Overview

URL wahajah-ksa.com/Az/a/a.exe
IP104.27.157.137
ASNAS13335 CloudFlare, Inc.
Location United States
Report completed2019-05-27 17:21:21 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-05-27 17:20:49 CEST 2 Client IP  104.27.157.137 ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
2019-05-27 17:20:49 CEST 1 Client IP  104.27.157.137 ET TROJAN Single char EXE direct download likely trojan (multiple families)


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-05-27 2 wahajah-ksa.com/Az/a/a.exe Malware
2019-05-27 2 wahajah-ksa.com/Az/a/a.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 2 reports on IP: 104.27.157.137

Date UQ / IDS / BL URL IP
2019-05-22 11:28:02 +0200
0 - 2 - 2 wahajah-ksa.com/az/a/a.exe 104.27.157.137
2018-01-25 01:37:29 +0100
0 - 0 - 19 optik.altervista.org/ 104.27.157.137

Last 10 reports on ASN: AS13335 CloudFlare, Inc.

Date UQ / IDS / BL URL IP
2019-07-04 10:47:28 +0200
0 - 0 - 0 https://www.bitchute.com/video/nGjzUqQzi423/ 104.24.23.87
2019-07-02 09:55:24 +0200
0 - 0 - 0 Finddreamjobs.com 104.17.47.14
2019-07-02 09:51:03 +0200
0 - 0 - 0 https://www.bitchute.com/video/ix3LoPLzjS8a/ 104.24.23.87
2019-07-02 09:50:01 +0200
0 - 0 - 0 https://www.bitchute.com/video/RNGAJQK1s8Qx/ 104.24.22.87
2019-07-02 09:49:59 +0200
0 - 0 - 0 https://www.bitchute.com/video/HUEWirPZXMOI/ 104.24.23.87
2019-07-02 09:49:58 +0200
0 - 0 - 0 https://www.bitchute.com/video/GRkaogicSTRt/ 104.24.23.87
2019-07-02 09:49:56 +0200
0 - 0 - 0 https://www.bitchute.com/video/0vPgxEoFvLs8/ 104.24.23.87
2019-07-02 09:49:34 +0200
0 - 0 - 0 https://www.bitchute.com/video/rhOuRaIOHJdb/ 104.24.22.87
2019-07-02 09:49:31 +0200
0 - 0 - 0 https://www.bitchute.com/video/0gdUIrC1FwTV/ 104.24.23.87
2019-07-02 09:49:30 +0200
0 - 0 - 0 https://www.bitchute.com/video/9TSaSoV97QZI/ 104.24.22.87

Last 6 reports on domain: wahajah-ksa.com

Date UQ / IDS / BL URL IP
2019-06-04 10:21:45 +0200
0 - 0 - 2 wahajah-ksa.com/Az/a/a.exe 104.27.156.137
2019-05-27 13:02:09 +0200
0 - 2 - 2 wahajah-ksa.com/Az/a/a.exe 104.27.156.137
2019-05-22 11:28:02 +0200
0 - 2 - 2 wahajah-ksa.com/az/a/a.exe 104.27.157.137
2018-12-04 21:57:06 +0100
0 - 0 - 2 wahajah-ksa.com/AZ/a/a.exe 195.154.151.29
2018-12-04 19:24:39 +0100
0 - 0 - 2 wahajah-ksa.com/AZ/a/a.exe 195.154.151.29
2018-11-21 11:48:40 +0100
0 - 0 - 0 wahajah-ksa.com 195.154.151.29


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (6)


Request Response
                                        
                                            GET /Az/a/a.exe HTTP/1.1 
Host: wahajah-ksa.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.27.157.137
HTTP/1.1 301 Moved Permanently
                                        
Date: Mon, 27 May 2019 15:20:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 27 May 2019 16:20:49 GMT
Location: https://wahajah-ksa.com/Az/a/a.exe
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4dd8f99f097fcb00-ARN


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
    - ET TROJAN Single char EXE direct download likely trojan (multiple families)
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=149401
Date: Mon, 27 May 2019 15:20:50 GMT
Etag: "5ceba4eb-116"
Expires: Wed, 29 May 2019 08:50:51 GMT
Last-Modified: Mon, 27 May 2019 08:50:51 GMT
Server: nginx
Content-Length: 278


--- Additional Info ---
Magic:  data
Size:   278
Md5:    be88ba857b1873ca004ce1626639e894
Sha1:   08acb3d2b3dd535e895535f13929cd73e286d1bb
Sha256: 709f74627aa6b6e3c3bf64291fbb9a7ca8bc7a78fc8db80e4a850548a6dd1140
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Cache-Control: max-age=141306
Date: Mon, 27 May 2019 15:20:50 GMT
Etag: "5ceb7d14-5e3"
Expires: Wed, 29 May 2019 06:35:56 GMT
Last-Modified: Mon, 27 May 2019 06:00:52 GMT
Server: ECS (lcy/1D1F)
X-Cache: HIT
Content-Length: 1507


--- Additional Info ---
Magic:  data
Size:   1507
Md5:    2a7b51306182d6f989edb6319aea8458
Sha1:   639ad552343d07067bd72d4747ca7df3aafcb06f
Sha256: ee9fe4a05035bba008bbdaee42b6d129797db74082e1959263d03d73e011090a
                                        
                                            GET /Az/a/a.exe HTTP/1.1 
Host: wahajah-ksa.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.27.157.137
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Mon, 27 May 2019 15:20:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d09ddb2a53070fa41163aad88ea0209d01558970450; expires=Tue, 26-May-20 15:20:50 GMT; path=/; domain=.wahajah-ksa.com; HttpOnly; Secure
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4dd8f9a26d25caf8-ARN
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   253
Md5:    f6754523b3f537449fbe2636c2f6d7c2
Sha1:   b2cb9c0a94847dbe03909f68205434f58e9bbc04
Sha256: 3cd259daa3460ec8d727cf6bd84fc3db21a33d3831a74cbf453a929c1b56272c

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
    - ET TROJAN Single char EXE direct download likely trojan (multiple families)
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: wahajah-ksa.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d09ddb2a53070fa41163aad88ea0209d01558970450

                                         
                                         104.27.157.137
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Mon, 27 May 2019 15:20:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: HIT
Expires: Mon, 27 May 2019 19:20:53 GMT
Cache-Control: public, max-age=14400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4dd8f9b69937cad8-ARN
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   247
Md5:    8bef991b36c9715500683efd50a9bbfb
Sha1:   183d9bdde200ad66df23e2ab7af0c960ef18b901
Sha256: 682a36bffc64bc684c232df9bc23af34f7c4eafade7b61e21ff2e240d39cc021
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: wahajah-ksa.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=d09ddb2a53070fa41163aad88ea0209d01558970450

                                         
                                         104.27.157.137
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Mon, 27 May 2019 15:20:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: EXPIRED
Expires: Mon, 27 May 2019 19:20:50 GMT
Cache-Control: public, max-age=14400
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4dd8f9a38987caf8-ARN
Content-Encoding: gzip


--- Additional Info ---