Overview

URL www.chrisqueen.com/dp/distr/app-muninst1/site-00bc092b834/lng-eng/muninst1.exe
IP104.24.109.78
ASNAS13335 CloudFlare, Inc.
Location United States
Report completed2018-10-11 14:31:01 CEST
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2018-10-11 2 www.chrisqueen.com/dp/distr/app-muninst1/site-00bc092b834/lng-eng/muninst1.exe Malware
2018-10-11 2 www.chrisqueen.com/cdn-cgi/apps/head/kzKAD6t8nNbbj_aKnaYcapv18Oc.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 104.24.109.78

Date UQ / IDS / BL URL IP
2018-12-09 05:34:17 +0100
0 - 0 - 2 www.chrisqueen.com/dp/distr/app-dwm10612/site (...) 104.24.109.78
2018-12-08 03:00:00 +0100
0 - 0 - 2 www.chrisqueen.com/dp/distr/app-daycarebiz/si (...) 104.24.109.78
2018-12-07 18:50:21 +0100
0 - 0 - 2 www.chrisqueen.com/dp/distr/app-shedplans/sit (...) 104.24.109.78
2018-12-07 12:02:44 +0100
0 - 0 - 2 www.chrisqueen.com/dp/distr/app-1greenway/sit (...) 104.24.109.78
2018-12-04 19:01:11 +0100
0 - 0 - 2 www.chrisqueen.com/dp/distr/app-fbsubmit/site (...) 104.24.109.78
2018-12-04 17:25:36 +0100
0 - 0 - 2 www.chrisqueen.com/dp/distr/app-ldicom/site-0 (...) 104.24.109.78
2018-12-03 06:27:41 +0100
0 - 0 - 2 www.chrisqueen.com/dp/distr/app-mmbjustin/sit (...) 104.24.109.78
2018-12-02 00:21:31 +0100
0 - 0 - 2 www.chrisqueen.com/dp/distr/app-bvcures/site- (...) 104.24.109.78
2018-12-01 15:29:06 +0100
0 - 0 - 2 www.chrisqueen.com/dp/distr/app-choppertat/si (...) 104.24.109.78
2018-11-28 03:25:35 +0100
0 - 0 - 2 www.chrisqueen.com/dp/distr/app-burnthefat/si (...) 104.24.109.78

Last 10 reports on ASN: AS13335 CloudFlare, Inc.

Date UQ / IDS / BL URL IP
2018-12-15 18:08:20 +0100
0 - 0 - 0 vpntester.de 104.18.36.230
2018-12-15 18:04:53 +0100
2 - 2 - 4 www.pornsexbro.com/search/label/Brown%20Bunnies 104.18.50.55
2018-12-15 18:03:08 +0100
0 - 0 - 1 hacymasinuforbib.ru/bLOZGJ.exe 104.18.35.197
2018-12-15 17:58:21 +0100
0 - 0 - 1 https://www.file-upload.com/fkix19wkc1dk?fbcl (...) 104.31.85.79
2018-12-15 17:51:07 +0100
0 - 0 - 1 dl.skilledservers.net/111001758/9224/10220d01 (...) 104.28.4.92
2018-12-15 17:48:29 +0100
0 - 0 - 1 dl.skilledservers.net/111001758/9224/10225c1b (...) 104.28.4.92
2018-12-15 17:47:48 +0100
2 - 1 - 5 https://www.batangastoday.com/tag/philippines 104.27.135.89
2018-12-15 17:47:07 +0100
0 - 0 - 1 dl.skilledservers.net/111001758/9224/102418fc (...) 104.28.5.92
2018-12-15 17:46:54 +0100
2 - 0 - 4 www.pornsexbro.com/search/label/Tags:%20Publi (...) 104.18.51.55
2018-12-15 17:42:06 +0100
0 - 1 - 0 phg10.eu.org/ 104.24.116.80

No other reports on domain: chrisqueen.com



JavaScript

Executed Scripts (2)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (6)


Request Response
                                        
                                            GET /dp/distr/app-muninst1/site-00bc092b834/lng-eng/muninst1.exe HTTP/1.1 
Host: www.chrisqueen.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         104.24.109.78
HTTP/1.1 500 Internal Server Error
Content-Type: text/html
                                        
Date: Thu, 11 Oct 2018 12:30:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=dc8b639e598e956300887b473e4132d091539261026; expires=Fri, 11-Oct-19 12:30:26 GMT; path=/; domain=.chrisqueen.com; HttpOnly
Cf-Railgun: 46c3e029b6 stream 0.000000 0200 206c
Host-Header: 192fc2e7e50945beb8231a492d6a8024
Server: cloudflare
CF-RAY: 46815686708c42a9-OSL


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   1933
Md5:    cdc2f9fd2feca73e66e7ad3a33eb378c
Sha1:   b5156742839f15780066c44d5aa76f649d25661a
Sha256: 98ebc4e6632c650f89fd0b19a0f32948da9dfb79c6b8eb8284c86566084df39b

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /cdn-cgi/apps/head/kzKAD6t8nNbbj_aKnaYcapv18Oc.js HTTP/1.1 
Host: www.chrisqueen.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.chrisqueen.com/dp/distr/app-muninst1/site-00bc092b834/lng-eng/muninst1.exe
Cookie: __cfduid=dc8b639e598e956300887b473e4132d091539261026

                                         
                                         104.24.109.78
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Date: Thu, 11 Oct 2018 12:30:27 GMT
Content-Length: 2271
Connection: keep-alive
x-amz-id-2: vlhy1IVgDu41PNJclhGaPe6XWx8LySSMYbCZgE+NVhUCWOXfl887BK7aodVaIClsAnpdgeMKus8=
x-amz-request-id: EA750602EC54AFE1
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Last-Modified: Thu, 20 Jul 2017 22:58:22 GMT
x-amz-version-id: XFiO1QzVR4RUyRz1AxdN3mS67jlnyuLT
Etag: "a4da4fe52c39ba0a0dd13115fd864b9a"
CF-Cache-Status: MISS
Expires: Fri, 11 Oct 2019 12:30:27 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4681568990ee42a9-OSL


--- Additional Info ---
Magic:  gzip compressed data
Size:   2271
Md5:    a4da4fe52c39ba0a0dd13115fd864b9a
Sha1:   9332800fab7c9cd6db8ff68a9da61c6a9bf5f0e7
Sha256: 7226ade0120fa9ba418bc8750de9365a63e76d96783a7a9a656d11ed742d272b

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.chrisqueen.com/dp/distr/app-muninst1/site-00bc092b834/lng-eng/muninst1.exe
If-Modified-Since: Fri, 03 Oct 2014 00:48:42 GMT

                                         
                                         172.217.21.174
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Thu, 11 Oct 2018 11:29:26 GMT
Expires: Thu, 11 Oct 2018 13:29:26 GMT
Last-Modified: Mon, 01 Oct 2018 17:56:18 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 17285
Cache-Control: public, max-age=7200
Age: 3661


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   17285
Md5:    d805ae550cdc9aaa4bae83d67232e6ae
Sha1:   9537cd6a02c7a1ec9e0ac02b31a00b8dbd4230d3
Sha256: 232775139b1bd39d9966db28c8195b1ca5fbf6bcbfb80cc9e72edc45a4409dd3
                                        
                                            GET /error_page.gif HTTP/1.1 
Host: www.chrisqueen.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.chrisqueen.com/dp/distr/app-muninst1/site-00bc092b834/lng-eng/muninst1.exe
Cookie: __cfduid=dc8b639e598e956300887b473e4132d091539261026

                                         
                                         104.24.109.78
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 11 Oct 2018 12:30:27 GMT
Content-Length: 1035
Connection: keep-alive
Last-Modified: Mon, 22 Oct 2007 11:16:59 GMT
Etag: "40b-43d1305dec0c0"
Host-Header: 192fc2e7e50945beb8231a492d6a8024
X-Proxy-Cache: MISS
CF-Cache-Status: MISS
Expires: Sun, 11 Nov 2018 12:30:27 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 4681568c514942a9-OSL


--- Additional Info ---
Magic:  GIF image data, version 89a, 45 x 150
Size:   1035
Md5:    80bf9283eae893e635a4051422287db4
Sha1:   a5ee14cf86f9a1568a2d99da54b2bc2dc6e246a8
Sha256: 48b89fd39e9e6da3b2cfde94109f00a5ee7164efefb700f45785d6f92969fc7f
                                        
                                            GET /r/collect?v=1&_v=j70&a=219088091&t=pageview&_s=1&dl=http%3A%2F%2Fwww.chrisqueen.com%2Fdp%2Fdistr%2Fapp-muninst1%2Fsite-00bc092b834%2Flng-eng%2Fmuninst1.exe&ul=en-us&de=ISO-8859-1&dt=500%20-%20Internal%20Server%20Error&sd=24-bit&sr=1176x885&vp=1176x754&je=1&fl=10.0%20r45&_u=IEBAAEQ~&jid=1248852481&gjid=2047041939&cid=457044736.1539261028&tid=UA-18240908-5&_gid=985978219.1539261028&_r=1&z=1810288967 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.chrisqueen.com/dp/distr/app-muninst1/site-00bc092b834/lng-eng/muninst1.exe

                                         
                                         172.217.21.174
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Access-Control-Allow-Origin: *
Date: Thu, 11 Oct 2018 12:30:27 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Server: Golfe2
Content-Length: 35


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   35
Md5:    28d6814f309ea289f847c69cf91194c6
Sha1:   0f4e929dd5bb2564f7ab9c76338e04e292a42ace
Sha256: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.chrisqueen.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: __cfduid=dc8b639e598e956300887b473e4132d091539261026; _ga=GA1.2.457044736.1539261028; _gid=GA1.2.985978219.1539261028; _gat=1

                                         
                                         104.24.109.78
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Date: Thu, 11 Oct 2018 12:30:28 GMT
Content-Length: 0
Connection: keep-alive
Last-Modified: Mon, 04 Jun 2012 17:01:24 GMT
Cache-Control: public, max-age=604800
Expires: Thu, 18 Oct 2018 12:30:28 GMT
Host-Header: 192fc2e7e50945beb8231a492d6a8024
Vary: User-Agent,Accept-Encoding
X-Proxy-Cache: MISS
CF-Cache-Status: MISS
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 4681568fb1c342a9-OSL


--- Additional Info ---