Overview

URL lisaraeswan.com/dreamparty.ca/LLC/ISk5TgaEbb
IP69.27.124.220
ASNAS20218 BlackSun Inc.
Location Canada
Report completed2019-06-10 18:22:21 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-06-10 18:22:01 CEST 3  69.27.124.220 Client IP ET INFO SUSPICIOUS Single JS file inside of ZIP Download (Observed as lure in malspam campaigns)


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-06-10 2 lisaraeswan.com/dreamparty.ca/LLC/ISk5TgaEbb Malware
2019-06-10 2 lisaraeswan.com/dreamparty.ca/LLC/ISk5TgaEbb/ Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 69.27.124.220

Date UQ / IDS / BL URL IP
2019-06-09 13:26:09 +0200
0 - 0 - 21 shoutoutoutoutout.com/audio-video-players 69.27.124.220
2019-06-09 06:48:29 +0200
0 - 0 - 22 shoutoutoutoutout.com/archives/1392 69.27.124.220
2019-06-09 01:29:02 +0200
0 - 0 - 1 lisaraeswan.com/dreamparty.ca/llc/isk5tgaebb 69.27.124.220
2019-06-07 17:40:25 +0200
0 - 0 - 22 shoutoutoutoutout.com/archives/939 69.27.124.220
2019-05-23 00:11:31 +0200
0 - 0 - 9 lisaraeswan.com/ 69.27.124.220
2019-05-12 13:10:05 +0200
0 - 0 - 9 lisaraeswan.com/ 69.27.124.220
2019-05-07 02:45:32 +0200
0 - 0 - 2 peterk.ca/ 69.27.124.220
2019-04-30 07:51:10 +0200
0 - 1 - 2 lisaraeswan.com/dreamparty.ca/DOC/pHtejgMPAi47/ 69.27.124.220
2019-03-03 18:12:40 +0100
0 - 0 - 22 shoutoutoutoutout.com/about/pressphotos 69.27.124.220
2019-02-03 19:04:07 +0100
0 - 0 - 21 shoutoutoutoutout.com/archives/953/cmj-1 69.27.124.220

Last 10 reports on ASN: AS20218 BlackSun Inc.

Date UQ / IDS / BL URL IP
2019-06-10 08:58:07 +0200
0 - 0 - 30 stonepostecidery.ca/download/1243245673-us-un (...) 69.27.114.2
2019-06-10 08:57:14 +0200
0 - 0 - 31 stonepostecidery.ca/download/1244421473-us-di (...) 69.27.114.2
2019-06-10 08:57:11 +0200
0 - 0 - 30 stonepostecidery.ca/download/1390240934-us-an (...) 69.27.114.2
2019-06-10 08:44:27 +0200
0 - 0 - 32 stonepostecidery.ca/download/1193908752-us-ya (...) 69.27.114.2
2019-06-10 07:55:34 +0200
0 - 0 - 19 stonepostecidery.ca/download/1169221055-us-yo (...) 69.27.114.2
2019-06-10 07:55:27 +0200
0 - 0 - 31 stonepostecidery.ca/download/1361038589-us-el (...) 69.27.114.2
2019-06-10 07:55:15 +0200
0 - 0 - 31 stonepostecidery.ca/download/1421435232-us-th (...) 69.27.114.2
2019-06-10 07:55:07 +0200
0 - 0 - 19 stonepostecidery.ca/download/1186124870-us-el (...) 69.27.114.2
2019-06-09 21:16:41 +0200
0 - 0 - 31 stonepostecidery.ca/download/1447708711-us-to (...) 69.27.114.2
2019-06-09 21:15:46 +0200
0 - 0 - 30 stonepostecidery.ca/download/642520558-us-una (...) 69.27.114.2

Last 4 reports on domain: lisaraeswan.com

Date UQ / IDS / BL URL IP
2019-06-09 01:29:02 +0200
0 - 0 - 1 lisaraeswan.com/dreamparty.ca/llc/isk5tgaebb 69.27.124.220
2019-05-23 00:11:31 +0200
0 - 0 - 9 lisaraeswan.com/ 69.27.124.220
2019-05-12 13:10:05 +0200
0 - 0 - 9 lisaraeswan.com/ 69.27.124.220
2019-04-30 07:51:10 +0200
0 - 1 - 2 lisaraeswan.com/dreamparty.ca/DOC/pHtejgMPAi47/ 69.27.124.220


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (2)


Request Response
                                        
                                            GET /dreamparty.ca/LLC/ISk5TgaEbb HTTP/1.1 
Host: lisaraeswan.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         69.27.124.220
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Content-Length: 617
Date: Mon, 10 Jun 2019 16:21:49 GMT
Location: http://lisaraeswan.com/dreamparty.ca/LLC/ISk5TgaEbb/
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   617
Md5:    80b8eb1ae26d1e0a7f7bab102a865e53
Sha1:   f65aaf8395ccb9c8c2d969d7835f0a89389699ac
Sha256: 8dbc2257f4adb3aa22d0cf153a944b35a1ce9b31ffc474bf908672b3af2b93f8

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /dreamparty.ca/LLC/ISk5TgaEbb/ HTTP/1.1 
Host: lisaraeswan.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         69.27.124.220
HTTP/1.1 200 OK
Content-Type: application/octet-stream
                                        
X-Powered-By: PHP/5.6.40
Set-Cookie: 5cfe839e27a99=1560183710; expires=Mon, 10-Jun-2019 16:22:50 GMT; Max-Age=60; path=/
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Last-Modified: Mon, 10 Jun 2019 16:21:50 GMT
Expires: Mon, 10 Jun 2019 16:21:50 GMT
Content-Disposition: attachment; filename="LLC_07851151094US_Apr_24_2019.zip"
Content-Transfer-Encoding: binary
Content-Length: 13751
Date: Mon, 10 Jun 2019 16:21:50 GMT
Connection: Keep-Alive


--- Additional Info ---
Magic:  Zip archive data, at least v2.0 to extract
Size:   13751
Md5:    0706b47850a1fcadf98d3bc6548ebc9b
Sha1:   ac57605a63d9ded7ef799e29d0713a244146af63
Sha256: 0fbda8cc47ba8a7e2b12b688ee111ad2a73a97e2b56351eaefaacdcb7cbbd64a

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET INFO SUSPICIOUS Single JS file inside of ZIP Download (Observed as lure in malspam campaigns)