urlquery.net - Free url scanner

Overview

URL	http://whatsgoingon.pl/img/logo.gif?1945e=724626
IP	79.96.20.210
ASN	AS12824 home.pl sp. z o.o.
Location	Poland
Report completed	2012-10-30 16:13:26 CET
Status	Loading report..
urlQuery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Source IP	Destination IP	Severity	Alert
2012-10-30 16:12:53	79.96.20.210	urlQuery Client	1	ET TROJAN W32/Sality Executable Pack Digital Signature ASCII Marker

Snort /w Sourcefire VRT

Timestamp	Source IP	Destination IP	Severity	Alert
2012-10-30 16:12:53	urlQuery Client	79.96.20.210	1	MALWARE-CNC Sality logo.gif URLs
2012-10-30 16:12:53	urlQuery Client	79.96.20.210	1	MALWARE-CNC Sality logo.gif URLs

Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 79.96.20.210

Date	Alerts / IDS	URL	IP
2013-02-13 19:28:19	0 / 1	http://whatsgoingon.pl/img/logo.gif?201f1=920983	79.96.20.210
2013-02-07 01:06:14	0 / 1	http://whatsgoingon.pl/img/logo.gif?16f5d=846405	79.96.20.210
2013-02-07 00:56:57	0 / 1	http://whatsgoingon.pl/img/logo.gif?1f241=765318	79.96.20.210
2013-02-07 00:43:44	0 / 1	http://whatsgoingon.pl/img/logo.gif?1bc77=455132	79.96.20.210
2013-02-07 00:34:54	0 / 1	http://whatsgoingon.pl/img/logo.gif?25bf4=1236896	79.96.20.210
2013-02-07 00:33:47	0 / 1	http://whatsgoingon.pl/img/logo.gif?13e9f=489402	79.96.20.210

Last 6 reports on ASN: AS12824 home.pl sp. z o.o.

Date	Alerts / IDS	URL	IP
2013-02-20 04:49:13	0 / 2	http://fundacja-ftc.home.pl/details/Payment.zip?FZLyB72...	89.161.232.11
2013-02-20 02:56:18	3 / 2	http://www.naszogrod.com/	79.96.71.244
2013-02-20 02:17:31	1 / 1	http://dowcipy.smiletube.pl/1039/buciki	89.161.232.42
2013-02-20 02:07:28	0 / 4	http://ekoharpoon-systemy.pl/gap.php?q=actress-sukanya	62.129.237.110
2013-02-20 01:05:07	1 / 2	http://www.kedziora.pl/	79.96.120.218
2013-02-20 01:03:44	1 / 2	http://vipcar.org.pl/	79.96.120.218

Last 6 reports on domain: whatsgoingon.pl

Date	Alerts / IDS	URL	IP
2013-02-13 19:28:19	0 / 1	http://whatsgoingon.pl/img/logo.gif?201f1=920983	79.96.20.210
2013-02-07 01:06:14	0 / 1	http://whatsgoingon.pl/img/logo.gif?16f5d=846405	79.96.20.210
2013-02-07 00:56:57	0 / 1	http://whatsgoingon.pl/img/logo.gif?1f241=765318	79.96.20.210
2013-02-07 00:43:44	0 / 1	http://whatsgoingon.pl/img/logo.gif?1bc77=455132	79.96.20.210
2013-02-07 00:34:54	0 / 1	http://whatsgoingon.pl/img/logo.gif?25bf4=1236896	79.96.20.210
2013-02-07 00:33:47	0 / 1	http://whatsgoingon.pl/img/logo.gif?13e9f=489402	79.96.20.210

JavaScript

Executed Scripts (0)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Request	Response
GET /img/logo.gif?1945e=724626 HTTP/1.1 Host: whatsgoingon.pl User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: image/gif Connection: Keep-Alive Content-Length: 12970 Date: Tue, 30 Oct 2012 15:12:53 GMT Last-Modified: Fri, 07 Sep 2012 10:30:56 GMT Server: IdeaWebServer/v0.80

Request

Response

GET /img/logo.gif?1945e=724626 HTTP/1.1

Host: whatsgoingon.pl


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 200 OK

Content-Type: image/gif

Connection: Keep-Alive
Content-Length: 12970
Date: Tue, 30 Oct 2012 15:12:53 GMT
Last-Modified: Fri, 07 Sep 2012 10:30:56 GMT
Server: IdeaWebServer/v0.80