urlquery.net - Free url scanner

Overview

URL	http://www.bulutgrup.com/
IP	79.171.16.48
ASN	AS44565 VITAL VITAL TEKNOLOJI
Location	Turkey
Report completed	2012-11-06 07:03:00 CET
Status	Loading report..
urlQuery Alerts	No alerts detected

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-06 07:02:26	79.171.16.48	urlQuery Client	2	ET WEB_CLIENT eval String.fromCharCode String Which May Be Malicious
2012-11-06 07:02:26	79.171.16.48	urlQuery Client	1	ET CURRENT_EVENTS Runforestrun Malware Campaign Infected Website Landing Page Obfuscated String JavaScript DGA
2012-11-06 07:02:26	79.171.16.48	urlQuery Client	1	ET CURRENT_EVENTS Hacked Website Response Jun 25 2012
2012-11-06 07:02:26	79.171.16.48	urlQuery Client	1	ET CURRENT_EVENTS Hacked Website Response Jun 25 2012

Snort /w Sourcefire VRT

No alerts detected

Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 79.171.16.48

Date	Alerts / IDS	URL	IP
2013-01-21 18:29:50	4 / 7	http://www.sahsuvar.com/silindirli_daire_kilidi_3_milli.html	79.171.16.48
2013-01-20 00:08:12	4 / 9	http://www.nizipsaglikgb.gov.tr/kategoridetay.asp?altkateidd=126	79.171.16.48
2013-01-13 15:43:00	3 / 10	http://www.dtmmakina.com/index.asp?lng=it	79.171.16.48
2013-01-09 00:18:38	3 / 8	http://www.dtmmakina.com/index.asp?lng=it	79.171.16.48
2013-01-05 14:15:50	0 / 1	http://tesankara3.org/forum/forum_topics.asp?fid=40	79.171.16.48
2012-12-27 02:33:34	3 / 7	http://nizipsaglikgb.gov.tr/kategoridetay.asp?altkateidd=97	79.171.16.48

Last 6 reports on ASN: AS44565 VITAL VITAL TEKNOLOJI

Date	Alerts / IDS	URL	IP
2013-03-07 22:38:08	0 / 2	http://yenicizgimobilya.com/images/logos.gif?189b0=705488	93.186.113.2
2013-03-07 12:00:01	4 / 44	http://orcemguvenlik.com/Default.asp?Islem=UrunDetay	188.124.15.34
2013-03-07 01:33:26	2 / 10	http://adanussanat.com/urunler.asp	188.124.1.60
2013-03-06 18:29:31	4 / 43	http://orcemguvenlik.com/Default.asp?Islem=UrunDetay	188.124.15.34
2013-03-06 16:23:11	0 / 0	http://tribunvideo.net	93.186.115.188
2013-03-06 14:20:58	2 / 13	http://adanussanat.com/	188.124.1.60

JavaScript

Executed Scripts (4)

Executed Evals (0)

Executed Writes (1)

#1 JavaScript::Write (size: 443, repeated: 1)

<object codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0" width="790" height="120" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" ><param name="movie" value="anamenu.swf" /> <param name="quality" value="high" /> <embed width="790" height="120" src="anamenu.swf" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash"  ></embed></object>

HTTP Transactions (15)

Request	Response
GET /ust.asp HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/ Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: text/html Date: Tue, 06 Nov 2012 06:02:24 GMT Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Content-Length: 1756 Cache-Control: private
GET /main.asp HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/ Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 500 Internal Server Error Content-Type: text/html Date: Tue, 06 Nov 2012 06:02:24 GMT Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Content-Length: 2367 Cache-Control: private
GET / HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/html Date: Tue, 06 Nov 2012 06:02:24 GMT Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Content-Length: 24896 Set-Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA; path=/ Cache-Control: private
GET /favicon.ico HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: image/x-icon Content-Length: 5430 Last-Modified: Thu, 09 Sep 2010 21:24:49 GMT Accept-Ranges: bytes Etag: "d6a1316f6550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:24 GMT
GET /images/sayfa_arka.jpg HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/ust.asp Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 827 Last-Modified: Thu, 09 Sep 2010 21:26:21 GMT Accept-Ranges: bytes Etag: "b4f121a66550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:24 GMT
GET /Scripts/AC_RunActiveContent.js HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/main.asp Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: application/x-javascript Content-Length: 3359 Last-Modified: Thu, 09 Sep 2010 21:27:20 GMT Accept-Ranges: bytes Etag: "d058c2c86550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:24 GMT
GET /images/kampanya.jpg HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/main.asp Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 33963 Last-Modified: Thu, 09 Sep 2010 21:26:21 GMT Accept-Ranges: bytes Etag: "3e4111a66550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:24 GMT
GET /index.css HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/main.asp Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 3975 Last-Modified: Thu, 09 Sep 2010 21:24:50 GMT Accept-Ranges: bytes Etag: "4299eb6f6550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:24 GMT
GET /AC_RunActiveContent.js HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/ust.asp Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: application/x-javascript Content-Length: 3359 Last-Modified: Thu, 09 Sep 2010 21:24:47 GMT Accept-Ranges: bytes Etag: "882ad6d6550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:24 GMT
GET /images/altj.jpg HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/main.asp Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 17916 Last-Modified: Thu, 09 Sep 2010 21:26:18 GMT Accept-Ranges: bytes Etag: "a0f8e0a36550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:24 GMT
GET /images/hb.jpg HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/main.asp Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 627 Last-Modified: Thu, 09 Sep 2010 21:26:19 GMT Accept-Ranges: bytes Etag: "b28d98a46550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:24 GMT
GET /images/bg.jpg HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/main.asp Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 443 Last-Modified: Thu, 09 Sep 2010 21:26:18 GMT Accept-Ranges: bytes Etag: "806953a46550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:24 GMT
GET /images/hbrzmn.jpg HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/main.asp Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 9189 Last-Modified: Thu, 09 Sep 2010 21:26:20 GMT Accept-Ranges: bytes Etag: "428290a56550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:24 GMT
GET /anamenu.swf HTTP/1.1 Host: www.bulutgrup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.bulutgrup.com/ust.asp Cookie: ASPSESSIONIDCSDTARRS=JMCJPDFABODLOBCHGMHLDKIA	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Content-Length: 18994 Last-Modified: Thu, 09 Sep 2010 21:24:49 GMT Accept-Ranges: bytes Etag: "7490ff6e6550cb1:1eacf2" Server: Microsoft-IIS/6.0 X-Powered-By: PleskWin, ASP.NET X-Powered-By-Plesk: PleskWin Date: Tue, 06 Nov 2012 06:02:26 GMT
GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1 Host: fpdownload2.macromedia.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/xml Server: Apache Last-Modified: Wed, 03 Oct 2012 19:48:11 GMT Etag: "289dff-26c-4cb2ceb2654c0" Accept-Ranges: bytes Content-Length: 620 Date: Tue, 06 Nov 2012 06:02:27 GMT Connection: keep-alive