Overview

URL www.it-accent.ru/distrib/korrel/setup_korr_1.0.10.4.exe
IP195.208.1.105
ASNAS25535 Autonomous Non-commercial Organization 'Regional Network Information Center'
Location Russian Federation
Report completed2019-02-21 13:54:34 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-02-21 13:54:01 CET 1  195.208.1.105 Client IP ET POLICY PE EXE or DLL Windows file download HTTP


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-02-21 2 www.it-accent.ru/distrib/korrel/setup_korr_1.0.10.4.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns
Added / Verified Severity Host Comment
2019-02-21 2 it-accent.ru Blacklisted


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.208.1.105

Date UQ / IDS / BL URL IP
2019-03-24 18:27:37 +0100
0 - 1 - 0 it-accent.ru/distrib/ccards/setup_ccards_1.0. (...) 195.208.1.105
2019-03-24 18:27:36 +0100
0 - 1 - 0 it-accent.ru/distrib/slvel/setup_slvel_1.0.10 (...) 195.208.1.105
2019-03-23 10:34:49 +0100
0 - 0 - 1 it-accent.ru/distrib/approx/path_approx_1.0.1 (...) 195.208.1.105
2019-03-23 07:46:13 +0100
0 - 0 - 6 mamay.ru/2009/04/05/winter-desktop 195.208.1.105
2019-03-21 03:15:09 +0100
0 - 5 - 0 vectura.su/ 195.208.1.105
2019-03-21 02:51:28 +0100
0 - 3 - 0 inj.su/ 195.208.1.105
2019-03-21 02:38:05 +0100
0 - 1 - 0 all-insurance.su/ 195.208.1.105
2019-03-20 19:08:34 +0100
0 - 0 - 6 mamay.ru/tag/marriage 195.208.1.105
2019-03-20 19:05:40 +0100
0 - 0 - 1 mamay.ru/2015/04/22/stuff 195.208.1.105
2019-03-19 16:36:35 +0100
0 - 0 - 4 prostranstvorosta.ru/EN_en/download/787206018 (...) 195.208.1.105

Last 10 reports on ASN: AS25535 Autonomous Non-commercial Organization 'Regional Network Information Center'

Date UQ / IDS / BL URL IP
2019-03-25 07:29:43 +0100
0 - 0 - 1 info.megatech.ru/tnb 195.208.1.108
2019-03-25 04:59:38 +0100
0 - 0 - 5 smart-lan.com/9-products.html 195.208.1.107
2019-03-25 04:02:52 +0100
0 - 0 - 1 dilon6800.ru/ 195.208.1.108
2019-03-25 02:59:41 +0100
0 - 2 - 0 4753a15481.pw/index.php?a=1 212.192.194.2
2019-03-25 02:44:29 +0100
0 - 2 - 0 www.wisearchivist.com/download/installwdupl.exe 178.210.89.139
2019-03-24 23:47:49 +0100
0 - 1 - 0 www.imes.su/ 195.208.1.107
2019-03-24 23:32:02 +0100
0 - 2 - 0 xstar.ru/soft/Reg.exe 193.232.241.152
2019-03-24 23:32:01 +0100
0 - 1 - 0 xstar.ru/code/Xsetup.exe 193.232.241.152
2019-03-24 23:28:00 +0100
0 - 1 - 0 xstar.ru/soft/XFlag.exe 193.232.241.152
2019-03-24 23:28:00 +0100
0 - 1 - 0 xstar.ru/soft/Radio_Gadget.exe 193.232.241.152

No other reports on domain: it-accent.ru



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /distrib/korrel/setup_korr_1.0.10.4.exe HTTP/1.1 
Host: www.it-accent.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.208.1.105
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
Server: openresty/1.13.6.2
Date: Thu, 21 Feb 2019 12:54:01 GMT
Content-Length: 4657669
Connection: keep-alive
Last-Modified: Wed, 20 Feb 2019 10:30:16 GMT
Etag: "5c6d2c38-471205"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   4657669
Md5:    82e79fcc8885ff3c4a756af23a27f78f
Sha1:   fab54d3bf8728bef485532a14cec46b872739d4f
Sha256: 026f881acbcec780595704798a16c8e7c713412cf6ea07be67eed791352065c7

Alerts:
  Blacklists:
    - fortinet: Malware
    - mnemonic_dns: Blacklisted
  IDS:
    - ET POLICY PE EXE or DLL Windows file download HTTP