urlquery.net - Free url scanner

Overview

URL	http://www.ashampoo.com/dl/0249/ashampoo_anti_malware_sm.exe
IP	217.237.165.130
ASN	AS3320 Deutsche Telekom AG
Location	Germany
Report completed	2012-11-07 20:52:06 CET
Status	Loading report..
urlQuery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Snort /w Sourcefire VRT

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-07 20:50:54	80.237.154.35	urlQuery Client	3	FILE-IDENTIFY Portable Executable binary file magic detected
2012-11-07 20:50:54	80.237.154.35	urlQuery Client	1	FILE-IDENTIFY download of executable content - x-header

Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 217.237.165.130

Date	Alerts / IDS	URL	IP
2013-01-23 17:04:00	0 / 2	http://www.ashampoo.com/ashampoo_seeya_2_fe.exe	217.237.165.130
2013-01-18 21:39:01	0 / 2	http://www.ashampoo.com/ashampoo_slideshow_studio_elements_sm.exe	217.237.165.130
2013-01-18 03:32:25	0 / 2	http://www.ashampoo.com/ashampoo_hdd_control_2_sm.exe	217.237.165.130
2013-01-16 06:12:06	0 / 3	http://www.ashampoo.com/ashampoo_core_tuner_2_sm.exe	217.237.165.130
2013-01-16 05:46:31	0 / 3	http://www.ashampoo.com/ashampoo_photo_commander_10_sm.exe	217.237.165.130
2013-01-12 06:33:03	0 / 2	http://www.ashampoo.com/dl/0704/ashampoo_magicalsecurity2_se.exe	217.237.165.130

Last 6 reports on ASN: AS3320 Deutsche Telekom AG

Date	Alerts / IDS	URL	IP
2013-02-14 10:27:12	0 / 0	http://www.carus-kom.de	80.150.6.143
2013-02-14 09:01:57	0 / 0	http://80.137.181.216	80.137.181.216
2013-02-14 05:30:46	1 / 0	http://www.gs-altenstadt.de/s-seite/maus.html	62.157.138.113
2013-02-14 05:30:38	1 / 1	http://www.gs-altenstadt.de/s-seite/schwein.html	62.157.138.113
2013-02-14 05:27:56	1 / 1	http://www.gs-altenstadt.de/s-seite/katze.html	62.157.138.113
2013-02-14 01:24:07	0 / 0	http://www.ass-autopartner.de/xtgkajg/g9y7wtmr9n3p0kdinhe.taza1iqx5f246x10	62.157.169.7

Last 6 reports on domain: www.ashampoo.com

Date	Alerts / IDS	URL	IP
2013-01-23 17:04:00	0 / 2	http://www.ashampoo.com/ashampoo_seeya_2_fe.exe	217.237.165.130
2013-01-18 21:39:01	0 / 2	http://www.ashampoo.com/ashampoo_slideshow_studio_elements_sm.exe	217.237.165.130
2013-01-18 03:32:25	0 / 2	http://www.ashampoo.com/ashampoo_hdd_control_2_sm.exe	217.237.165.130
2013-01-16 06:12:06	0 / 3	http://www.ashampoo.com/ashampoo_core_tuner_2_sm.exe	217.237.165.130
2013-01-16 05:46:31	0 / 3	http://www.ashampoo.com/ashampoo_photo_commander_10_sm.exe	217.237.165.130
2013-01-12 06:33:03	0 / 2	http://www.ashampoo.com/dl/0704/ashampoo_magicalsecurity2_se.exe	217.237.165.130

JavaScript

Executed Scripts (1)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (2)

Request	Response
GET /dl/0249/ashampoo_anti_malware_sm.exe HTTP/1.1 Host: www.ashampoo.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 302 Found Content-Type: text/html; charset=UTF-8 Date: Wed, 07 Nov 2012 19:50:54 GMT Server: Apache X-Powered-By: PHP/5.2.6-1+lenny16 Set-Cookie: PHPSESSID=821f1e6bb7c828ae6fb8fefe5dec79b8; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Location: http://ashampoo.downloadcluster.com/ashampoo/0249/ashampoo_anti-malware_1.21_sm.exe Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 20 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive
GET /ashampoo/0249/ashampoo_anti-malware_1.21_sm.exe HTTP/1.1 Host: ashampoo.downloadcluster.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: application/x-msdos-program Server: nginx/0.7.67 Date: Wed, 07 Nov 2012 19:50:55 GMT Connection: keep-alive Last-Modified: Mon, 05 Nov 2012 14:02:08 GMT Etag: "522ea9-cf94bb8-4cdbfee577800" Content-Length: 217664440 Cache-Control: max-age=86400 Expires: Thu, 08 Nov 2012 19:50:55 GMT Accept-Ranges: bytes

Request

Response

GET /dl/0249/ashampoo_anti_malware_sm.exe HTTP/1.1

Host: www.ashampoo.com


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Wed, 07 Nov 2012 19:50:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny16
Set-Cookie: PHPSESSID=821f1e6bb7c828ae6fb8fefe5dec79b8; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://ashampoo.downloadcluster.com/ashampoo/0249/ashampoo_anti-malware_1.21_sm.exe
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

GET /ashampoo/0249/ashampoo_anti-malware_1.21_sm.exe HTTP/1.1

Host: ashampoo.downloadcluster.com


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 200 OK

Content-Type: application/x-msdos-program

Server: nginx/0.7.67
Date: Wed, 07 Nov 2012 19:50:55 GMT
Connection: keep-alive
Last-Modified: Mon, 05 Nov 2012 14:02:08 GMT
Etag: &quot;522ea9-cf94bb8-4cdbfee577800&quot;
Content-Length: 217664440
Cache-Control: max-age=86400
Expires: Thu, 08 Nov 2012 19:50:55 GMT
Accept-Ranges: bytes