Overview

URL shlyunko.zyr.su/fizblok/images/uskordvig.rar
IP81.177.140.83
ASNAS8342 OJSC RTComm.RU
Location Russian Federation
Report completed2019-05-21 14:45:38 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-05-21 14:45:06 CEST 2 Client IP  81.177.140.83 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-05-21 2 shlyunko.zyr.su/fizblok/images/uskordvig.rar Phishing
2019-05-21 2 shlyunko.zyr.su/fizblok/images/uskordvig.rar Phishing
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 81.177.140.83

Date UQ / IDS / BL URL IP
2019-06-07 18:08:12 +0200
0 - 1 - 2 uo.zyr.su/wp-includes/images/microsoftexcelve (...) 81.177.140.83
2019-06-07 14:09:45 +0200
0 - 0 - 2 shlyunko.zyr.su/fizblok/images/mehandvig.rar 81.177.140.83
2019-06-07 14:09:44 +0200
0 - 2 - 2 shlyunko.zyr.su/fizblok/files/prez3.ppt 81.177.140.83
2019-06-05 22:03:01 +0200
0 - 2 - 2 shlyunko.zyr.su/fizblok/images/uskordvig.rar 81.177.140.83
2019-06-04 20:14:50 +0200
0 - 0 - 2 shlyunko.zyr.su/rrc/Plan0809.doc 81.177.140.83
2019-06-04 20:14:42 +0200
0 - 0 - 2 shlyunko.zyr.su/fizblok/files/prez2.ppt 81.177.140.83
2019-06-04 20:14:40 +0200
0 - 1 - 2 shlyunko.zyr.su/fizblok/files/prez6.ppt 81.177.140.83
2019-06-04 20:14:39 +0200
0 - 1 - 2 shlyunko.zyr.su/rrc/Plan0708.doc 81.177.140.83
2019-06-04 20:14:38 +0200
0 - 0 - 2 shlyunko.zyr.su/fizblok/files/prez11.ppt 81.177.140.83
2019-06-04 20:14:29 +0200
0 - 1 - 2 shlyunko.zyr.su/fizblok/files/prez10.ppt 81.177.140.83

Last 10 reports on ASN: AS8342 OJSC RTComm.RU

Date UQ / IDS / BL URL IP
2019-06-18 20:46:35 +0200
0 - 2 - 1 pasta.hurd.club/ 81.177.180.138
2019-06-18 20:37:32 +0200
0 - 1 - 1 aruna.migel.club/ 81.177.180.138
2019-06-18 20:26:57 +0200
0 - 0 - 1 escap.migel.club/ 81.177.180.138
2019-06-18 16:41:34 +0200
0 - 0 - 0 igra.tovsl.ru/cw-pl30/ 81.177.139.41
2019-06-17 21:38:04 +0200
0 - 0 - 1 linera.ru 81.177.140.222
2019-06-17 11:49:32 +0200
0 - 0 - 0 znak-a.ru 81.177.49.68
2019-06-13 17:28:39 +0200
0 - 0 - 0 idntfy.ru 195.161.34.118
2019-06-11 00:49:55 +0200
1 - 0 - 1 learning2live.ru/docs/config/cluster.html 81.177.32.12
2019-06-11 00:06:29 +0200
0 - 4 - 0 508011.ru/ 81.177.165.101
2019-06-10 21:50:10 +0200
0 - 0 - 1 mmcpart.ru/ 81.177.135.47

No other reports on domain: zyr.su



JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (4)


Request Response
                                        
                                            GET /fizblok/images/uskordvig.rar HTTP/1.1 
Host: shlyunko.zyr.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         81.177.140.83
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
                                        
Server: nginx
Date: Tue, 21 May 2019 12:45:06 GMT
Content-Length: 154
Connection: keep-alive
Location: https://shlyunko.zyr.su/fizblok/images/uskordvig.rar


--- Additional Info ---
Magic:  HTML document text
Size:   154
Md5:    cfbeaf604823f038b8b46f0ac862b98c
Sha1:   7b9eb1dac48e74fa5f418bc456cb410f88b81d98
Sha256: 20c1ab602462b7fc0d5b4cbd555cacf127b69a07a737579598ebcbc0f5b21319

Alerts:
  Blacklists:
    - fortinet: Phishing
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            POST / HTTP/1.1 
Host: ocsp.int-x3.letsencrypt.org
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 117
Content-Type: application/ocsp-request

                                         
                                         91.135.34.19
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 527
Etag: "1D24883F51663779BE90EEA573800CD0BD8160681EB0FDB3652D878F66FB49CD"
Last-Modified: Sun, 19 May 2019 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=23105
Expires: Tue, 21 May 2019 19:10:12 GMT
Date: Tue, 21 May 2019 12:45:07 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   527
Md5:    23c88d62a064f3e8c3a792e1b6de4ff0
Sha1:   0c566a9634b1786f0c5e6d77616510f320b8f6d0
Sha256: 1d24883f51663779be90eea573800cd0bd8160681eb0fdb3652d878f66fb49cd
                                        
                                            POST / HTTP/1.1 
Host: isrg.trustid.ocsp.identrust.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 115
Content-Type: application/ocsp-request

                                         
                                         91.135.34.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: Apache
Content-Transfer-Encoding: Binary
Last-Modified: Sat, 18 May 2019 23:17:07 GMT
Etag: "754ab58d9b16e78739e3cab73c0f3060dbd3b019"
Content-Length: 1398
Cache-Control: public, no-transform, must-revalidate, max-age=17179
Expires: Tue, 21 May 2019 17:31:26 GMT
Date: Tue, 21 May 2019 12:45:07 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1398
Md5:    1867df0dc89d4279caf0ecd57b067193
Sha1:   754ab58d9b16e78739e3cab73c0f3060dbd3b019
Sha256: 116c594e8e372069448c9236b77a844689c069a65240d9d1f52a05e7c3b8d393
                                        
                                            GET /fizblok/images/uskordvig.rar HTTP/1.1 
Host: shlyunko.zyr.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         0.0.0.0
                                        


--- Additional Info ---

Alerts:
  Blacklists:
    - fortinet: Phishing
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related