Overview

URL mariaselem.com/
IP66.96.149.32
ASNAS29873 The Endurance International Group, Inc.
Location United States
Report completed2019-01-15 08:08:21 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-01-15 08:07:51 CET 1  66.96.149.32 Client IP ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 08
2019-01-15 08:07:51 CET 1  66.96.149.32 Client IP ET CURRENT_EVENTS Malicious Redirect 8x8 script tag
2019-01-15 08:07:51 CET 1  66.96.149.32 Client IP ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 09


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-01-15 2 mariaselem.com/ Malware
2019-01-15 2 mariaselem.com/index.swf Malware
2019-01-15 2 mariaselem.com/marialogo.f4v Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 66.96.149.32

Date UQ / IDS / BL URL IP
2019-04-19 23:02:41 +0200
0 - 0 - 2 carehandling.com/author/carehandlingdotcom 66.96.149.32
2019-04-18 23:38:38 +0200
0 - 0 - 1 ferdinandcenon.com/anglica/eimprovement/office.php 66.96.149.32
2019-04-17 16:56:58 +0200
0 - 0 - 11 www.rlkilgore.com/2009/07/ 66.96.149.32
2019-04-16 15:51:04 +0200
0 - 0 - 0 39fss.com/Documenrts/AFRC/TAP%20internet%20re (...) 66.96.149.32
2019-04-16 04:25:07 +0200
0 - 0 - 3 splendidhonda.com/wuy1wgtp.exe 66.96.149.32
2019-04-15 16:58:26 +0200
0 - 0 - 3 splendidhonda.com/wUy1WgTP.exe 66.96.149.32
2019-04-15 16:45:23 +0200
0 - 0 - 3 splendidhonda.com/xtp.exe 66.96.149.32
2019-04-15 13:27:54 +0200
0 - 0 - 12 thatstevenrice.com/ 66.96.149.32
2019-04-15 08:16:49 +0200
0 - 0 - 20 acapellatown.net/acapellas/category/kesha 66.96.149.32
2019-04-15 08:12:14 +0200
0 - 0 - 21 acapellatown.net/acapellas/category/kelly-clarkson 66.96.149.32

Last 10 reports on ASN: AS29873 The Endurance International Group, Inc.

Date UQ / IDS / BL URL IP
2019-04-20 11:36:15 +0200
0 - 0 - 16 travelothon.com/tag/adventure 66.96.147.198
2019-04-20 04:25:13 +0200
0 - 0 - 1 www.glenbrookdental.com.au/media/cms/themes/1 (...) 66.96.147.101
2019-04-20 04:25:09 +0200
0 - 0 - 1 www.glenbrookdental.com.au/media/cms/themes/7 (...) 66.96.147.101
2019-04-20 00:14:32 +0200
0 - 0 - 1 pay.service.send.money.and.logininyour.accoun (...) 207.148.248.143
2019-04-20 00:09:21 +0200
0 - 0 - 1 goldpalcanada.com/ols 66.96.147.103
2019-04-19 23:02:41 +0200
0 - 0 - 2 carehandling.com/author/carehandlingdotcom 66.96.149.32
2019-04-19 22:53:37 +0200
0 - 0 - 2 t-ools.com/downloads/cleaner/igcleanerfree.rar 66.96.147.117
2019-04-19 22:49:43 +0200
0 - 0 - 1 munnarsite.com/index.html 207.148.248.145
2019-04-19 22:45:33 +0200
0 - 0 - 36 appliances-repair.ca/wp-admin/js/login.alibab (...) 66.96.147.144
2019-04-19 22:32:09 +0200
0 - 0 - 5 hwy11-17-hwy582tocoughlin.com/wp-includes/ima (...) 66.96.160.130

No other reports on domain: mariaselem.com



JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 361, repeated: 1) - SHA256: c63cc1d6b3ac75ba1f726cb112cdb041f9b61127033705dc550c1331a3146c75

                                        < embed width = "100%"
height = "100%"
src = "index.swf"
quality = "high"
pluginspage = "http://www.adobe.com/go/getflashplayer"
align = "middle"
play = "true"
loop = "true"
scale = "noscale"
wmode = "window"
devicefont = "false"
bgcolor = "#333333"
name = "index"
menu = "true"
allowFullScreen = "true"
allowScriptAccess = "sameDomain"
salign = ""
type = "application/x-shockwave-flash" > < /embed>
                                    


HTTP Transactions (8)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: mariaselem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         66.96.149.32
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Tue, 15 Jan 2019 07:07:48 GMT
Content-Length: 10611
Connection: keep-alive
Server: Apache
Set-Cookie: is_mobile=0; path=/; domain=mariaselem.com
Last-Modified: Sun, 27 Dec 2015 07:04:56 GMT
Etag: "2973-527dbce54156a"
Accept-Ranges: bytes
Cache-Control: max-age=3600, no-cache, no-store, max-age=0, must-revalidate
Expires: Tue, 15 Jan 2019 08:07:48 GMT, -1
Pragma: no-cache
Age: 0


--- Additional Info ---
Magic:  exported SGML document text
Size:   10611
Md5:    a876beb7dd13e9f81c951228d1815385
Sha1:   204155155c4f11df779005f9830283503840b637
Sha256: a571f2de895fc2f0766214a0d9a76a1df0dcb7169fbbab2645bbe0e0ab6b1881

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 08
    - ET CURRENT_EVENTS Malicious Redirect 8x8 script tag
    - ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 09
                                        
                                            GET /wp-content/themes/twentyfifteen/qv9kwmr7.php?id=572811 HTTP/1.1 
Host: sheridanneighborhood.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mariaselem.com/

                                         
                                         50.63.202.90
HTTP/1.1 403 Forbidden
Content-Type: text/html
                                        
Cache-Control: no-cache
Date: Tue, 15 Jan 2019 07:07:49 GMT
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: Microsoft-IIS/7.5


--- Additional Info ---
Magic:  HTML document text
Size:   93
Md5:    b0d506893d4802090edf1644f5f082cd
Sha1:   4bf0d7ecb70703857c7029754fa02a7496313b63
Sha256: 0d3e98ca727fc1201b436170af5a63f23348aaf146a3ac6234f6c4da283e8b34
                                        
                                            GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1 
Host: fpdownload2.macromedia.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         91.135.34.8
HTTP/1.1 200 OK
Content-Type: text/xml
                                        
Server: Apache
Last-Modified: Tue, 08 Jan 2019 09:46:12 GMT
Etag: "60e-57eef373e43fe"
Accept-Ranges: bytes
Content-Length: 1550
Date: Tue, 15 Jan 2019 07:07:52 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  XML document text\012 XML document text
Size:   1550
Md5:    f71c58a085832ecab19d3d4f0bee72cf
Sha1:   0e75158f91704f40502217714155c348d92d051f
Sha256: 82b3bfeadac792dc7e71061019d470a5e3a9e1b1521f92a584e377ef15e1f885
                                        
                                            GET /index.swf HTTP/1.1 
Host: mariaselem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mariaselem.com/
Cookie: is_mobile=0

                                         
                                         66.96.149.32
HTTP/1.1 200 OK
Content-Type: application/x-shockwave-flash
                                        
Date: Tue, 15 Jan 2019 07:07:51 GMT
Content-Length: 505968
Connection: keep-alive
Server: Apache
Last-Modified: Thu, 29 May 2014 17:29:57 GMT
Etag: "7b870-4fa8d47251723"
Cache-Control: max-age=3600
Expires: Tue, 15 Jan 2019 08:07:51 GMT
Accept-Ranges: bytes
Age: 0


--- Additional Info ---
Magic:  Macromedia Flash data (compressed), version 10
Size:   505968
Md5:    cef846697b89a8c02d0ac08920a35eaa
Sha1:   7c936f605676d5d35587bbdf1b8cb2adda0c2c1b
Sha256: c36e000dadf2fc3eaeff32f35d8fa4260ac5c576ca26419c8a331a97c5daae4f

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: mariaselem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: is_mobile=0

                                         
                                         66.96.149.32
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Tue, 15 Jan 2019 07:07:53 GMT
Content-Length: 328
Connection: keep-alive
Server: Apache
Age: 0


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   328
Md5:    301fa7ceb5b3c291d4bbeee953048686
Sha1:   758d921efd60d4e9f0f6d77648ccc500c8611fea
Sha256: 6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: mariaselem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: is_mobile=0

                                         
                                         66.96.149.32
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Tue, 15 Jan 2019 07:07:56 GMT
Content-Length: 328
Connection: keep-alive
Server: Apache
Expires: Tue, 15 Jan 2019 07:08:03 GMT
Age: 3


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   328
Md5:    301fa7ceb5b3c291d4bbeee953048686
Sha1:   758d921efd60d4e9f0f6d77648ccc500c8611fea
Sha256: 6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da
                                        
                                            GET /marialogo.f4v HTTP/1.1 
Host: mariaselem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: is_mobile=0

                                         
                                         66.96.149.32
HTTP/1.1 200 OK
                                        
Date: Tue, 15 Jan 2019 07:07:53 GMT
Content-Length: 3095618
Connection: keep-alive
Server: Apache
Last-Modified: Thu, 29 May 2014 17:30:08 GMT
Etag: "2f3c42-4fa8d47c5d668"
Accept-Ranges: bytes, bytes
Cache-Control: max-age=3600
Expires: Tue, 15 Jan 2019 08:07:53 GMT
Age: 0


--- Additional Info ---
Magic:  ISO Media
Size:   3095618
Md5:    0d03e1f398c3933025feb3669138e55c
Sha1:   232a511e1d22ed186542f391f0cd9b847b52bff2
Sha256: 2c369c5bc22513b3428af06ec12aabb072881a5ef9803cffa9a3c1b5384547fd

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /TXKUZ/wp-content/themes/twentyfifteen/qv9kwmr7.php?id=572811 HTTP/1.1 
Host: sheridanneighborhood.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mariaselem.com/

                                         
                                         50.63.202.90
HTTP/1.1 302 Found
                                        
Connection: close
Pragma: no-cache
Cache-Control: no-cache
Location: /wp-content/themes/twentyfifteen/qv9kwmr7.php?id=572811


--- Additional Info ---