Scanned pages/files
Request | Server response | Status |
http://www.poolrx.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=0, no-cache, no-store, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 16 Sep 2015 19:21:26 GMT Pragma: no-cache Location: http://poolrx.com/ Server: cloudflare-nginx Content-Type: text/html; charset=UTF-8 CF-RAY: 226eef2e4f7926c0-FRA Host-Header: 192fc2e7e50945beb8231a492d6a8024 Set-Cookie: __cfduid=d8b357f568dfbe8fd0eb7034e8c8252e81442431285; expires=Thu, 15-Sep-16 19:21:25 GMT; path=/; domain=.poolrx.com; HttpOnly Set-Cookie: PHPSESSID=e7md0982r1g2s9522cg7iti607; path=/ X-Page-Speed: 1.9.32.3-4448 X-Pingback: http://poolrx.com/xmlrpc.php X-Proxy-Cache: MISS | clean |
http://poolrx.com/ | 200 OK Content-Length: 92170 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) if(document.getElementById("form_plugins_url")){var plugin_url=document.getElementById("form_plugins_url").value;} else{var plugin_url="";} Antivirus reports:
Deface/Content modification. The following signature was found: hacked by AlfabetoVirtual ...[8173 bytes skipped]... s-css' href='http://poolrx.com/wp-content/themes/Avada/framework/plugins/revslider/rs-plugin/css/A.settings.css,qver=4.3.pagespeed.cf.pVZAvA64Fe.css' type='text/css' media='all'/> <style id='rs-captions-css' media='all'><body bgcolor=black><table width=100% height=100%><td align=center><span style='font: 40px tahoma;size:40px;color:white;text-shadow: 0px 0px 50px;'><strong>hacked by AlfabetoVirtual<p style='color: transparent'></style> <link rel='stylesheet' id='wooslider-flexslider-css' href='http://poolrx.com/wp-content/themes/Avada/framework/plugins/tf-flexslider/assets/css/A.flexslider.css,qver=1.0.1.pagespeed.cf.oEq1nvc_qg.css' type='text/css' media='all'/> <link rel='stylesheet' id='wooslider-common-css' href='http://poolrx.com/wp-content/themes/Avada/framework/plugins/tf-flexslider/assets/css/A.style.css,qver=1.0.1.pagespeed.cf ...[87137 bytes skipped]... | ||
https://maps.google.com/maps/api/js?v=3.exp&sensor=false&language=en | 200 OK Content-Length: 4294 Content-Type: text/javascript | clean |
http://poolrx.com/wp-content/plugins/form-maker/js/main_front_end.js,qver==4.3+if_gmap_front_end.js,qver==4.3.pagespeed.jc.bqU0lOjTrX.js | 200 OK Content-Length: 56444 Content-Type: application/javascript | clean |
http://maps.google.com/maps/api/js?sensor=false&ver=4.3 | 200 OK Content-Length: 4333 Content-Type: text/javascript | clean |
http://poolrx.com/wp-content/plugins/form-maker/js/calendar.js,qver==4.3+calendar-setup.js,qver==4.3+calendar_function.js,qver==4.3.pagespeed.jc.LRJplkWmhH.js | 200 OK Content-Length: 50176 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js | 200 OK Content-Length: 95931 Content-Type: text/javascript | clean |
http://poolrx.com/wp-content/plugins/form-maker/js/jquery-ui.js,qver=4.3.pagespeed.jm.ISuO1EU69X.js | 200 OK Content-Length: 289573 Content-Type: application/javascript | clean |
http://poolrx.com/wp-content/plugins,_form-maker,_js,_jquery.ui.slider.js,qver==4.3+themes,_Avada,_framework,_plugins,_LayerSlider,_js,_layerslider.kreaturamedia.jquery.js,qver==4.5.5+themes,_Avada,_framework,_plugins,_LayerSlider,_js,_jquery-easing-1.3.js,qver==1.3.0+themes,_Avada,_framework,_plugins,_LayerSlider,_js,_jquerytransit.js,qver==0.9.9.pagespeed.jc.20wyljmGgl.js | 200 OK Content-Length: 73430 Content-Type: application/javascript | clean |
http://poolrx.com/wp-content/themes/Avada/framework/plugins/LayerSlider,_js,_layerslider.transitions.js,qver==4.5.5+revslider,_rs-plugin,_js,_jquery.themepunch.plugins.min.js,qver==4.3.pagespeed.jc.wKlKw_xzkR.js | 200 OK Content-Length: 38909 Content-Type: application/javascript | clean |
http://poolrx.com/wp-content/themes/Avada/framework/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=4.3 | 200 OK Content-Length: 55901 Content-Type: application/javascript | clean |
http://www.poolrx.com//cdn.foxycart.com/poolrx/foxycart.colorbox.js?ver=2/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=0, no-cache, must-revalidate Connection: close Date: Wed, 16 Sep 2015 19:21:41 GMT Pragma: no-cache Location: http://poolrx.com/cdn.foxycart.com/poolrx/foxycart.colorbox.js?ver=2/ Server: cloudflare-nginx Content-Type: text/html; charset=UTF-8 CF-Cache-Status: MISS CF-RAY: 226eef78e65826f6-FRA Host-Header: 192fc2e7e50945beb8231a492d6a8024 Set-Cookie: __cfduid=d5ccbe6ecf0239837c68eefc4468b65181442431297; expires=Thu, 15-Sep-16 19:21:37 GMT; path=/; domain=.poolrx.com; HttpOnly X-Page-Speed: 1.9.32.3-4448 X-Pingback: http://poolrx.com/xmlrpc.php X-Proxy-Cache: MISS | clean |
http://poolrx.com/cdn.foxycart.com/poolrx/foxycart.colorbox.js?ver=2/ | 404 Not Found Content-Length: 81373 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.getElementById("form_plugins_url")){var plugin_url=document.getElementById("form_plugins_url").value;} else{var plugin_url="";} Antivirus reports:
| ||
http://poolrx.com//cdn.foxycart.com/poolrx/foxycart.colorbox.js?ver=2/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=0, no-cache, must-revalidate Connection: close Date: Wed, 16 Sep 2015 19:21:39 GMT Pragma: no-cache Location: http://poolrx.com/cdn.foxycart.com/poolrx/foxycart.colorbox.js?ver=2/ Server: nginx/1.7.9 Content-Type: text/html; charset=UTF-8 Host-Header: 192fc2e7e50945beb8231a492d6a8024 Set-Cookie: PHPSESSID=go7pm6bpmo109nfsbnj7k1obg7; path=/ X-Page-Speed: 1.9.32.3-4448 X-Pingback: http://poolrx.com/xmlrpc.php X-Proxy-Cache: MISS | clean |
http://poolrx.com/test404page.js | 404 Not Found Content-Length: 81329 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.getElementById("form_plugins_url")){var plugin_url=document.getElementById("form_plugins_url").value;} else{var plugin_url="";} Antivirus reports:
| ||
http://poolrx.com/wp-content/themes/Avada/framework,_plugins,_tf-flexslider,_assets,_js,_jquery.mousewheel.min.js,qver==2.1.0-20121206+framework,_plugins,_tf-flexslider,_assets,_js,_jquery.flexslider.min.js,qver==2.1.0-20121206+js,_modernizr.js,qver==4.3+js,_jquery.carouFredSel-6.2.1-packed.js,qver==4.3.pagespeed.jc.2JZavJJn7a.js | 200 OK Content-Length: 85112 Content-Type: application/javascript | clean |
http://poolrx.com/wp-content/themes/Avada/js/jquery.prettyPhoto.js,qver==4.3+jquery.isotope.min.js,qver==4.3+jquery.flexslider-min.js,qver==4.3.pagespeed.jc.nIjBngcBJI.js | 200 OK Content-Length: 59222 Content-Type: application/javascript | clean |
http://poolrx.com/wp-content/themes/Avada/js/jquery.fitvids.js?ver=4.3 | 200 OK Content-Length: 1504 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: poolrx.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache, no-store
Connection: close
Date: Wed, 16 Sep 2015 19:21:24 GMT
Pragma: no-cache
Server: nginx/1.7.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Host-Header: 192fc2e7e50945beb8231a492d6a8024
Link: <http://poolrx.com/>; rel=shortlink
Set-Cookie: PHPSESSID=oolg9kk7e5c43c9j8kod77gvm1; path=/
X-Page-Speed: 1.9.32.3-4448
X-Pingback: http://poolrx.com/xmlrpc.php
X-Proxy-Cache: MISS
GET / HTTP/1.1
Host: poolrx.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0, no-cache, no-store
Connection: close
Date: Wed, 16 Sep 2015 19:21:24 GMT
Pragma: no-cache
Server: nginx/1.7.9
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Host-Header: 192fc2e7e50945beb8231a492d6a8024
Link: <http://poolrx.com/>; rel=shortlink
Set-Cookie: PHPSESSID=oolg9kk7e5c43c9j8kod77gvm1; path=/
X-Page-Speed: 1.9.32.3-4448
X-Pingback: http://poolrx.com/xmlrpc.php
X-Proxy-Cache: MISS
Second query (visit from search engine):
GET / HTTP/1.1
Host: poolrx.com
Referer: http://www.google.com/search?q=poolrx.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: poolrx.com
Referer: http://www.google.com/search?q=poolrx.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=poolrx.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://poolrx.com/
Result: poolrx.com is not infected or malware details are not published yet.
Result: poolrx.com is not infected or malware details are not published yet.