Overview

URLhttp://herds.cu.cc/main.php?page=343e5113e5518782
IP216.38.62.18
ASNAS25847 ServInt
Location United States
Report completed2012-11-09 20:08:22 CET
StatusLoading report..
urlQuery Alerts Detected BlackHole v1.x exploit kit URL pattern


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-09 20:07:58 urlQuery Client 216.38.62.181ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?page Download Secondary Request
2012-11-09 20:07:58 urlQuery Client 216.38.62.182ET CURRENT_EVENTS HTTP Request to a *.cu.cc domain
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-09 20:07:44 urlQuery Client 216.38.62.181EXPLOIT-KIT URI possible Blackhole URL - main.php?page=


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 216.38.62.18

Date Alerts / IDS URL IP
2013-03-30 00:20:040 / 7http://dommertos.cu.cc/cd3slpvd4cynrhhozxojtj77en8.zip216.38.62.18
2013-03-29 22:58:080 / 9http://hresots.cu.cc/cm1aluezpou4scxzvogtyv4cpg0fjy1nhopam2t1.zip216.38.62.18
2013-03-29 22:49:140 / 9http://perifags.cu.cc/cd3slpvd4cynrhhozxojtj77en8.zip216.38.62.18
2013-03-29 22:39:060 / 9http://dommertos.cu.cc/cd3slpvd4cynrhhozxojtj77en8.zip216.38.62.18
2013-03-29 19:16:190 / 7http://fogeros.cu.cc/cm1aluezpou4scxzvogtyv4cpg0fjy1nhopam2t1.zip216.38.62.18
2013-03-29 17:39:390 / 9http://kolemaxe.cu.cc/solutions/lad.php216.38.62.18

Last 6 reports on ASN: AS25847 ServInt

Date Alerts / IDS URL IP
2013-03-30 05:02:460 / 0http://eco-rentalsolutions.com207.58.137.12
2013-03-30 05:02:260 / 3http://3questionsgetthegirl.com/simple-trick-video/?afid=LinkTrust207.58.184.243
2013-03-30 04:46:090 / 3http://3questionsgetthegirl.com/simple-trick-video/?afid=LinkTrust207.58.184.243
2013-03-30 04:27:130 / 3http://3questionsgetthegirl.com/simple-trick-video/?afid=LinkTrust207.58.184.243
2013-03-30 02:19:050 / 1http://www.superdyke.com/207.58.155.240
2013-03-30 00:20:040 / 7http://dommertos.cu.cc/cd3slpvd4cynrhhozxojtj77en8.zip216.38.62.18



JavaScript

Executed Scripts (0)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (5)


Request Response 
GET /main.php?page=343e5113e5518782 HTTP/1.1

Host: herds.cu.cc

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 302 Found

Content-Type: text/html

Date: Fri, 09 Nov 2012 19:07:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Location: http://cu.cc/free.php?domain=herds.cu.cc
Content-Length: 0
Connection: close
GET /free.php?domain=herds.cu.cc HTTP/1.1

Host: cu.cc

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 301 Moved Permanently

Content-Type: text/html; charset=iso-8859-1

Date: Fri, 09 Nov 2012 19:07:59 GMT
Server: Apache
Location: http://www.registry.cu.cc/free.php?domain=herds.cu.cc
Content-Length: 261
Connection: close
GET /free.php?domain=herds.cu.cc HTTP/1.1

Host: www.registry.cu.cc

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 


 
 
GET /free.php?domain=herds.cu.cc HTTP/1.1

Host: www.registry.cu.cc

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 		 
HTTP/1.1 302 Found

Content-Type: text/html

Date: Fri, 09 Nov 2012 19:08:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=c8a668fd975f83c384d1786e48ae91b4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://15647.bodisparking.com/herds.cu.cc
Content-Length: 3
Connection: close
 
 
GET /herds.cu.cc HTTP/1.1

Host: 15647.bodisparking.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 		 
HTTP/1.1 200 OK

Content-Type: text/html

Last-Modified: Thu, 19 Apr 2012 04:23:41 GMT
Accept-Ranges: bytes
Etag: "8044f33e41dcd1:0"
Server: Microsoft-IIS/7.5
Date: Fri, 09 Nov 2012 19:08:04 GMT
Content-Length: 1233