Scanned pages/files
Request | Server response | Status |
http://oriflame-blog.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 27 Jan 2015 10:02:26 GMT Location: http://biz-21.info/ Server: nginx/1.6.1 Vary: Accept-Encoding Content-Length: 294 Content-Type: text/html; charset=iso-8859-1 | clean |
http://biz-21.info/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 27 Jan 2015 10:02:27 GMT Pragma: no-cache Location: http://www.biz-21.info/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=1ffac5f9bc61640f6f9a640f6fe15efc; path=/ X-Pingback: http://www.biz-21.info/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://www.biz-21.info/ | 200 OK Content-Length: 302158 Content-Type: text/html | suspicious |
Suspicious code found <div style='clear:both;'><ul class='nostyle' style='float:left'>
<li> <div style='width:130px'> <a rel='nofollow' target='_blank' class='mrc__plugin_uber_like_button' href='http%3A%2F%2Fwww.biz-21.info%2Funcategorized%2Fhello-world%2F' data-mrc-config="{'nt' : 1, 'cm' : 1, 'ck' : 1, 'sz' : 2 data-text='Hello world!' data-lang='ru' data-via='Sevruk' data-dnt='true' data-count='none'> Tweet </a> </div> </li></ul></div><br style="clear:both;"> | ||
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js?ver=4.0.1 | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://maps.google.com/maps/api/js?sensor=false&ver=3 | 200 OK Content-Length: 4353 Content-Type: text/javascript | clean |
http://www.biz-21.info/wp-content/plugins/vkontakte-api/js/callback.js?ver=4.0.1 | 200 OK Content-Length: 5165 Content-Type: application/javascript | clean |
http://www.biz-21.info/wp-content/plugins/fancybox-for-wordpress/fancybox/jquery.fancybox.js?ver=1.3.4 | 200 OK Content-Length: 15667 Content-Type: application/javascript | clean |
http://www.biz-21.info/wp-content/themes/travelblog/js/hashchange.js | 200 OK Content-Length: 4831 Content-Type: application/javascript | clean |
http://www.biz-21.info/wp-content/themes/travelblog/js/dpagination.js | 200 OK Content-Length: 1326 Content-Type: application/javascript | clean |
http://www.biz-21.info/wp-content/themes/travelblog/js/superfish.js?ver=3.3.1 | 200 OK Content-Length: 3714 Content-Type: application/javascript | clean |
http://www.biz-21.info/wp-content/themes/travelblog/js/smthemes.js?ver=440 | 200 OK Content-Length: 8980 Content-Type: application/javascript | clean |
http://www.biz-21.info/wp-content/themes/travelblog/js/jquery.cycle.all.js | 200 OK Content-Length: 53031 Content-Type: application/javascript | clean |
http://oriflame-blog.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 27 Jan 2015 10:02:30 GMT Location: http://biz-21.info/test404page.js Server: nginx/1.6.1 Vary: Accept-Encoding Content-Length: 308 Content-Type: text/html; charset=iso-8859-1 | clean |
http://biz-21.info/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 27 Jan 2015 10:02:31 GMT Pragma: no-cache Location: http://www.biz-21.info/test404page.js Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=e4964a57afe6246e218b71e6bde33166; path=/ X-Pingback: http://www.biz-21.info/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://www.biz-21.info/test404page.js | 404 Not Found Content-Length: 48817 Content-Type: text/html | clean |
http://www.biz-21.info/wp-content/themes/travelblog/js/smthemes.js?ver=1177 | 200 OK Content-Length: 8980 Content-Type: application/javascript | clean |
https://connect.mail.ru/js/loader.js | 200 OK Content-Length: 6453 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: oriflame-blog.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 27 Jan 2015 10:02:26 GMT
Location: http://biz-21.info/
Server: nginx/1.6.1
Vary: Accept-Encoding
Content-Length: 294
Content-Type: text/html; charset=iso-8859-1
...294 bytes of data.
GET / HTTP/1.1
Host: oriflame-blog.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 27 Jan 2015 10:02:26 GMT
Location: http://biz-21.info/
Server: nginx/1.6.1
Vary: Accept-Encoding
Content-Length: 294
Content-Type: text/html; charset=iso-8859-1
...294 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: oriflame-blog.com
Referer: http://www.google.com/search?q=oriflame-blog.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: oriflame-blog.com
Referer: http://www.google.com/search?q=oriflame-blog.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=oriflame-blog.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://oriflame-blog.com/
Result: oriflame-blog.com is not infected or malware details are not published yet.
Result: oriflame-blog.com is not infected or malware details are not published yet.