Scanned pages/files
Request | Server response | Status |
http://esmokeliquid.org/ | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Connection: close Date: Sat, 19 Apr 2014 23:38:14 GMT Location: http://store.blucigs.com/ Server: nginx/1.0.15 Content-Type: text/html; charset=UTF-8 Expires: Thu, 01 Jan 1970 00:00:01 GMT BCWEB-Cluster: BLUWEB04 | clean |
http://store.blucigs.com/ | 200 OK Content-Length: 82180 Content-Type: text/html | clean |
http://store.blucigs.com//use.typekit.net/oiw8hon.js/ | 404 Not Found Content-Length: 22951 Content-Type: text/html | clean |
http://static.blucigs.com/skin/frontend/blucigs/default/js/blucigs-min-1-9.js | 200 OK Content-Length: 257882 Content-Type: application/x-javascript | clean |
http://static.blucigs.com/skin/frontend/blucigs/default/js/jqzoom/jquery-1.3.1.min.js | 200 OK Content-Length: 55314 Content-Type: application/x-javascript | clean |
http://static.blucigs.com/skin/frontend/blucigs/default/js/mtagconfig.js | 200 OK Content-Length: 6120 Content-Type: application/x-javascript | clean |
http://d1l554c703zm4j.cloudfront.net/blu-age-gate/script.js | 200 OK Content-Length: 17359 Content-Type: application/x-javascript | clean |
https://store.blucigs.com/customer/account/ | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Connection: close Date: Sat, 19 Apr 2014 23:38:29 GMT Pragma: no-cache Location: https://store.blucigs.com/customer/account/login/ Server: nginx/1.0.15 Content-Type: text/html; charset=UTF-8 Expires: Thu, 01 Jan 1970 00:00:01 GMT P3p: CP="CAO PSA OUR" Set-Cookie: frontend=3r4bpqukmrl4qkvej7j484j1k1; expires=Sun, 20-Apr-2014 02:38:29 GMT; path=/; domain=store.blucigs.com; HttpOnly Set-Cookie: CUSTOMER=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=store.blucigs.com; httponly Set-Cookie: CUSTOMER_INFO=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=store.blucigs.com; httponly Set-Cookie: CUSTOMER_AUTH=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=store.blucigs.com; httponly | clean |
https://store.blucigs.com/customer/account/login/ | 200 OK Content-Length: 32027 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://4368465.fls.doubleclick.net/activityi;src=4368465;type=homep276;cat=homep492;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
https://store.blucigs.com//use.typekit.net/oiw8hon.js/ | 404 Not Found Content-Length: 22951 Content-Type: text/html | clean |
https://store.blucigs.com/skin/frontend/blucigs/default/js/blucigs-min-1-9.js | 200 OK Content-Length: 257882 Content-Type: application/x-javascript | clean |
https://store.blucigs.com/skin/frontend/blucigs/default/js/jqzoom/jquery-1.3.1.min.js | 200 OK Content-Length: 55314 Content-Type: application/x-javascript | clean |
https://store.blucigs.com/skin/frontend/blucigs/default/js/mtagconfig.js | 200 OK Content-Length: 6120 Content-Type: application/x-javascript | clean |
https://d1l554c703zm4j.cloudfront.net/blu-age-gate/script.js | 200 OK Content-Length: 17359 Content-Type: application/x-javascript | clean |
https://store.blucigs.com/onestepcheckout/ | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Connection: close Date: Sat, 19 Apr 2014 23:38:38 GMT Pragma: no-cache Location: http://store.blucigs.com/checkout/cart/ Server: nginx/1.0.15 Content-Type: text/html; charset=UTF-8 Expires: Thu, 01 Jan 1970 00:00:01 GMT P3p: CP="CAO PSA OUR" Set-Cookie: frontend=0tlr2aenkpcojnetrpr683l4d1; expires=Sun, 20-Apr-2014 02:38:38 GMT; path=/; domain=store.blucigs.com; HttpOnly Set-Cookie: CUSTOMER=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=store.blucigs.com; httponly Set-Cookie: CUSTOMER_INFO=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=store.blucigs.com; httponly Set-Cookie: CUSTOMER_AUTH=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=store.blucigs.com; httponly | clean |
http://store.blucigs.com/checkout/cart/ | 200 OK Content-Length: 27615 Content-Type: text/html | clean |
http://static.blucigs.com/js/lib/ccard.js | 200 OK Content-Length: 747 Content-Type: application/x-javascript | clean |
http://static.blucigs.com/js/mage/translate.js | 200 OK Content-Length: 1615 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: esmokeliquid.org
Result:
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Connection: close
Date: Sat, 19 Apr 2014 23:38:14 GMT
Location: http://store.blucigs.com/
Server: nginx/1.0.15
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
BCWEB-Cluster: BLUWEB04
GET / HTTP/1.1
Host: esmokeliquid.org
Result:
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Connection: close
Date: Sat, 19 Apr 2014 23:38:14 GMT
Location: http://store.blucigs.com/
Server: nginx/1.0.15
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:01 GMT
BCWEB-Cluster: BLUWEB04
Second query (visit from search engine):
GET / HTTP/1.1
Host: esmokeliquid.org
Referer: http://www.google.com/search?q=esmokeliquid.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: esmokeliquid.org
Referer: http://www.google.com/search?q=esmokeliquid.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=esmokeliquid.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://esmokeliquid.org/
Result: esmokeliquid.org is not infected or malware details are not published yet.
Result: esmokeliquid.org is not infected or malware details are not published yet.