Overview

URL kitak.moy.su/
IP193.109.246.80
ASNAS29076 Filanco LTD
Location Russian Federation
Report completed2017-10-13 02:00:53 CEST
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-10-13 02:00:21 CEST 1 Client IP  193.109.246.80 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2017-10-13 02:00:21 CEST 1 Client IP  193.109.246.80 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
2017-10-13 02:00:22 CEST 1 Client IP  193.109.246.80 ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 193.109.246.80

Date UQ / IDS / BL URL IP
2017-10-18 17:46:26 +0200
0 - 2 - 0 wastur.clan.su/ 193.109.246.80
2017-10-11 02:07:23 +0200
0 - 0 - 1 4it-world.ucoz.ro/_ld/0/11_sPwnage_Public.rar 193.109.246.80
2017-10-05 11:19:21 +0200
0 - 3 - 0 mychit.clan.su/load/minecraft/majnkraft_1_6_2 (...) 193.109.246.80
2017-10-03 03:26:55 +0200
0 - 0 - 1 4it-world.ucoz.ro/_ld/0/8_cheats.rar 193.109.246.80
2017-09-06 12:03:24 +0200
0 - 1 - 1 magick-games.ru/load/dana_knightstone_novel_3 (...) 193.109.246.80
2017-08-31 08:00:59 +0200
0 - 0 - 1 signineby.do.am/signin.eby.co.ukwseBayISAPI.d (...) 193.109.246.80
2017-08-28 01:02:39 +0200
0 - 0 - 1 4it-world.ucoz.ro/_ld/0/61_4_Fixed_Cdhack_.rar 193.109.246.80
2017-08-19 15:07:33 +0200
0 - 2 - 0 fricent.clan.su/news/kennel_sojuz_altaj/2013- (...) 193.109.246.80
2017-07-23 16:59:11 +0200
0 - 0 - 1 mladenec.my1.ru/ 193.109.246.80
2017-07-22 10:30:02 +0200
0 - 0 - 1 superdetsad2013.ucoz.com/index/instrukcija_po (...) 193.109.246.80

Last 10 reports on ASN: AS29076 Filanco LTD

Date UQ / IDS / BL URL IP
2017-10-22 09:40:21 +0200
0 - 0 - 1 n-torrents.ru/load/pc_games/action/max_payne_ (...) 193.109.246.194
2017-10-22 08:49:15 +0200
0 - 0 - 1 https://www.forzajuve.ru/ 178.250.242.56
2017-10-22 03:21:34 +0200
1 - 0 - 1 masters-computer.narod.ru/udalenie-virusov-ch (...) 193.109.247.234
2017-10-22 01:22:21 +0200
0 - 0 - 2 www.rusexvideos.narod.ru/ 193.109.247.10
2017-10-22 01:10:49 +0200
0 - 0 - 1 nata-05p.narod.ru/ 193.109.247.227
2017-10-22 00:22:13 +0200
0 - 0 - 4 corpcollection55.narod.ru/dieta-dlya-beder-i- (...) 193.109.247.224
2017-10-22 00:21:29 +0200
0 - 0 - 5 pitipde.narod.ru/3.html 193.109.247.234
2017-10-21 23:06:45 +0200
0 - 0 - 6 www.vseodome-2.narod.ru/index7.html 193.109.247.10
2017-10-21 18:44:45 +0200
0 - 0 - 3 cheater-top.ru/forum/53-274-1 193.109.247.85
2017-10-21 16:31:35 +0200
0 - 4 - 1 divx.clan.su/ 193.109.246.5

No other reports on domain: moy.su



JavaScript

Executed Scripts (6)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (18)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: kitak.moy.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         193.109.246.80
HTTP/1.1 404 Not found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Oct 2017 00:00:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache, no-store
Pragma: no-cache
Vary: host
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2051
Md5:    a99d77af6cc3386b5762ab5d732d3314
Sha1:   28f80d1c671d3ab3186bce3602335d2a72820b0e
Sha256: b550a663f23b96f392c13597e7606170a091a485ead41ae283b72ca05ae92566
                                        
                                            GET /.serr/css/style.css HTTP/1.1 
Host: kitak.moy.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/

                                         
                                         193.109.246.80
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx/1.8.0
Date: Fri, 13 Oct 2017 00:00:21 GMT
Last-Modified: Thu, 05 Oct 2017 10:11:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"59d6056d-4c25"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   4288
Md5:    d0f39f32aaa12c4c859ceaa37cfc1939
Sha1:   4357fcee86a3ad7021ee86c488637b64a8fb5c71
Sha256: ca887f3286831ee1ff78614f4347ef203068bc41b7812a82ad4a271384f14e8a

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/

                                         
                                         216.58.209.106
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
                                        
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Content-Length: 32954
Date: Thu, 12 Oct 2017 01:21:01 GMT
Expires: Fri, 12 Oct 2018 01:21:01 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 81559


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   32954
Md5:    68263720f8747715639ad6a9020dd9fa
Sha1:   121c84759a7366e4a22da1c55f07bd25a3c3a6d9
Sha256: 8632e8030f860c40b4fef513a33ef06ba067b682d461e27d4ed4ff15ee87c836
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: kitak.moy.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         193.109.246.80
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Oct 2017 00:00:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2561
Md5:    5585aa3a5ee4b83b05b5ca496a21e659
Sha1:   dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /.serr/js/core.js HTTP/1.1 
Host: kitak.moy.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/

                                         
                                         193.109.246.80
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx/1.8.0
Date: Fri, 13 Oct 2017 00:00:21 GMT
Last-Modified: Thu, 05 Oct 2017 10:11:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Etag: W/"59d6056d-19e"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   234
Md5:    6d2afededfa7410e2a2a1e4ac9bebb2e
Sha1:   f83e4b38412d51d14d6ccae931ec81152ce4ed9b
Sha256: 287ef7fee8741c621fd524723adca348f2f1a9cf522ac12aa5c2971a5f1b6a3e
                                        
                                            GET /.serr/img/ulogo.svg HTTP/1.1 
Host: kitak.moy.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/.serr/css/style.css

                                         
                                         193.109.246.80
HTTP/1.1 200 OK
Content-Type: image/svg+xml
                                        
Server: nginx/1.8.0
Date: Fri, 13 Oct 2017 00:00:21 GMT
Content-Length: 4235
Last-Modified: Thu, 05 Oct 2017 10:11:57 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "59d6056d-108b"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012 XML document text
Size:   4235
Md5:    993299552bfd263cd4a75ad398e75b58
Sha1:   3fc9ad991516b8ad0c6553a05de4a8c9759c5020
Sha256: c660064588748948fcadc6a86b73dcb981d124c370b0ba764fe8a210854f6cd5
                                        
                                            GET /metrika/watch.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/

                                         
                                         87.250.251.119
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx/1.8.1
Date: Fri, 13 Oct 2017 00:00:20 GMT
Content-Length: 184
Connection: keep-alive
Location: https://mc.yandex.ru/metrika/watch.js


--- Additional Info ---
Magic:  HTML document text
Size:   184
Md5:    803493a1e438da1e67b84a76fa86bdda
Sha1:   9dca8b04cd8f0f715f14546b5f747aabbba7de47
Sha256: 82e7512bb763ef84d4ff4c9f8998fbff4b461ee5416741db743d5e4584d2ec45
                                        
                                            GET /.serr/img/eyes.png HTTP/1.1 
Host: kitak.moy.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/.serr/css/style.css

                                         
                                         193.109.246.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.8.0
Date: Fri, 13 Oct 2017 00:00:21 GMT
Content-Length: 3288
Last-Modified: Thu, 05 Oct 2017 10:11:57 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "59d6056d-cd8"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 16 x 16, 8-bit/color RGB, non-interlaced
Size:   3288
Md5:    61ecb4143b3582b11f3b5cd1503d9d4e
Sha1:   04fdc163629c4cd8aac7f237e21a8f27b96624ab
Sha256: a7b92bb840e66c0f1b47e8b5cd5fab170935dab76fdc9a7264b5fefe57a39c6b

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /.serr/img/nofound.png HTTP/1.1 
Host: kitak.moy.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/.serr/css/style.css

                                         
                                         193.109.246.80
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx/1.8.0
Date: Fri, 13 Oct 2017 00:00:21 GMT
Content-Length: 34722
Last-Modified: Thu, 05 Oct 2017 10:11:57 GMT
Connection: keep-alive
Keep-Alive: timeout=15
Etag: "59d6056d-87a2"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image, 294 x 240, 8-bit/color RGB, non-interlaced
Size:   34722
Md5:    cfd5b3c7df2dea454f19c96505e74905
Sha1:   02a66f5ce373921d2d065377fd3c9f1045cf5d99
Sha256: a160c19e07bb27c7e3b95153c6392bf6664398fb2cf57f12c386bc7a8d43e551
                                        
                                            POST /gsorganizationvalsha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Length: 111
Content-Type: application/ocsp-request

                                         
                                         104.31.75.124
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 13 Oct 2017 00:00:20 GMT
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=dce1dc7c9444e267fbd3edfdd6804b4691507852820; expires=Sat, 13-Oct-18 00:00:20 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Thu, 12 Oct 2017 22:04:16 GMT
Expires: Mon, 16 Oct 2017 22:04:16 GMT
Etag: "e8da21e4ddb94e6c6efe160a3282e6436f1ee708"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare-nginx
CF-RAY: 3ace04a130244261-OSL


--- Additional Info ---
Magic:  data
Size:   1570
Md5:    24837ff9c1e5fa2e277143c5b37cdd8e
Sha1:   e8da21e4ddb94e6c6efe160a3282e6436f1ee708
Sha256: cb7e49d468a4982f3eeee3d158bc1891f8b03f5a481eea87c05cb6ad89cd6417
                                        
                                            GET /metrika/watch.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/

                                         
                                         87.250.251.119
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx/1.8.1
Date: Fri, 13 Oct 2017 00:00:20 GMT
Content-Length: 31070
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Wed, 11 Oct 2017 15:46:07 GMT
Content-Encoding: gzip
Expires: Fri, 13 Oct 2017 01:00:20 GMT
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000


--- Additional Info ---
Magic:  gzip compressed data, was "_metrika.js", from Unix, last modified: Wed Sep 20 15:59:28 2017
Size:   31070
Md5:    a4350063ff24c8473564d542455ec40c
Sha1:   f2b21568b1a574f4609da06be50d3acec1c11090
Sha256: 010dafc502cfeb744bc32ec88db8307fa3510a4901be77037da1d89f6b2ab185
                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/

                                         
                                         87.250.251.119
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.8.1
Date: Fri, 13 Oct 2017 00:00:21 GMT
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Mon, 12 Oct 2015 13:09:09 GMT
Expires: Fri, 06 Sep 2047 00:00:21 GMT
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: kitak.moy.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ym_uid=1507852821253515902

                                         
                                         193.109.246.80
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Oct 2017 00:00:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2561
Md5:    5585aa3a5ee4b83b05b5ca496a21e659
Sha1:   dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            GET /watch/24122689?wmode=5&callback=_ymjsp751537958&page-url=http%3A%2F%2Fkitak.moy.su%2F&browser-info=ti%3A6%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1159x754%3Az%3A120%3Ai%3A20171013020020%3Aet%3A1507852821%3Aen%3Autf-8%3Av%3A897%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A123732422114%3Arqn%3A1%3Arn%3A492381811%3Ahid%3A208271715%3Awn%3A2397%3Ahl%3A1%3Arqnl%3A1%3Ast%3A1507852822%3Au%3A1507852821253515902%3At%3A404%20-%20Unable%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/

                                         
                                         87.250.251.119
HTTP/1.1 302 Found
                                        
Server: nginx/1.8.1
Date: Fri, 13 Oct 2017 00:00:21 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Fri, 13 Oct 2017 00:00:21 GMT
Expires: Fri, 13 Oct 2017 00:00:21 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: yandexuid=7578138381507852821; domain=.yandex.ru; path=/; expires=Mon, 11-Oct-2027 00:00:21 GMT yp=1823212821.yrts.1507852821; domain=.yandex.ru; path=/; expires=Mon, 11-Oct-2027 00:00:21 GMT yabs-sid=564483591507852821; path=/ i=maAWyrS6b/ccPPhg761Knqn5w0IlFjsl5LIG0xnWboYraD7LoeSr21vX5M4IJd0yv0l/GnX9Mo7X7Uei5hF2yYBXzBk=; Expires=Mon, 11-Oct-2027 00:00:21 GMT; Domain=.yandex.ru; Path=/; HttpOnly
Location: https://mc.yandex.ru/watch/24122689/1?wmode=5&callback=_ymjsp751537958&page-url=http%3A%2F%2Fkitak.moy.su%2F&browser-info=ti%3A6%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1159x754%3Az%3A120%3Ai%3A20171013020020%3Aet%3A1507852821%3Aen%3Autf-8%3Av%3A897%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A123732422114%3Arqn%3A1%3Arn%3A492381811%3Ahid%3A208271715%3Awn%3A2397%3Ahl%3A1%3Arqnl%3A1%3Ast%3A1507852822%3Au%3A1507852821253515902%3At%3A404%20-%20Unable%20to%20load%20website
X-XSS-Protection: 1; mode=block


--- Additional Info ---
                                        
                                            GET /watch/24122689/1?wmode=5&callback=_ymjsp751537958&page-url=http%3A%2F%2Fkitak.moy.su%2F&browser-info=ti%3A6%3Aj%3A1%3As%3A1176x885x24%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1159x754%3Az%3A120%3Ai%3A20171013020020%3Aet%3A1507852821%3Aen%3Autf-8%3Av%3A897%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A123732422114%3Arqn%3A1%3Arn%3A492381811%3Ahid%3A208271715%3Awn%3A2397%3Ahl%3A1%3Arqnl%3A1%3Ast%3A1507852822%3Au%3A1507852821253515902%3At%3A404%20-%20Unable%20to%20load%20website HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/
Cookie: yandexuid=7578138381507852821; yp=1823212821.yrts.1507852821; yabs-sid=564483591507852821; i=maAWyrS6b/ccPPhg761Knqn5w0IlFjsl5LIG0xnWboYraD7LoeSr21vX5M4IJd0yv0l/GnX9Mo7X7Uei5hF2yYBXzBk=

                                         
                                         87.250.251.119
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.8.1
Date: Fri, 13 Oct 2017 00:00:21 GMT
Content-Length: 94
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Fri, 13 Oct 2017 00:00:21 GMT
Expires: Fri, 13 Oct 2017 00:00:21 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   94
Md5:    171e86f2afcd9428a65e8109c7441f95
Sha1:   a9af501c8fd0dc6606080489587b8ef4493f9cb5
Sha256: dc19cfe396b746702d8204c794e13df3c9646479a8ad72ff993b1627ec8588be
                                        
                                            GET /.serr/img/favicon.ico HTTP/1.1 
Host: kitak.moy.su
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: _ym_uid=1507852821253515902; _ym_isad=2; _ym_visorc_24122689=w

                                         
                                         193.109.246.80
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx/1.8.0
Date: Fri, 13 Oct 2017 00:00:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   2561
Md5:    5585aa3a5ee4b83b05b5ca496a21e659
Sha1:   dde6db45dcd453f44c0c2b9511b61fb69d5995d7
Sha256: 15efb2ca1e8e7560c7b5ac42ea3d96c7e59b714719452ace3c9d09286a92d905

Alerts:
  IDS:
    - ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related
                                        
                                            OPTIONS /watch/24122689?page-url=http%3A%2F%2Fkitak.moy.su%2F&browser-info=ti%3A7%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1159x754%3Az%3A120%3Ai%3A20171013020036%3Aet%3A1507852837%3Aen%3Autf-8%3Av%3A897%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A227%3Als%3A123732422114%3Arqn%3A2%3Arn%3A593453769%3Ahid%3A208271715%3Arqnl%3A1%3Ast%3A1507852837%3Au%3A1507852821253515902 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Origin: http://kitak.moy.su
Access-Control-Request-Method: POST

                                         
                                         87.250.251.119
HTTP/1.1 200 OK
                                        
Server: nginx/1.8.1
Date: Fri, 13 Oct 2017 00:00:36 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
X-XSS-Protection: 1; mode=block


--- Additional Info ---
                                        
                                            GET /watch/24122689?page-url=http%3A%2F%2Fkitak.moy.su%2F&browser-info=ti%3A4%3Aj%3A1%3As%3A1176x885x24%3Aadb%3A2%3Af%3A10.0.45.2%3Afpr%3A65694993101%3Acn%3A1%3Aw%3A1159x754%3Az%3A120%3Ai%3A20171013020036%3Aet%3A1507852837%3Aen%3Autf-8%3Av%3A897%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A227%3Als%3A123732422114%3Arqn%3A2%3Arn%3A593453769%3Ahid%3A208271715%3Arqnl%3A1%3Ast%3A1507852837%3Au%3A1507852821253515902 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kitak.moy.su/
Cookie: yandexuid=7578138381507852821; yp=1823212821.yrts.1507852821; yabs-sid=564483591507852821; i=maAWyrS6b/ccPPhg761Knqn5w0IlFjsl5LIG0xnWboYraD7LoeSr21vX5M4IJd0yv0l/GnX9Mo7X7Uei5hF2yYBXzBk=

                                         
                                         87.250.251.119
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.8.1
Date: Fri, 13 Oct 2017 00:00:36 GMT
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DEVa TAIa OUR BUS UNI STA"
Last-Modified: Fri, 13 Oct 2017 00:00:36 GMT
Expires: Fri, 13 Oct 2017 00:00:36 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
X-XSS-Protection: 1; mode=block


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87