urlquery.net - Free url scanner

Overview

URL	http://imhoteka.ru/modules/mod_rokstock/tmpl/js/rokstock-mt1.2.js
IP	93.170.50.154
ASN	AS48031 PE Ivanov Vitaliy Sergeevich
Location	Czech Republic
Report completed	2012-11-06 10:29:59 CET
Status	Loading report..
urlQuery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-06 10:29:20	93.170.50.154	urlQuery Client	1	ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 3)
2012-11-06 10:29:20	93.170.50.154	urlQuery Client	1	ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 3

Snort /w Sourcefire VRT

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-06 10:29:20	93.170.50.154	urlQuery Client	1	EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch
2012-11-06 10:29:20	93.170.50.154	urlQuery Client	1	EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch

Recent reports on same IP/ASN/Domain

Last 3 reports on IP: 93.170.50.154

Date	Alerts / IDS	URL	IP
2012-11-16 15:29:57	0 / 4	http://imhoteka.ru/components/com_gantry/js/gantry-smartload-mt1.2.js	93.170.50.154
2012-11-16 14:43:27	0 / 2	http://imhoteka.ru/components/com_gantry/js/gantry-smartload-mt1.2.js	93.170.50.154
2012-11-16 03:26:15	0 / 4	http://imhoteka.ru/components/com_gantry/js/gantry-smartload-mt1.2.js	93.170.50.154

Last 6 reports on ASN: AS48031 PE Ivanov Vitaliy Sergeevich

Date	Alerts / IDS	URL	IP
2013-04-09 08:14:58	0 / 1	http://now-download.net/engine	193.203.50.241
2013-04-09 05:38:50	0 / 2	http://piratebayproxy.me/vpn/magnet/riley+evans+-+dicking+the+dominatrix+(bigbuttslikeitbig).ex (...)	91.213.8.103
2013-04-09 00:23:10	0 / 3	http://piratebayproxyorg.org/vpn/torrent/como+dibujar+hentai+en+espa&amp;amp;ntilde;ol+ (...)	91.213.8.103
2013-04-08 17:03:28	0 / 2	http://gg.pozdravit-vas.ru/?2	193.203.51.17
2013-04-08 14:16:09	0 / 2	http://gamesloadsyou.ru/kon/index.php?q	91.226.213.204
2013-04-08 08:05:29	0 / 2	http://piratebayproxyorg.org/vpn/torrent/[hl]+tokyo+requiem+ep+1+[h.264+vorbis]+(hentai).exe	91.213.8.103

Last 3 reports on domain: imhoteka.ru

Date	Alerts / IDS	URL	IP
2012-11-16 15:29:57	0 / 4	http://imhoteka.ru/components/com_gantry/js/gantry-smartload-mt1.2.js	93.170.50.154
2012-11-16 14:43:27	0 / 2	http://imhoteka.ru/components/com_gantry/js/gantry-smartload-mt1.2.js	93.170.50.154
2012-11-16 03:26:15	0 / 4	http://imhoteka.ru/components/com_gantry/js/gantry-smartload-mt1.2.js	93.170.50.154

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (2)

Request	Response
GET /modules/mod_rokstock/tmpl/js/rokstock-mt1.2.js HTTP/1.1 Host: imhoteka.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: application/javascript Date: Tue, 06 Nov 2012 09:29:20 GMT Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g Last-Modified: Sat, 21 Jul 2012 23:24:44 GMT Etag: "d2a17d-1e6d-4c55f51560700" Accept-Ranges: bytes Content-Length: 7789 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive
GET /favicon.ico HTTP/1.1 Host: imhoteka.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: image/x-icon Date: Tue, 06 Nov 2012 09:29:20 GMT Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g Last-Modified: Thu, 08 Mar 2012 05:29:39 GMT Etag: "baa85e-8e8-4bab48ff636c0" Accept-Ranges: bytes Content-Length: 2280 Keep-Alive: timeout=15, max=99 Connection: Keep-Alive

Request

Response

GET /modules/mod_rokstock/tmpl/js/rokstock-mt1.2.js HTTP/1.1

Host: imhoteka.ru


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 200 OK

Content-Type: application/javascript

Date: Tue, 06 Nov 2012 09:29:20 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
Last-Modified: Sat, 21 Jul 2012 23:24:44 GMT
Etag: &quot;d2a17d-1e6d-4c55f51560700&quot;
Accept-Ranges: bytes
Content-Length: 7789
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive

GET /favicon.ico HTTP/1.1

Host: imhoteka.ru


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 200 OK

Content-Type: image/x-icon

Date: Tue, 06 Nov 2012 09:29:20 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
Last-Modified: Thu, 08 Mar 2012 05:29:39 GMT
Etag: &quot;baa85e-8e8-4bab48ff636c0&quot;
Accept-Ranges: bytes
Content-Length: 2280
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive