urlquery.net - Free url scanner

Overview

URL	http://fgoer.uhbnww.tk/update.exe?ts=1dc6f96e
IP	5.104.106.56
ASN	AS24961 myLoc managed IT AG
Location	Germany
Report completed	2012-11-02 05:36:56 CET
Status	Loading report..
urlQuery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-02 05:36:16	urlQuery Client	Internal IP	2	ET CURRENT_EVENTS DNS Query to a .tk domain - Likely Hostile
2012-11-02 05:36:16	urlQuery Client	5.104.106.56	2	ET CURRENT_EVENTS HTTP Request to a *.tk domain

Snort /w Sourcefire VRT

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-02 05:36:16	5.104.106.56	urlQuery Client	3	FILE-IDENTIFY Portable Executable binary file magic detected

Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 5.104.106.56

Date	Alerts / IDS	URL	IP
2013-02-21 23:47:39	1 / 0	http://cqjtr.mtabs.mooo.com/get_soft_demo.php?ts=1fb21773b278c629893582f8a0aae32b1b57 (...)	5.104.106.56
2013-02-21 06:27:01	1 / 0	http://mfhtc.gnuter.mooo.com/get_soft_demo.php?ts=151896545e9baa1dcd41a614d1c456c5a19 (...)	5.104.106.56
2013-02-18 07:52:43	0 / 1	http://cciqc.dsrbf34.ignorelist.com/get_soft_demo.php	5.104.106.56
2013-02-18 00:34:32	1 / 0	http://wsnql.greeny.mooo.com/get_soft_demo.php?ts=2cd1e241832e2c2e68a0acc2ff54939cea2 (...)	5.104.106.56
2013-02-18 00:27:37	1 / 0	http://htkub.greeny.mooo.com/get_soft_demo.php?ts=d90f8b5c0d1b5e353682270b1be1eef8b22 (...)	5.104.106.56
2013-02-18 00:00:39	1 / 0	http://ibldm.greeny.mooo.com/get_soft_demo.php?ts=309c8eff76ef5326dfbc96c9b9bb0d54595 (...)	5.104.106.56

Last 6 reports on ASN: AS24961 myLoc managed IT AG

Date	Alerts / IDS	URL	IP
2013-02-23 00:03:23	1 / 1	http://www.hannover-news24.de/index.php?site=gewerbe	93.186.201.162
2013-02-22 21:44:56	0 / 0	http://brank.info	62.141.42.235
2013-02-22 11:22:43	0 / 0	http://oppspeedy.co.ua	80.82.222.106
2013-02-22 07:21:02	0 / 0	http://www.1kampus.com/tmp/.ljm9ka.php?receipt%3D825_1701435666	185.15.245.99
2013-02-21 23:47:39	1 / 0	http://cqjtr.mtabs.mooo.com/get_soft_demo.php?ts=1fb21773b278c629893582f8a0aae32b1b57aefd	5.104.106.56
2013-02-21 17:25:53	0 / 0	http://www.adventgemeinde-markdorf.de/vf/hsx42c3j46pokil9wcpxsmz5ewux6&91qbz23w=ydabsmb2kg2 (...)	81.30.150.82

JavaScript

Executed Scripts (1)

Executed Evals (0)

Executed Writes (0)

HTTP Transactions (1)

Request	Response
GET /update.exe?ts=1dc6f96e HTTP/1.1 Host: fgoer.uhbnww.tk User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: nginx/1.0.15 Date: Fri, 02 Nov 2012 06:36:55 GMT Content-Length: 205824 Last-Modified: Thu, 01 Nov 2012 13:37:34 GMT Connection: keep-alive Accept-Ranges: bytes

Request

Response

GET /update.exe?ts=1dc6f96e HTTP/1.1

Host: fgoer.uhbnww.tk


User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Server: nginx/1.0.15
Date: Fri, 02 Nov 2012 06:36:55 GMT
Content-Length: 205824
Last-Modified: Thu, 01 Nov 2012 13:37:34 GMT
Connection: keep-alive
Accept-Ranges: bytes