urlquery.net - Report

Overview

URL	eeme7j.win/mule.exe
IP	149.255.35.91
ASN	AS35017 Swiftway Sp. z o.o.
Location	United States
Report completed	2018-01-19 20:56:51 CET
Status	Loading report..
urlquery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Blacklists

MDL

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Added / Verified	Severity	Host	Comment
2018-01-19	2	eeme7j.win/mule.exe	Malware

DNS-BH

No alerts detected

mnemonic secure dns

No alerts detected

Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 149.255.35.91

Date	UQ / IDS / BL	URL	IP
2018-05-17 22:13:50 +0200	0 - 0 - 2	eeme7j.win/mule	149.255.35.91
2018-02-05 20:40:51 +0100	0 - 0 - 1	149.255.35.91/larva.sh	149.255.35.91
2018-01-30 18:50:33 +0100	0 - 0 - 1	ait7ee.win/scv.ps1	149.255.35.91
2018-01-30 16:03:50 +0100	0 - 0 - 1	149.255.35.91/larva.sh	149.255.35.91
2018-01-26 11:14:05 +0100	0 - 0 - 1	www.eeme7j.win	149.255.35.91
2018-01-24 15:41:04 +0100	0 - 0 - 1	149.255.35.91/larva.sh	149.255.35.91
2018-01-22 15:14:37 +0100	0 - 0 - 1	eeme7j.win	149.255.35.91
2018-01-18 20:46:04 +0100	0 - 0 - 1	eeme7j.win/raven64.exe	149.255.35.91
2018-01-13 20:51:05 +0100	0 - 0 - 1	eeme7j.winwww.eeme7j.win/	149.255.35.91
2018-01-10 04:34:30 +0100	0 - 0 - 1	eeme7j.win/orbital_command.ps1	149.255.35.91

Last 10 reports on ASN: AS35017 Swiftway Sp. z o.o.

Date	UQ / IDS / BL	URL	IP
2019-02-16 15:38:03 +0100	0 - 0 - 0	s130ukq8lk7c8trlyvo39kwirbobbrdecfoj621umrv.g (...)	46.21.147.5
2019-02-16 15:36:16 +0100	0 - 0 - 0	s130ukq8lk7c8trlyvo39kwirbobbrdecfoj621umrv.g (...)	46.21.147.5
2019-02-15 22:46:14 +0100	0 - 0 - 1	149.255.36.251	149.255.36.251
2019-02-15 22:40:49 +0100	0 - 1 - 0	buy1.pqrqtaz.ru/	191.101.31.100
2019-02-14 23:19:07 +0100	0 - 0 - 1	nwift.org/Documents/Operational/SIPN/Transfer (...)	37.1.212.133
2019-02-14 15:21:13 +0100	0 - 0 - 8	narenonline.org/aqusos.exe	37.72.171.98
2019-02-14 10:52:14 +0100	0 - 0 - 8	narenonline.org/loit.doc	37.72.171.98
2019-02-14 04:40:58 +0100	0 - 0 - 8	narenonline.org/soon.exe	37.72.171.98
2019-02-13 22:42:14 +0100	0 - 0 - 1	https://internalshareds.ga/css	46.21.150.172
2019-02-13 20:32:08 +0100	0 - 0 - 8	narenonline.org/xploit.doc	37.72.171.98

Last 10 reports on domain: eeme7j.win

Date	UQ / IDS / BL	URL	IP
2018-05-17 22:13:50 +0200	0 - 0 - 2	eeme7j.win/mule	149.255.35.91
2018-01-26 11:14:05 +0100	0 - 0 - 1	www.eeme7j.win	149.255.35.91
2018-01-22 15:14:37 +0100	0 - 0 - 1	eeme7j.win	149.255.35.91
2018-01-18 20:46:04 +0100	0 - 0 - 1	eeme7j.win/raven64.exe	149.255.35.91
2018-01-13 20:51:05 +0100	0 - 0 - 1	eeme7j.winwww.eeme7j.win/	149.255.35.91
2018-01-10 04:34:30 +0100	0 - 0 - 1	eeme7j.win/orbital_command.ps1	149.255.35.91
2017-12-25 04:21:15 +0100	0 - 0 - 1	eeme7j.win/raven.exe	149.255.35.91
2017-12-22 20:48:16 +0100	0 - 0 - 1	www.eeme7j.win/mule	149.255.35.91
2017-12-20 18:05:40 +0100	0 - 0 - 1	eeme7j.win	149.255.35.91
2017-12-05 12:53:55 +0100	0 - 0 - 1	www.eeme7j.win/mule	149.255.35.91

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Request	Response
GET /mule.exe HTTP/1.1 Host: eeme7j.win User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	0.0.0.0 --- Additional Info --- Alerts: Blacklists: - fortinet: Malware

Request

Response

                                        
                                            GET /mule.exe HTTP/1.1 

                                        
                                            
Host: eeme7j.win

                                        

                                        
                                            
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 

                                        
                                            
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 

                                        
                                            
Accept-Language: en-us,en;q=0.5 

                                        
                                            
Accept-Encoding: gzip,deflate 

                                        
                                            
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 

                                        
                                            
Keep-Alive: 115 

                                        
                                            
Connection: keep-alive

                                         
                                         0.0.0.0

                                        

                                        
                                             

                                        
                                        
                                            

                                            --- Additional Info ---

                                            

                                            
                                                
Alerts:

                                                

                                                
                                                      Blacklists:

                                                    
                                                            - fortinet: Malware