urlquery.net - Free url scanner

Overview

URL	http://tyty.onfre.com/js/tabs.js
IP	109.170.46.50
ASN	AS12714 Net By Net Holding LLC
Location	Russian Federation
Report completed	2012-11-08 22:23:57 CET
Status	Loading report..
urlQuery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-08 22:23:26	109.170.46.50	urlQuery Client	1	ET CURRENT_EVENTS Blackhole Landing Try Prototype Catch Jun 18 2012
2012-11-08 22:23:26	109.170.46.50	urlQuery Client	1	ET CURRENT_EVENTS Blackhole Landing for prototype catch substr
2012-11-08 22:23:26	109.170.46.50	urlQuery Client	1	ET CURRENT_EVENTS Blackhole Landing Try Prototype Catch Jun 18 2012
2012-11-08 22:23:26	109.170.46.50	urlQuery Client	1	ET CURRENT_EVENTS Blackhole Landing for prototype catch substr

Snort /w Sourcefire VRT

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-08 22:23:25	109.170.46.50	urlQuery Client	1	EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch
2012-11-08 22:23:25	109.170.46.50	urlQuery Client	1	EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch
2012-11-08 22:23:26	109.170.46.50	urlQuery Client	1	EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch
2012-11-08 22:23:26	109.170.46.50	urlQuery Client	1	EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch

Recent reports on same IP/ASN/Domain

Last 4 reports on IP: 109.170.46.50

Date	Alerts / IDS	URL	IP
2012-12-01 01:40:25	0 / 2	http://abdance.ru/js/tabs.js	109.170.46.50
2012-12-01 01:38:14	0 / 4	http://abdance.ru/js/jquery-1.3.2.min.js	109.170.46.50
2012-12-01 01:13:11	0 / 4	http://abdance.ru/js/cufon-yui.js	109.170.46.50
2012-12-01 01:07:21	0 / 4	http://abdance.ru/js/loopedslider.js	109.170.46.50

Last 6 reports on ASN: AS12714 Net By Net Holding LLC

Date	Alerts / IDS	URL	IP
2013-02-13 14:27:00	0 / 0	http://gundogar.org/include/gundogar.js	212.48.153.193
2013-02-13 14:24:25	0 / 1	http://gundogar.org/?02120513306000000000000011000000	212.48.153.193
2013-02-07 10:55:11	0 / 1	http://gundogar.org/?02310513299000000000000011000000	212.48.153.193
2013-01-24 15:09:18	0 / 1	http://gundogar.org/?02190513263000000000000011000000	212.48.153.193
2013-01-24 07:47:43	0 / 5	http://byhlzj.nyzvelew.ru/m.exe	46.72.251.151
2013-01-15 21:15:07	0 / 0	http://sens.pro	79.111.244.11

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (3)

Request	Response
GET /js/tabs.js HTTP/1.1 Host: tyty.onfre.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: application/x-javascript Server: nginx/0.8.53 Date: Thu, 08 Nov 2012 21:23:25 GMT Content-Length: 10003 Last-Modified: Fri, 11 May 2012 00:11:59 GMT Connection: keep-alive Accept-Ranges: bytes
GET /favicon.ico HTTP/1.1 Host: tyty.onfre.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx/0.8.53 Date: Thu, 08 Nov 2012 21:23:26 GMT Connection: keep-alive Content-Length: 288
GET /favicon.ico HTTP/1.1 Host: tyty.onfre.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Server: nginx/0.8.53 Date: Thu, 08 Nov 2012 21:23:29 GMT Connection: keep-alive Content-Length: 288

Request

Response

GET /js/tabs.js HTTP/1.1

Host: tyty.onfre.com


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Server: nginx/0.8.53
Date: Thu, 08 Nov 2012 21:23:25 GMT
Content-Length: 10003
Last-Modified: Fri, 11 May 2012 00:11:59 GMT
Connection: keep-alive
Accept-Ranges: bytes

GET /favicon.ico HTTP/1.1

Host: tyty.onfre.com


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Server: nginx/0.8.53
Date: Thu, 08 Nov 2012 21:23:26 GMT
Connection: keep-alive
Content-Length: 288

GET /favicon.ico HTTP/1.1

Host: tyty.onfre.com


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Server: nginx/0.8.53
Date: Thu, 08 Nov 2012 21:23:29 GMT
Connection: keep-alive
Content-Length: 288