Overview

URLhttp://lcs.ind.in/Ggqwe7/index.html
IP174.120.43.156
ASNAS21844 ThePlanet.com Internet Services, Inc.
Location United States
Report completed2012-11-06 04:08:45 CET
StatusLoading report..
urlQuery Alerts Detected BlackHole v2.0 exploit kit URL pattern


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-06 04:08:07 urlQuery Client 80.237.133.422ET CURRENT_EVENTS Possible Blackhole Landing to 8 chr folder plus js.js
2012-11-06 04:08:07 urlQuery Client 69.195.209.1742ET CURRENT_EVENTS Possible Blackhole Landing to 8 chr folder plus js.js
2012-11-06 04:08:08 urlQuery Client 116.0.23.2222ET CURRENT_EVENTS Possible Blackhole Landing to 8 chr folder plus js.js
2012-11-06 04:08:08 urlQuery Client 174.140.171.681ET CURRENT_EVENTS Blackhole 2 Landing Page
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-06 04:08:07 urlQuery Client 80.237.133.421EXPLOIT-KIT Blackhole Exploit Kit javascript service method
2012-11-06 04:08:07 urlQuery Client 69.195.209.1741EXPLOIT-KIT Blackhole Exploit Kit javascript service method
2012-11-06 04:08:07 urlQuery Client 116.0.23.2221EXPLOIT-KIT Blackhole Exploit Kit javascript service method


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 174.120.43.156

Date Alerts / IDS URL IP
2012-11-09 21:57:400 / 1http://lcs.ind.in/LXFGMZ0/index.html174.120.43.156
2012-11-07 10:04:290 / 1http://lcs.ind.in/LXFGMZ0/index.html174.120.43.156
2012-11-06 17:23:331 / 6http://lcs.ind.in/sLncetr9/index.html174.120.43.156
2012-11-06 14:19:021 / 7http://lcs.ind.in/2AEpVP5f/index.html174.120.43.156
2012-11-05 22:14:450 / 7http://lcs.ind.in/X7Mf0Zxm/index.html174.120.43.156
2012-11-05 19:09:161 / 3http://lcs.ind.in/LXFGMZ0/index.html174.120.43.156

Last 6 reports on ASN: AS21844 ThePlanet.com Internet Services, Inc.

Date Alerts / IDS URL IP
2013-02-16 09:56:550 / 2http://crescenthorizons.com/.sys/?getexe=go.exe174.120.171.250
2013-02-16 09:09:211 / 4http://www.medidordeumidadegraosmtpro.com.br/74.52.234.154
2013-02-16 08:42:261 / 2http://stoneridgeva.com/news.html74.54.55.226
2013-02-16 08:07:320 / 0http://cdn02.hiphopworkoutvideos.com/k174.122.149.143
2013-02-16 07:43:260 / 11http://mojolingerie.com/?page_id=1974.52.92.242
2013-02-16 07:41:420 / 0http://ultimategarcinia.net174.122.106.155

Last 6 reports on domain: lcs.ind.in

Date Alerts / IDS URL IP
2012-11-09 21:57:400 / 1http://lcs.ind.in/LXFGMZ0/index.html174.120.43.156
2012-11-07 10:04:290 / 1http://lcs.ind.in/LXFGMZ0/index.html174.120.43.156
2012-11-06 17:23:331 / 6http://lcs.ind.in/sLncetr9/index.html174.120.43.156
2012-11-06 14:19:021 / 7http://lcs.ind.in/2AEpVP5f/index.html174.120.43.156
2012-11-05 22:14:450 / 7http://lcs.ind.in/X7Mf0Zxm/index.html174.120.43.156
2012-11-05 19:09:161 / 3http://lcs.ind.in/LXFGMZ0/index.html174.120.43.156



JavaScript

Executed Scripts (1)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (8)


Request Response 
GET /Ggqwe7/index.html HTTP/1.1

Host: lcs.ind.in

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 03:08:07 GMT
Server: Apache
Last-Modified: Tue, 06 Nov 2012 03:01:28 GMT
Accept-Ranges: bytes
Content-Length: 427
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
GET /Ft2jZr96/js.js HTTP/1.1

Host: hotelkatz.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lcs.ind.in/Ggqwe7/index.html
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Date: Tue, 06 Nov 2012 03:08:07 GMT
Server: Apache
Last-Modified: Tue, 06 Nov 2012 03:00:32 GMT
Etag: "818bbd29-59-4cdcace29e206"
Accept-Ranges: bytes
Content-Length: 89
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /PKQ2jQJY/js.js HTTP/1.1

Host: pruebas.publicar.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lcs.ind.in/Ggqwe7/index.html
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Last-Modified: Tue, 06 Nov 2012 03:03:36 GMT
Accept-Ranges: bytes
Etag: "4e977a50cbbbcd1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 06 Nov 2012 03:11:06 GMT
Content-Length: 89
GET /x5rkX6j2/js.js HTTP/1.1

Host: harvestlodge.com.au

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lcs.ind.in/Ggqwe7/index.html
 
HTTP/1.1 200 OK

Content-Type: application/javascript

Date: Tue, 06 Nov 2012 03:08:07 GMT
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Tue, 06 Nov 2012 03:00:26 GMT
Etag: "408f80-59-4cdcacdc26680"
Accept-Ranges: bytes
Content-Length: 89
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: lcs.ind.in

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: image/x-icon

Date: Tue, 06 Nov 2012 03:08:08 GMT
Server: Apache
Last-Modified: Tue, 10 Apr 2012 07:20:51 GMT
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
GET /links/landing-philosophy_dry-suspende.php HTTP/1.1

Host: w.musicaldreams.net

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lcs.ind.in/Ggqwe7/index.html
 
HTTP/1.1 502 Bad Gateway

Content-Type: text/html

Server: nginx/0.7.67
Date: Tue, 06 Nov 2012 03:08:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.14-1~dotdeb.0
GET /favicon.ico HTTP/1.1

Host: w.musicaldreams.net

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Server: nginx/0.7.67
Date: Tue, 06 Nov 2012 03:08:09 GMT
Connection: keep-alive
Content-Length: 162
GET /favicon.ico HTTP/1.1

Host: w.musicaldreams.net

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Server: nginx/0.7.67
Date: Tue, 06 Nov 2012 03:08:11 GMT
Connection: keep-alive
Content-Length: 162