urlquery.net - Free url scanner

Overview

URL	http://cx.beatnhac.net/data/ap1.php
IP	141.8.225.13
ASN	AS40034 Confluence Networks Inc
Location	Switzerland
Report completed	2012-10-25 17:30:35 CET
Status	Loading report..
urlQuery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Source IP	Destination IP	Severity	Alert
2012-10-25 17:30:00	urlQuery Client	141.8.225.13	1	ET CNC Zeus/Spyeye/Palevo Tracker Reported CnC Server (group 3)

Snort /w Sourcefire VRT

No alerts detected

Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 141.8.225.13

Date	Alerts / IDS	URL	IP
2013-02-21 21:44:34	0 / 0	http://ww35.co688.com	141.8.225.13
2013-02-15 13:35:07	0 / 0	http://141.8.225.13	141.8.225.13
2013-02-07 15:25:01	1 / 2	http://ww35.goodgirlsbadguys.com/zan/load.php?spl=mdac	141.8.225.13
2013-02-06 12:58:07	1 / 2	http://ww35.goodgirlsbadguys.com/zan/load.php?spl=mdac	141.8.225.13
2013-02-05 00:26:32	0 / 0	http://ww35.caojiasu.com	141.8.225.13
2013-02-02 16:53:53	0 / 1	http://ww35.stevesfreshmeats.com/wp-content/plugins/mm-forms-community/upload/temp/or (...)	141.8.225.13

Last 6 reports on ASN: AS40034 Confluence Networks Inc

Date	Alerts / IDS	URL	IP
2013-02-25 23:28:32	0 / 1	http://e17981.bins.lop.com/bins/int/9kgen_up.int	208.91.197.160
2013-02-25 22:59:49	0 / 0	http://hess275299.myorderbox.com/servlet/RenewDomainServlet?validatenow=false&orderid=3 (...)	209.99.17.12
2013-02-25 22:55:21	1 / 1	http://edureel.com/wp-content/plugins/empty-plugin-template/	199.79.62.21
2013-02-25 22:47:17	0 / 1	http://j2153.bins.lop.com/bins/int/9kgen_up.int	208.91.197.160
2013-02-25 22:38:59	0 / 1	http://h16032.bins.lop.com/bins/int/9kgen_up.int	208.91.197.160
2013-02-25 22:22:08	0 / 1	http://r11461.bins.lop.com/bins/int/9kgen_up.int	208.91.197.160

Last 4 reports on domain: cx.beatnhac.net

Date	Alerts / IDS	URL	IP
2012-10-31 09:38:32	0 / 1	http://cx.beatnhac.net/dop.jar	141.8.225.13
2012-10-30 22:04:10	0 / 1	http://cx.beatnhac.net/j.php?f=d4fc7	141.8.225.13
2012-10-30 11:43:24	0 / 1	http://cx.beatnhac.net/j.php?f=b6863	141.8.225.13
2012-10-29 21:29:42	0 / 1	http://cx.beatnhac.net/j.php?f=182b5	141.8.225.13

JavaScript

Executed Scripts (2)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Request	Response
GET /data/ap1.php HTTP/1.1 Host: cx.beatnhac.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive

Request

Response

GET /data/ap1.php HTTP/1.1

Host: cx.beatnhac.net


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive