Overview

URLhttp://www.10130138.wavelearn.de/D3Qdon/index.html
IP213.157.16.3
ASNAS12897 HSE Medianet GmbH
Location Germany
Report completed2012-11-05 18:21:11 CET
StatusLoading report..
urlQuery Alerts Detected BlackHole v2.0 exploit kit URL pattern


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-05 18:20:38 urlQuery Client 69.195.209.1742ET CURRENT_EVENTS Possible Blackhole Landing to 8 chr folder plus js.js
2012-11-05 18:20:38 urlQuery Client 80.237.133.422ET CURRENT_EVENTS Possible Blackhole Landing to 8 chr folder plus js.js
2012-11-05 18:20:39 urlQuery Client 116.0.23.2222ET CURRENT_EVENTS Possible Blackhole Landing to 8 chr folder plus js.js
2012-11-05 18:20:39 urlQuery Client 69.194.194.901ET CURRENT_EVENTS Blackhole 2 Landing Page
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-05 18:20:38 urlQuery Client 69.195.209.1741EXPLOIT-KIT Blackhole Exploit Kit javascript service method
2012-11-05 18:20:38 urlQuery Client 116.0.23.2221EXPLOIT-KIT Blackhole Exploit Kit javascript service method
2012-11-05 18:20:38 urlQuery Client 80.237.133.421EXPLOIT-KIT Blackhole Exploit Kit javascript service method


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 213.157.16.3

Date Alerts / IDS URL IP
2012-11-06 17:30:471 / 5http://www.10130138.wavelearn.de/2jh55r/index.html213.157.16.3
2012-11-05 20:21:461 / 8http://www.10130138.wavelearn.de/bCARxy8/index.html213.157.16.3
2012-11-05 19:24:091 / 8http://www.10130138.wavelearn.de/utkneKqE/index.html213.157.16.3
2012-11-05 17:09:490 / 2http://www.10130138.wavelearn.de/xXExNC/index.html213.157.16.3
2012-11-05 14:46:191 / 3http://www.10130138.wavelearn.de/2jh55r/index.html213.157.16.3
2012-10-31 09:01:300 / 2http://www.10130138.wavelearn.de/4pxp.exe213.157.16.3

Last 6 reports on ASN: AS12897 HSE Medianet GmbH

Date Alerts / IDS URL IP
2012-11-24 06:08:180 / 1http://10147866.wavelearn.com/iKgk96Xh/js.js213.157.16.66
2012-11-13 20:30:400 / 1http://www.10147866.wavelearn.com/iKgk96Xh/js.js213.157.16.66
2012-11-13 18:11:270 / 1http://www.10147866.wavelearn.com/iKgk96Xh/js.js213.157.16.66
2012-11-06 17:30:471 / 5http://www.10130138.wavelearn.de/2jh55r/index.html213.157.16.3
2012-11-05 20:21:461 / 8http://www.10130138.wavelearn.de/bCARxy8/index.html213.157.16.3
2012-11-05 19:24:091 / 8http://www.10130138.wavelearn.de/utkneKqE/index.html213.157.16.3

Last 6 reports on domain: www.10130138.wavelearn.de

Date Alerts / IDS URL IP
2012-11-06 17:30:471 / 5http://www.10130138.wavelearn.de/2jh55r/index.html213.157.16.3
2012-11-05 20:21:461 / 8http://www.10130138.wavelearn.de/bCARxy8/index.html213.157.16.3
2012-11-05 19:24:091 / 8http://www.10130138.wavelearn.de/utkneKqE/index.html213.157.16.3
2012-11-05 17:09:490 / 2http://www.10130138.wavelearn.de/xXExNC/index.html213.157.16.3
2012-11-05 14:46:191 / 3http://www.10130138.wavelearn.de/2jh55r/index.html213.157.16.3
2012-10-31 09:01:300 / 2http://www.10130138.wavelearn.de/4pxp.exe213.157.16.3



JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (9)


Request Response 
GET /D3Qdon/index.html HTTP/1.1

Host: www.10130138.wavelearn.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Mon, 05 Nov 2012 17:20:34 GMT
Server: Microsoft-IIS/5.0
Last-Modified: Mon, 05 Nov 2012 17:11:41 GMT
Etag: "5442ac-1ab-5097f34d"
Accept-Ranges: bytes
Content-Length: 427
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /Ft2jZr96/js.js HTTP/1.1

Host: hotelkatz.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.10130138.wavelearn.de/D3Qdon/index.html
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Date: Mon, 05 Nov 2012 17:20:38 GMT
Server: Apache
Last-Modified: Mon, 05 Nov 2012 17:10:36 GMT
Etag: "818bbd29-53-4cdc2906773d5"
Accept-Ranges: bytes
Content-Length: 83
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /PKQ2jQJY/js.js HTTP/1.1

Host: pruebas.publicar.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.10130138.wavelearn.de/D3Qdon/index.html
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Last-Modified: Mon, 05 Nov 2012 17:13:43 GMT
Accept-Ranges: bytes
Etag: W/"8ce77ce878bbcd1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 05 Nov 2012 17:23:36 GMT
Content-Length: 83
GET /x5rkX6j2/js.js HTTP/1.1

Host: harvestlodge.com.au

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.10130138.wavelearn.de/D3Qdon/index.html
 
HTTP/1.1 200 OK

Content-Type: application/javascript

Date: Mon, 05 Nov 2012 17:20:38 GMT
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Mon, 05 Nov 2012 17:20:36 GMT
Etag: "408f80-53-4cdc2b41d2100"
Accept-Ranges: bytes
Content-Length: 83
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: www.10130138.wavelearn.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Mon, 05 Nov 2012 17:20:34 GMT
Server: Microsoft-IIS/5.0
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
GET /links/landing-philosophy_dry-suspende.php HTTP/1.1

Host: q.lamanita.us

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.10130138.wavelearn.de/D3Qdon/index.html
 
HTTP/1.1 502 Bad Gateway

Content-Type: text/html

Server: nginx/0.7.67
Date: Mon, 05 Nov 2012 17:20:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.14-1~dotdeb.0
GET /favicon.ico HTTP/1.1

Host: q.lamanita.us

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Server: nginx/0.7.67
Date: Mon, 05 Nov 2012 17:20:40 GMT
Connection: keep-alive
Content-Length: 162
GET /favicon.ico HTTP/1.1

Host: www.10130138.wavelearn.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Mon, 05 Nov 2012 17:20:37 GMT
Server: Microsoft-IIS/5.0
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
GET /favicon.ico HTTP/1.1

Host: q.lamanita.us

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Server: nginx/0.7.67
Date: Mon, 05 Nov 2012 17:20:42 GMT
Connection: keep-alive
Content-Length: 162