NA RIPE NO abuse at underworld.no 91.213.203.142 to 91.213.203.142 urlquery.net http://www.urlquery.net/report.php?id=1409801870784
Down now, what was there?
See: http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http%3A%2F%2Fwww.urlquery.net%2Freport.php%3Fid%3D1409801870784&useragentheader=&acceptheader=
script) www.urlquery.net/./javascript/jquery-1.8.3.js
status: (referer=www.urlquery.net/report.php?id=1409801870784)saved 267739 bytes 49a6d1346f3d5a167331a8a5de4f34b5fcc1f6d0
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: undefined function div.getElementsByTagName
error: undefined variable div
suspicious:
Vulnerable is wXw.urlquery.net/./javascript/highlight.pack.js exploiting a vulnerability in processPasteDelete(),
via a XSS exploit code (+ zero.bin exploit), occurs when user input is not filtered for escape characters.
See:
http://fetch.scritch.org/%2Bfetch/?url=+www.urlquery.net%2F.%2Fjavascript%2Fhighlight.pack.js&useragent=Fetch+useragent&accept_encoding=
",k:{title:{script:1}},c:[a],starts:{cN:"javascript",e:"<\/script>",rE:true,sL:"javascript"}},{cN:"vbscript",b:"<%",e:"%>",sL:"vbscript"},{cN:"tag",b:"</?",e:"/?>",c:[{cN:"title",b:"[^ />]+"},a]}]}}}();
Probably benign: http://jsunpack.jeek.org/?report=106145cf0dacacddcf311d3fa8c1a750e7963d62
pol