Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://blu-ecigs.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: blu-ecigs.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Connection: close Date: Mon, 05 May 2014 11:47:10 GMT Location: http://store.blucigs.com/ Server: nginx/1.0.15 Content-Type: text/html; charset=UTF-8 Expires: Thu, 01 Jan 1970 00:00:01 GMT BCWEB-Cluster: BLUWEB03 | malicious |
Scanned pages/files
Request | Server response | Status |
http://blu-ecigs.com/ | 200 OK Content-Length: 29986 Content-Type: text/html | clean |
http://static.blucigs.com/skin/frontend/enterprise/blucigs_en/js/blucigs-min-1-9.js | 404 Not Found Content-Length: 571 Content-Type: text/html | clean |
http://static.blucigs.com/test404page.js | 404 Not Found Content-Length: 571 Content-Type: text/html | clean |
http://static.blucigs.com/skin/frontend/enterprise/blucigs_en/js/enterprise/catalogevent.js | 500 Internal Server Error Content-Length: 595 Content-Type: text/html | clean |
http://static.blucigs.com/skin/frontend/enterprise/blucigs_en/js/banner-rotator-min-1-9.js | 500 Internal Server Error Content-Length: 595 Content-Type: text/html | clean |
http://www.myroitracking.com/newServing/roitrack.php?script=1&type=Other&value=-1&seo=0&adsid=120&nid=1065¶=roi_opt | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://affiliate.blucigs.com/scripts/trackjs.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 05 May 2014 11:47:14 GMT Location: http://www.blucigs.com Server: Apache/2.2.3 (Red Hat) Content-Length: 317 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.blucigs.com/ | 200 OK Content-Length: 48720 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4368465.fls.doubleclick.net/activityi;src=4368465;type=homep276;cat=homep492;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://4368465.fls.doubleclick.net/activityi;src=4368465;type=homep276;cat=homep492;ord= <iframe src="http://4368465.fls.doubleclick.net/activityi;src=4368465;type=homep276;cat=homep492;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4368465.fls.doubleclick.net/activityi;src=4368465;type=homep276;cat=homep492;ord=1? <iframe src="http://4368465.fls.doubleclick.net/activityi;src=4368465;type=homep276;cat=homep492;ord=1?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://www.blucigs.com//use.typekit.net/oiw8hon.js/ | 404 Not Found Content-Length: 24345 Content-Type: text/html | clean |
http://www.blucigs.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/x-javascript | clean |
http://www.blucigs.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://www.blucigs.com/wp-content/themes/blu/lib/js/src/imagesloaded.pkgd.min.js?ver=3.8.2 | 200 OK Content-Length: 6893 Content-Type: application/x-javascript | clean |
http://www.blucigs.com/wp-content/themes/blu/lib/js/src/packery.pkgd.min.js?ver=3.8.2 | 200 OK Content-Length: 32617 Content-Type: application/x-javascript | clean |
http://www.blucigs.com/wp-content/themes/blu/lib/js/src/mtagconfig.js?ver=3.8.2 | 200 OK Content-Length: 6120 Content-Type: application/x-javascript | clean |
https://cdn.crowdtwist.com/trck/prod/2/41/v2/20140505110/actions?ver=20140505110 | 200 OK Content-Length: 10198 Content-Type: text/javascript | clean |
http://www.blucigs.com/wp-content/themes/pi-bootstrap/js/modernizr-2.7.0.min.js?ver=2.7.0 | 200 OK Content-Length: 14851 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=blu-ecigs.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://blu-ecigs.com/
Result: blu-ecigs.com is not infected or malware details are not published yet.
Result: blu-ecigs.com is not infected or malware details are not published yet.