2d8324
Sha1:   53360eb8759c949facd30b24dfc4d1b0f40db7b7
Sha256: c993c4cc851f929d93e0897b8d0a5f0e847b95a191510e0f9bb769dd1a67d8f3
                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 00:25:33 GMT
Content-Length: 61
Last-Modified: Mon, 12 Oct 2015 13:09:09 GMT
Connection: keep-alive
Etag: "561bb0f5-3d"
Content-Encoding: gzip
Expires: Fri, 13 Jul 2018 01:25:33 GMT
Cache-Control: max-age=3600
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, was "advert.gif", from Unix, last modified: Mon Oct 12 15:06:12 2015
Size:   61
Md5:    aad2d5e940637a676e25e6cc7a684a83
Sha1:   c77946775d4c1719c48eb691edfbcf873b0738f5
Sha256: d9d219b8ba39a549d43400945b848dde73269f25dab5b75b85439c451ca0a525
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ym_uid=1531441533889874555; _ym_d=1531441533

                                         
                                         195.216.243.40
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 00:25:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2561
Md5:    5585aa3a5ee4b83b05b5ca496a21e659
Sha1:   dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            OPTIONS /watch/24122689?wmode=7&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180713022533%3Aet%3A1531441534%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A752824685464%3Arqn%3A1%3Arn%3A968009283%3Ahid%3A543048575%3Awn%3A25624%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531441534%3Au%3A1531441533889874555%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://css-navi.clan.su
Access-Control-Request-Method: POST

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 00:25:33 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
                                        
                                            GET /watch/24122689?wmode=5&callback=_ymjsp409592450&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180713022533%3Aet%3A1531441534%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A752824685464%3Arqn%3A1%3Arn%3A968009283%3Ahid%3A543048575%3Awn%3A25624%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531441534%3Au%3A1531441533889874555%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar

                                         
                                         93.158.134.119
HTTP/1.1 302 Found
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 00:25:33 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Fri, 13 Jul 2018 00:25:33 GMT
Expires: Fri, 13 Jul 2018 00:25:33 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: yandexuid=2140132171531441533; domain=.yandex.ru; path=/; expires=Sat, 13-Jul-2019 00:25:33 GMT yabs-sid=1501629651531441533; path=/ i=ZZcYCX9UCPC3+t5InQrNE9hiLtN/8yePS1VMN1dc31s+AzRyxHUljELtZeOaRR2o/WZC51pcmJFyhVIlKlrT81SFfGo=; Expires=Sat, 13-Jul-2019 00:25:33 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly yp=1562977533.yrts.1531441533#1562977533.yrtsi.1531441533; domain=.yandex.ru; path=/; expires=Mon, 10-Jul-2028 00:25:33 GMT
Location: https://mc.yandex.ru/watch/24122689/1?wmode=5&callback=_ymjsp409592450&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180713022533%3Aet%3A1531441534%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A752824685464%3Arqn%3A1%3Arn%3A968009283%3Ahid%3A543048575%3Awn%3A25624%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531441534%3Au%3A1531441533889874555%3At%3A503%20-%20Failed%20to%20load%20website
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
                                        
                                            GET /watch/24122689/1?wmode=5&callback=_ymjsp409592450&page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A6%3Ati%3A10%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180713022533%3Aet%3A1531441534%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A752824685464%3Arqn%3A1%3Arn%3A968009283%3Ahid%3A543048575%3Awn%3A25624%3Ahl%3A1%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531441534%3Au%3A1531441533889874555%3At%3A503%20-%20Failed%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
Cookie: yandexuid=2140132171531441533; yabs-sid=1501629651531441533; i=ZZcYCX9UCPC3+t5InQrNE9hiLtN/8yePS1VMN1dc31s+AzRyxHUljELtZeOaRR2o/WZC51pcmJFyhVIlKlrT81SFfGo=; yp=1562977533.yrts.1531441533#1562977533.yrtsi.1531441533

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 00:25:33 GMT
Content-Length: 111
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Fri, 13 Jul 2018 00:25:33 GMT
Expires: Fri, 13 Jul 2018 00:25:33 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   111
Md5:    ec6043b26d209c4f76be895d1ffe298a
Sha1:   c6c69f71068ede7c5b2d50fb55c2025e8e1772ea
Sha256: 9e1f15667a6d8b5a9057e4017091bbaa7288e6f75e7265e47dcdcb7dc9f2cf59
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: css-navi.clan.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ym_uid=1531441533889874555; _ym_d=1531441533; _ym_isad=2; _ym_visorc_24122689=w

                                         
                                         195.216.243.40
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Jul 2018 00:25:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2561
Md5:    5585aa3a5ee4b83b05b5ca496a21e659
Sha1:   dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            OPTIONS /watch/24122689?page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A7%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180713022548%3Aet%3A1531441549%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A234%3Als%3A752824685464%3Arqn%3A2%3Arn%3A691036344%3Ahid%3A543048575%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531441549%3Au%3A1531441533889874555 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://css-navi.clan.su
Access-Control-Request-Method: POST

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 00:25:48 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
                                        
                                            GET /watch/24122689?page-url=http%3A%2F%2Fcss-navi.clan.su%2F_ld%2F0%2F76_1908_Crash..rar&charset=utf-8&browser-info=ti%3A4%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1176x754%3Az%3A120%3Ai%3A20180713022548%3Aet%3A1531441549%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A234%3Als%3A752824685464%3Arqn%3A2%3Arn%3A691036344%3Ahid%3A543048575%3Agdpr%3A14%3Av%3A1192%3Arqnl%3A1%3Ast%3A1531441549%3Au%3A1531441533889874555 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://css-navi.clan.su/_ld/0/76_1908_Crash..rar
Cookie: yandexuid=2140132171531441533; yabs-sid=1501629651531441533; i=ZZcYCX9UCPC3+t5InQrNE9hiLtN/8yePS1VMN1dc31s+AzRyxHUljELtZeOaRR2o/WZC51pcmJFyhVIlKlrT81SFfGo=; yp=1562977533.yrts.1531441533#1562977533.yrtsi.1531441533

                                         
                                         93.158.134.119
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.8.1
Date: Fri, 13 Jul 2018 00:25:48 GMT
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Fri, 13 Jul 2018 00:25:48 GMT
Expires: Fri, 13 Jul 2018 00:25:48 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87