Overview

URL rafay.net/1.exe
IP45.77.239.100
ASNAS20473 Choopa, LLC
Location United States
Report completed2019-05-20 23:51:13 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-05-20 23:50:39 CEST 1 Client IP  45.77.239.100 ET TROJAN Single char EXE direct download likely trojan (multiple families)


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 3 reports on IP: 45.77.239.100

Date UQ / IDS / BL URL IP
2019-06-05 15:40:29 +0200
0 - 1 - 0 rafay.net/1.exe 45.77.239.100
2019-06-05 11:32:29 +0200
0 - 1 - 0 rafay.net/1.exe 45.77.239.100
2019-05-30 03:07:17 +0200
0 - 1 - 0 rafay.net/1.exe 45.77.239.100

Last 10 reports on ASN: AS20473 Choopa, LLC

Date UQ / IDS / BL URL IP
2019-06-26 10:52:45 +0200
0 - 0 - 0 thembay.com 108.61.218.188
2019-06-26 03:15:28 +0200
0 - 0 - 0 artistryseries.com 45.32.217.182
2019-06-25 22:00:35 +0200
0 - 0 - 0 208.167.245.65/click.php?lp=1 208.167.245.65
2019-06-25 18:19:33 +0200
0 - 0 - 0 hupehome.com 104.207.133.9
2019-06-25 18:13:25 +0200
0 - 0 - 0 hupehome.com 104.207.133.9
2019-06-25 11:49:15 +0200
0 - 0 - 0 107.191.46.58/favicon.ico 107.191.46.58
2019-06-25 11:25:45 +0200
0 - 0 - 0 trackerislive.com/click.php?key=9v10cixisl068 (...) 208.167.245.65
2019-06-25 03:22:00 +0200
0 - 0 - 0 https://www.legalcorporatejobs.com 206.221.177.108
2019-06-25 03:19:52 +0200
0 - 0 - 0 https://www.legalindustryjobs.com 206.221.177.108
2019-06-21 19:25:34 +0200
0 - 0 - 0 qwe.mgtsystem46.us/crr20g/4009853073 104.238.165.131

Last 3 reports on domain: rafay.net

Date UQ / IDS / BL URL IP
2019-06-05 15:40:29 +0200
0 - 1 - 0 rafay.net/1.exe 45.77.239.100
2019-06-05 11:32:29 +0200
0 - 1 - 0 rafay.net/1.exe 45.77.239.100
2019-05-30 03:07:17 +0200
0 - 1 - 0 rafay.net/1.exe 45.77.239.100


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (3)


Request Response
                                        
                                            GET /1.exe HTTP/1.1 
Host: rafay.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         45.77.239.100
HTTP/1.1 500 Internal Server Error
Content-Type: text/html
                                        
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 20 May 2019 21:50:39 GMT
Content-Length: 1208


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1208
Md5:    d29fa9f2ab3a72f2608e8e82c8c3d1c6
Sha1:   8b21cc06752837b4b6b8fef8d54f50eb2c7cca8f
Sha256: e1b0a10649c4b92f828523efc2ebe135ea9488179a2816888d1e84f786202dbf

Alerts:
  IDS:
    - ET TROJAN Single char EXE direct download likely trojan (multiple families)
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: rafay.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         45.77.239.100
HTTP/1.1 500 Internal Server Error
Content-Type: text/html
                                        
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 20 May 2019 21:50:39 GMT
Content-Length: 1208


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1208
Md5:    d29fa9f2ab3a72f2608e8e82c8c3d1c6
Sha1:   8b21cc06752837b4b6b8fef8d54f50eb2c7cca8f
Sha256: e1b0a10649c4b92f828523efc2ebe135ea9488179a2816888d1e84f786202dbf
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: rafay.net
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         45.77.239.100
HTTP/1.1 500 Internal Server Error
Content-Type: text/html
                                        
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Mon, 20 May 2019 21:50:42 GMT
Content-Length: 1208


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1208
Md5:    d29fa9f2ab3a72f2608e8e82c8c3d1c6
Sha1:   8b21cc06752837b4b6b8fef8d54f50eb2c7cca8f
Sha256: e1b0a10649c4b92f828523efc2ebe135ea9488179a2816888d1e84f786202dbf