Overview

URL mgggp.lisx.ru/Document001.exe
IP81.177.180.99
ASNAS8342 OJSC RTComm.RU
Location Russian Federation
Report completed2019-05-20 20:31:30 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-05-20 20:30:58 CEST 2 Client IP  Internal IP ET DNS Query for .su TLD (Soviet Union) Often Malware Related
2019-05-20 20:30:59 CEST 2 Client IP  69.64.41.167 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-05-20 2 mgggp.lisx.ru/Document001.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns
Added / Verified Severity Host Comment
2019-05-20 2 noc.su Blacklisted


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 81.177.180.99

Date UQ / IDS / BL URL IP
2019-05-18 03:28:07 +0200
0 - 1 - 1 mgggp.lisx.ru/Setup.exe 81.177.180.99
2019-03-22 23:14:16 +0100
0 - 0 - 1 mgggp.lisx.ru/Document001.exe 81.177.180.99
2019-02-09 10:40:24 +0100
0 - 0 - 1 mgggp.lisx.ru/download.exe 81.177.180.99
2018-12-31 18:47:48 +0100
0 - 0 - 1 mgggp.lisx.ru/Document001.exe 81.177.180.99
2018-12-30 15:38:20 +0100
0 - 0 - 1 mgggp.lisx.ru/DK.exe 81.177.180.99
2018-11-15 09:34:37 +0100
0 - 2 - 6 izisk-studio.ru/ 81.177.180.99

Last 10 reports on ASN: AS8342 OJSC RTComm.RU

Date UQ / IDS / BL URL IP
2019-06-27 09:58:45 +0200
0 - 0 - 0 radikal.ru 81.176.238.240
2019-06-26 19:02:54 +0200
0 - 0 - 5 coinspottechrem.com 81.177.141.30
2019-06-18 20:46:35 +0200
0 - 2 - 1 pasta.hurd.club/ 81.177.180.138
2019-06-18 20:37:32 +0200
0 - 1 - 1 aruna.migel.club/ 81.177.180.138
2019-06-18 20:26:57 +0200
0 - 0 - 1 escap.migel.club/ 81.177.180.138
2019-06-18 16:41:34 +0200
0 - 0 - 0 igra.tovsl.ru/cw-pl30/ 81.177.139.41
2019-06-17 21:38:04 +0200
0 - 0 - 1 linera.ru 81.177.140.222
2019-06-17 11:49:32 +0200
0 - 0 - 0 znak-a.ru 81.177.49.68
2019-06-13 17:28:39 +0200
0 - 0 - 0 idntfy.ru 195.161.34.118
2019-06-11 00:49:55 +0200
1 - 0 - 1 learning2live.ru/docs/config/cluster.html 81.177.32.12

No other reports on domain: lisx.ru



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (5)


Request Response
                                        
                                            GET /Document001.exe HTTP/1.1 
Host: mgggp.lisx.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         81.177.180.99
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Mon, 20 May 2019 18:30:58 GMT
Content-Length: 230
Connection: keep-alive
Location: http://mgggp.lisx.ru/cgi-sys/suspendedpage.cgi
Expires: Fri, 19 Jul 2019 18:30:58 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Cache-Status: BYPASS
X-Server-Powered-By: Engintron
Pragma: public


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   230
Md5:    ca763e688c2aee798b5f991e2e17672c
Sha1:   acdab0a778118bcf47d79c2f9dcdaf5b05908d67
Sha256: 26f64bc335e90bb6192e8602c1609f692bbf24d10145e1ac408078d802485077

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /cgi-sys/suspendedpage.cgi HTTP/1.1 
Host: mgggp.lisx.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         81.177.180.99
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Mon, 20 May 2019 18:30:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   244
Md5:    ec6e53cbd2a79d2c05b03a82a2a7d854
Sha1:   bbe4224050f7dcdb176cb8ed4967251a05eae048
Sha256: a66d7ea4c65cf2de7f92430d1ba7ad7b9c246f9ff8ed1077a0af8b9b2ed1951a
                                        
                                            GET /susp/ HTTP/1.1 
Host: noc.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mgggp.lisx.ru/cgi-sys/suspendedpage.cgi

                                         
                                         69.64.41.167
HTTP/1.1 200 OK
Content-Type: text/html; charset=cp1251
                                        
Date: Mon, 20 May 2019 18:30:59 GMT
Server: Apache
Content-Length: 865
Connection: close
Content-Language: ru


--- Additional Info ---
Magic:  HTML document text
Size:   865
Md5:    a2a369ed3c9300da7acf7d1dd494dc85
Sha1:   ed9a1632412cda8a194a932c66f06ab0144eaa4e
Sha256: f818524dc3f8402c713a8dceedcae847935acbc023ae4fba94d7c94d367f608a

Alerts:
  Blacklists:
    - mnemonic_dns: Blacklisted
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: mgggp.lisx.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         81.177.180.99
HTTP/1.1 302 Found
Content-Type: text/html; charset=iso-8859-1
                                        
Server: nginx
Date: Mon, 20 May 2019 18:30:59 GMT
Content-Length: 230
Connection: keep-alive
Location: http://mgggp.lisx.ru/cgi-sys/suspendedpage.cgi
Expires: Fri, 19 Jul 2019 18:30:59 GMT
Cache-Control: max-age=5184000
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Cache-Status: MISS
X-Server-Powered-By: Engintron
Pragma: public


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   230
Md5:    ca763e688c2aee798b5f991e2e17672c
Sha1:   acdab0a778118bcf47d79c2f9dcdaf5b05908d67
Sha256: 26f64bc335e90bb6192e8602c1609f692bbf24d10145e1ac408078d802485077
                                        
                                            GET /cgi-sys/suspendedpage.cgi HTTP/1.1 
Host: mgggp.lisx.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         81.177.180.99
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Mon, 20 May 2019 18:31:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Server-Powered-By: Engintron
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   244
Md5:    ec6e53cbd2a79d2c05b03a82a2a7d854
Sha1:   bbe4224050f7dcdb176cb8ed4967251a05eae048
Sha256: a66d7ea4c65cf2de7f92430d1ba7ad7b9c246f9ff8ed1077a0af8b9b2ed1951a