Overview

URL zoosm.ru/downloads/AMMYY_Admin.exe
IP195.208.1.102
ASNAS25535 Autonomous Non-commercial Organization 'Regional Network Information Center'
Location Russian Federation
Report completed2019-03-20 19:23:16 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-03-20 19:22:44 CET 1  195.208.1.102 Client IP ET POLICY PE EXE or DLL Windows file download HTTP


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-03-20 2 zoosm.ru/downloads/AMMYY_Admin.exe Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 195.208.1.102

Date UQ / IDS / BL URL IP
2019-04-23 22:48:46 +0200
0 - 0 - 0 foodline.ru 195.208.1.102
2019-04-22 07:21:13 +0200
0 - 0 - 6 dom.rentals/ 195.208.1.102
2019-04-21 06:51:00 +0200
0 - 0 - 10 i-profile.ru/departments/supply/102-2012-06-2 (...) 195.208.1.102
2019-04-20 20:27:39 +0200
0 - 0 - 1 zoosm.ru/downloads/AMMYY_Admin.exe 195.208.1.102
2019-04-20 00:30:16 +0200
0 - 0 - 1 lawlabs.ru/downloads/DocPrint_Setup.exe 195.208.1.102
2019-04-19 12:02:17 +0200
0 - 0 - 7 5.nevaserv.nichost.ru/auto/b_u_avtozapchasti.htm 195.208.1.102
2019-04-17 17:03:23 +0200
0 - 0 - 1 www.cross-plus-a.com/balabolka_portable.zip 195.208.1.102
2019-04-15 13:48:37 +0200
0 - 0 - 2 fond-astana.ru/sport 195.208.1.102
2019-04-13 04:31:47 +0200
0 - 0 - 4 kiabongo.ru/ 195.208.1.102
2019-04-13 03:19:30 +0200
0 - 0 - 6 5.nevaserv.nichost.ru/auto/furgony_hino_tata.htm 195.208.1.102

Last 10 reports on ASN: AS25535 Autonomous Non-commercial Organization 'Regional Network Information Center'

Date UQ / IDS / BL URL IP
2019-04-24 08:00:27 +0200
0 - 0 - 2 fundlead.ru/wp-admin/maint/KY/net/service/160 (...) 195.208.1.107
2019-04-24 08:00:22 +0200
0 - 0 - 69 citidesign.pro/kontseptsiya-lobbi-restorana-k (...) 195.208.1.104
2019-04-24 02:12:46 +0200
0 - 0 - 7 kimtec.net/9eb57e2c6c2a1f5bbb2f8972c8414a9c/s (...) 195.208.1.107
2019-04-24 02:12:35 +0200
0 - 0 - 7 kimtec.net/7a3ba897f11ee31ea52758ceb4a28181/s (...) 195.208.1.107
2019-04-23 22:48:46 +0200
0 - 0 - 0 foodline.ru 195.208.1.102
2019-04-23 21:52:19 +0200
0 - 0 - 7 kimtec.net/7a3ba897f11ee31ea52758ceb4a28181/s (...) 195.208.1.107
2019-04-23 21:37:23 +0200
0 - 0 - 1 konf-da.ru/Client/Invoice-73409 195.208.1.104
2019-04-23 21:28:38 +0200
0 - 0 - 1 screentotv.ru/f7b3beaoffice-japanf8399630d330 (...) 195.208.1.124
2019-04-23 21:27:48 +0200
0 - 0 - 1 www.ldcentr.org/ 212.193.241.124
2019-04-23 18:28:38 +0200
0 - 0 - 1 compartner-huawei.com/ 195.208.1.109

Last 10 reports on domain: zoosm.ru

Date UQ / IDS / BL URL IP
2019-04-20 20:27:39 +0200
0 - 0 - 1 zoosm.ru/downloads/AMMYY_Admin.exe 195.208.1.102
2019-04-10 20:33:11 +0200
0 - 0 - 1 zoosm.ru/downloads/AMMYY_Admin.exe 195.208.1.102
2019-04-10 06:07:12 +0200
0 - 0 - 1 zoosm.ru/downloads/AMMYY_Admin_v3.exe 195.208.1.102
2019-03-12 03:50:35 +0100
0 - 0 - 1 zoosm.ru/downloads/install_pharmsm_146.30.exe 195.208.1.102
2019-02-12 09:39:31 +0100
0 - 0 - 1 zoosm.ru/downloads/AMMYY_Admin_v3.exe 195.208.1.102
2019-02-10 19:11:42 +0100
0 - 0 - 1 zoosm.ru/downloads/AMMYY_Admin.exe 195.208.1.102
2019-01-30 19:02:43 +0100
0 - 0 - 1 zoosm.ru/downloads/AMMYY_Admin.exe 195.208.1.102
2019-01-24 03:52:57 +0100
0 - 0 - 1 zoosm.ru/downloads/install_pharmsm_146.30.exe 195.208.1.102
2019-01-24 00:56:14 +0100
0 - 0 - 1 zoosm.ru/downloads/install_pharmsm_146.30.exe 195.208.1.102
2019-01-23 13:43:17 +0100
0 - 0 - 1 zoosm.ru/downloads/AMMYY_Admin_v3.exe 195.208.1.102


JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (1)


Request Response
                                        
                                            GET /downloads/AMMYY_Admin.exe HTTP/1.1 
Host: zoosm.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         195.208.1.102
HTTP/1.1 200 OK
Content-Type: application/x-msdos-program
                                        
Server: openresty/1.13.6.2
Date: Wed, 20 Mar 2019 18:22:44 GMT
Content-Length: 667648
Connection: keep-alive
Last-Modified: Wed, 28 Nov 2018 10:38:42 GMT
Etag: "a3000-57bb72b7b3aa7"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PE32 executable for MS Windows (GUI) Intel 80386 32-bit
Size:   667648
Md5:    7601c57cb3e2a259910935a9caba2c4b
Sha1:   b13b1568919981980fd0588098a79f21075c9a7f
Sha256: bfff20ee98829b4ffe39909b806651598d0fc55d79369dbd9db4d4e63068e3c4

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET POLICY PE EXE or DLL Windows file download HTTP