Overview

URL pit.su/
IP195.62.78.7
ASNAS47259 PE Fedorov Pavel Vladimirovich
Location Russian Federation
Report completed2018-05-07 18:09:13 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-05-07 18:08:42 CEST 1 Client IP  195.62.78.7 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-05-07 18:08:45 CEST 2 Client IP  91.247.36.39 ET POLICY HTTP Request to a *.tk domain
2018-05-07 18:08:42 CEST 1 Client IP  195.62.78.7 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2018-05-07 18:08:42 CEST 2 Client IP  91.247.36.39 ET POLICY HTTP Request to a *.tk domain


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 4 reports on IP: 195.62.78.7

Date UQ / IDS / BL URL IP
2018-05-16 17:39:05 +0200
0 - 6 - 13 pit.su/ 195.62.78.7
2017-12-30 09:57:59 +0100
0 - 5 - 0 pit.su/ 195.62.78.7
2017-11-19 10:48:34 +0100
0 - 2 - 0 risti.pit.su/ 195.62.78.7
2017-08-30 20:30:38 +0200
0 - 3 - 0 school1.pit.su/ 195.62.78.7

Last 4 reports on ASN: AS47259 PE Fedorov Pavel Vladimirovich

Date UQ / IDS / BL URL IP
2018-05-16 17:39:05 +0200
0 - 6 - 13 pit.su/ 195.62.78.7
2017-12-30 09:57:59 +0100
0 - 5 - 0 pit.su/ 195.62.78.7
2017-11-19 10:48:34 +0100
0 - 2 - 0 risti.pit.su/ 195.62.78.7
2017-08-30 20:30:38 +0200
0 - 3 - 0 school1.pit.su/ 195.62.78.7

Last 4 reports on domain: pit.su

Date UQ / IDS / BL URL IP
2018-05-16 17:39:05 +0200
0 - 6 - 13 pit.su/ 195.62.78.7
2017-12-30 09:57:59 +0100
0 - 5 - 0 pit.su/ 195.62.78.7
2017-11-19 10:48:34 +0100
0 - 2 - 0 risti.pit.su/ 195.62.78.7
2017-08-30 20:30:38 +0200
0 - 3 - 0 school1.pit.su/ 195.62.78.7


JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (9)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: pit.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.62.78.7
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 07 May 2018 16:08:42 GMT
Content-Length: 14188
Connection: keep-alive
Keep-Alive: timeout=60
Set-Cookie: a777d=1; expires=Tue, 08-May-2018 04:08:41 GMT; Max-Age=43200; path=/
Link: <http://pit.su/wp-json/>; rel="https://api.w.org/"
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   14188
Md5:    84501864b238288b9a30691bb5c4a663
Sha1:   8b6c3998f2470323f26513f314a00a356b61ed0e
Sha256: 3bb6533e591aa6248f70a8789a1d5fd56dc056f31f82c7d7e80ed46fe584d898

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: pit.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: a777d=1

                                         
                                         195.62.78.7
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Server: nginx
Date: Mon, 07 May 2018 16:08:42 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60


--- Additional Info ---

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /index/?2601510941471 HTTP/1.1 
Host: crireargent.tk
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://pit.su/

                                         
                                         91.247.36.39
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx/1.12.2
Date: Mon, 07 May 2018 16:08:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 21 Jul 1977 07:30:00 GMT
Last-Modified: Mon, 07 May 2018 16:08:42 GMT
Cache-Control: max-age=0
Pragma: no-cache
Set-Cookie: 00831=%7B%22streams%22%3A%7B%222575%22%3A1525709322%7D%2C%22campaigns%22%3A%7B%22320%22%3A1525709322%7D%2C%22time%22%3A1525709322%7D; expires=Thu, 07-Jun-2018 16:08:42 GMT; Max-Age=2678400; path=/; domain=.crireargent.tk 00831=%7B%22streams%22%3A%7B%222575%22%3A1525709322%2C%221509%22%3A1525709322%7D%2C%22campaigns%22%3A%7B%22320%22%3A1525709322%2C%22250%22%3A1525709322%7D%2C%22time%22%3A1525709322%7D; expires=Thu, 07-Jun-2018 16:08:42 GMT; Max-Age=2678400; path=/; domain=.crireargent.tk 00831=%7B%22streams%22%3A%7B%222575%22%3A1525709322%2C%221509%22%3A1525709322%2C%223314%22%3A1525709322%7D%2C%22campaigns%22%3A%7B%22320%22%3A1525709322%2C%22250%22%3A1525709322%2C%22261%22%3A1525709322%7D%2C%22time%22%3A1525709322%7D; expires=Thu, 07-Jun-2018 16:08:42 GMT; Max-Age=2678400; path=/; domain=.crireargent.tk


--- Additional Info ---
Magic:  HTML document text
Size:   261
Md5:    0967ca547d3a6790a592a10ddb5d8009
Sha1:   4d8e2b4b23369e86ce246c45298a3f89b4929fda
Sha256: 499c4e59ffd94b6301aa171ebb23f193c60ac54e9d98a78d544a7cbf737d35f1

Alerts:
  IDS:
    - ET POLICY HTTP Request to a *.tk domain
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: crireargent.tk
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: 00831=%7B%22streams%22%3A%7B%222575%22%3A1525709322%2C%221509%22%3A1525709322%2C%223314%22%3A1525709322%7D%2C%22campaigns%22%3A%7B%22320%22%3A1525709322%2C%22250%22%3A1525709322%2C%22261%22%3A1525709322%7D%2C%22time%22%3A1525709322%7D

                                         
                                         91.247.36.39
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.12.2
Date: Mon, 07 May 2018 16:08:43 GMT
Content-Length: 169
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text
Size:   169
Md5:    389975d8d57ca94e672162998e06c017
Sha1:   510c51b5312030d6b14c649c19ef039aecc8d6b4
Sha256: c85357a07370a52790712227119a38aaaed7f997f12b91008cd4c0c76398c076

Alerts:
  IDS:
    - ET POLICY HTTP Request to a *.tk domain
                                        
                                            GET /latest/ HTTP/1.1 
Host: winopenc.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://crireargent.tk/index/?2601510941471

                                         
                                         162.244.35.54
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.10.2
Date: Mon, 07 May 2018 16:08:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=3
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   358
Md5:    1686b756258a8b9a9760cb93e9fca520
Sha1:   b4862b60bc6710071eb5fc7a486dbab583014aa3
Sha256: 585a83a3a3a4fb3853e665ea1d83ceecf736bb01d3a1b66ec76e09c950313ad9
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: winopenc.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         162.244.35.54
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.10.2
Date: Mon, 07 May 2018 16:08:43 GMT
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=3


--- Additional Info ---
Magic:  HTML document text
Size:   169
Md5:    389975d8d57ca94e672162998e06c017
Sha1:   510c51b5312030d6b14c649c19ef039aecc8d6b4
Sha256: c85357a07370a52790712227119a38aaaed7f997f12b91008cd4c0c76398c076
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: pit.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: a777d=1

                                         
                                         195.62.78.7
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Server: nginx
Date: Mon, 07 May 2018 16:08:45 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=60


--- Additional Info ---

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: winopenc.top
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         162.244.35.54
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.10.2
Date: Mon, 07 May 2018 16:08:45 GMT
Content-Length: 169
Connection: keep-alive
Keep-Alive: timeout=3


--- Additional Info ---
Magic:  HTML document text
Size:   169
Md5:    389975d8d57ca94e672162998e06c017
Sha1:   510c51b5312030d6b14c649c19ef039aecc8d6b4
Sha256: c85357a07370a52790712227119a38aaaed7f997f12b91008cd4c0c76398c076
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: crireargent.tk
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: 00831=%7B%22streams%22%3A%7B%222575%22%3A1525709322%2C%221509%22%3A1525709322%2C%223314%22%3A1525709322%7D%2C%22campaigns%22%3A%7B%22320%22%3A1525709322%2C%22250%22%3A1525709322%2C%22261%22%3A1525709322%7D%2C%22time%22%3A1525709322%7D

                                         
                                         91.247.36.39
HTTP/1.1 404 Not Found
Content-Type: text/html
                                        
Server: nginx/1.12.2
Date: Mon, 07 May 2018 16:08:45 GMT
Content-Length: 169
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text
Size:   169
Md5:    389975d8d57ca94e672162998e06c017
Sha1:   510c51b5312030d6b14c649c19ef039aecc8d6b4
Sha256: c85357a07370a52790712227119a38aaaed7f997f12b91008cd4c0c76398c076

Alerts:
  IDS:
    - ET POLICY HTTP Request to a *.tk domain