Overview

URL mariaselem.com/
IP66.96.149.32
ASNAS29873 The Endurance International Group, Inc.
Location United States
Report completed2019-01-15 08:08:21 CET
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2019-01-15 08:07:51 CET 1  66.96.149.32 Client IP ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 08
2019-01-15 08:07:51 CET 1  66.96.149.32 Client IP ET CURRENT_EVENTS Malicious Redirect 8x8 script tag
2019-01-15 08:07:51 CET 1  66.96.149.32 Client IP ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 09


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2019-01-15 2 mariaselem.com/ Malware
2019-01-15 2 mariaselem.com/index.swf Malware
2019-01-15 2 mariaselem.com/marialogo.f4v Malware
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 66.96.149.32

Date UQ / IDS / BL URL IP
2019-02-21 20:07:11 +0100
0 - 0 - 0 afcontractingllc.com/about.html 66.96.149.32
2019-02-21 00:19:52 +0100
0 - 1 - 0 www.necdesign.com/ElectrcTrialDirectory/Setup (...) 66.96.149.32
2019-02-20 14:56:38 +0100
0 - 1 - 0 www.qtweb.net/downloads/QtWeb-setup.exe 66.96.149.32
2019-02-20 00:05:55 +0100
0 - 0 - 7 acapellatown.net/midi 66.96.149.32
2019-02-19 16:07:08 +0100
0 - 1 - 0 www.necdesign.com/ElectrcTrialDirectory/Setup (...) 66.96.149.32
2019-02-18 01:22:46 +0100
0 - 0 - 26 carehandling.com/our-team 66.96.149.32
2019-02-18 01:12:12 +0100
0 - 0 - 23 carehandling.com/category/uncategorized 66.96.149.32
2019-02-18 00:49:46 +0100
0 - 0 - 25 carehandling.com/author/carehandlingdotcom 66.96.149.32
2019-02-16 09:20:37 +0100
0 - 0 - 4 schoolquran.com/Quran-Learning-For-Women.php 66.96.149.32
2019-02-15 10:47:45 +0100
0 - 0 - 1 splendidhonda.com/wUy1WgTP.exe 66.96.149.32

Last 10 reports on ASN: AS29873 The Endurance International Group, Inc.

Date UQ / IDS / BL URL IP
2019-02-21 22:59:58 +0100
0 - 0 - 15 mrrec.org/ 66.96.161.151
2019-02-21 21:17:34 +0100
0 - 0 - 28 ruffledpaper.com/Info.zip 66.96.147.109
2019-02-21 20:31:47 +0100
0 - 0 - 0 egctek.com 66.96.149.1
2019-02-21 20:07:11 +0100
0 - 0 - 0 afcontractingllc.com/about.html 66.96.149.32
2019-02-21 08:28:25 +0100
0 - 0 - 0 whatsnextnow.net 66.96.162.133
2019-02-21 02:02:52 +0100
0 - 1 - 0 www.citrusware.us/TrialVersions/CitrusInvoice (...) 65.254.250.119
2019-02-21 01:50:54 +0100
0 - 1 - 0 www.citrusware.us/TrialVersions/CitrusProposa (...) 65.254.250.119
2019-02-21 01:40:18 +0100
0 - 0 - 1 hacha.org/programas/angulos.rar 66.96.147.101
2019-02-21 01:40:06 +0100
0 - 0 - 1 hacha.org/programas/resistencias.rar 66.96.147.101
2019-02-21 00:23:06 +0100
0 - 0 - 1 testing.tallawang.com/Purolator.zip 66.96.143.190

No other reports on domain: mariaselem.com



JavaScript

Executed Scripts (3)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 361, repeated: 1) - SHA256: c63cc1d6b3ac75ba1f726cb112cdb041f9b61127033705dc550c1331a3146c75

                                        < embed width = "100%"
height = "100%"
src = "index.swf"
quality = "high"
pluginspage = "http://www.adobe.com/go/getflashplayer"
align = "middle"
play = "true"
loop = "true"
scale = "noscale"
wmode = "window"
devicefont = "false"
bgcolor = "#333333"
name = "index"
menu = "true"
allowFullScreen = "true"
allowScriptAccess = "sameDomain"
salign = ""
type = "application/x-shockwave-flash" > < /embed>
                                    


HTTP Transactions (8)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: mariaselem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         66.96.149.32
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Tue, 15 Jan 2019 07:07:48 GMT
Content-Length: 10611
Connection: keep-alive
Server: Apache
Set-Cookie: is_mobile=0; path=/; domain=mariaselem.com
Last-Modified: Sun, 27 Dec 2015 07:04:56 GMT
Etag: "2973-527dbce54156a"
Accept-Ranges: bytes
Cache-Control: max-age=3600, no-cache, no-store, max-age=0, must-revalidate
Expires: Tue, 15 Jan 2019 08:07:48 GMT, -1
Pragma: no-cache
Age: 0


--- Additional Info ---
Magic:  exported SGML document text
Size:   10611
Md5:    a876beb7dd13e9f81c951228d1815385
Sha1:   204155155c4f11df779005f9830283503840b637
Sha256: a571f2de895fc2f0766214a0d9a76a1df0dcb7169fbbab2645bbe0e0ab6b1881

Alerts:
  Blacklists:
    - fortinet: Malware
  IDS:
    - ET CURRENT_EVENTS Evil Redirector Leading to EK Jul 08
    - ET CURRENT_EVENTS Malicious Redirect 8x8 script tag
    - ET CURRENT_EVENTS Evil Redirector Leading to EK Dec 09
                                        
                                            GET /wp-content/themes/twentyfifteen/qv9kwmr7.php?id=572811 HTTP/1.1 
Host: sheridanneighborhood.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mariaselem.com/

                                         
                                         50.63.202.90
HTTP/1.1 403 Forbidden
Content-Type: text/html
                                        
Cache-Control: no-cache
Date: Tue, 15 Jan 2019 07:07:49 GMT
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: Microsoft-IIS/7.5


--- Additional Info ---
Magic:  HTML document text
Size:   93
Md5:    b0d506893d4802090edf1644f5f082cd
Sha1:   4bf0d7ecb70703857c7029754fa02a7496313b63
Sha256: 0d3e98ca727fc1201b436170af5a63f23348aaf146a3ac6234f6c4da283e8b34
                                        
                                            GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1 
Host: fpdownload2.macromedia.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         91.135.34.8
HTTP/1.1 200 OK
Content-Type: text/xml
                                        
Server: Apache
Last-Modified: Tue, 08 Jan 2019 09:46:12 GMT
Etag: "60e-57eef373e43fe"
Accept-Ranges: bytes
Content-Length: 1550
Date: Tue, 15 Jan 2019 07:07:52 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  XML document text\012 XML document text
Size:   1550
Md5:    f71c58a085832ecab19d3d4f0bee72cf
Sha1:   0e75158f91704f40502217714155c348d92d051f
Sha256: 82b3bfeadac792dc7e71061019d470a5e3a9e1b1521f92a584e377ef15e1f885
                                        
                                            GET /index.swf HTTP/1.1 
Host: mariaselem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mariaselem.com/
Cookie: is_mobile=0

                                         
                                         66.96.149.32
HTTP/1.1 200 OK
Content-Type: application/x-shockwave-flash
                                        
Date: Tue, 15 Jan 2019 07:07:51 GMT
Content-Length: 505968
Connection: keep-alive
Server: Apache
Last-Modified: Thu, 29 May 2014 17:29:57 GMT
Etag: "7b870-4fa8d47251723"
Cache-Control: max-age=3600
Expires: Tue, 15 Jan 2019 08:07:51 GMT
Accept-Ranges: bytes
Age: 0


--- Additional Info ---
Magic:  Macromedia Flash data (compressed), version 10
Size:   505968
Md5:    cef846697b89a8c02d0ac08920a35eaa
Sha1:   7c936f605676d5d35587bbdf1b8cb2adda0c2c1b
Sha256: c36e000dadf2fc3eaeff32f35d8fa4260ac5c576ca26419c8a331a97c5daae4f

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: mariaselem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: is_mobile=0

                                         
                                         66.96.149.32
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Tue, 15 Jan 2019 07:07:53 GMT
Content-Length: 328
Connection: keep-alive
Server: Apache
Age: 0


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   328
Md5:    301fa7ceb5b3c291d4bbeee953048686
Sha1:   758d921efd60d4e9f0f6d77648ccc500c8611fea
Sha256: 6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: mariaselem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: is_mobile=0

                                         
                                         66.96.149.32
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Tue, 15 Jan 2019 07:07:56 GMT
Content-Length: 328
Connection: keep-alive
Server: Apache
Expires: Tue, 15 Jan 2019 07:08:03 GMT
Age: 3


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   328
Md5:    301fa7ceb5b3c291d4bbeee953048686
Sha1:   758d921efd60d4e9f0f6d77648ccc500c8611fea
Sha256: 6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da
                                        
                                            GET /marialogo.f4v HTTP/1.1 
Host: mariaselem.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: is_mobile=0

                                         
                                         66.96.149.32
HTTP/1.1 200 OK
                                        
Date: Tue, 15 Jan 2019 07:07:53 GMT
Content-Length: 3095618
Connection: keep-alive
Server: Apache
Last-Modified: Thu, 29 May 2014 17:30:08 GMT
Etag: "2f3c42-4fa8d47c5d668"
Accept-Ranges: bytes, bytes
Cache-Control: max-age=3600
Expires: Tue, 15 Jan 2019 08:07:53 GMT
Age: 0


--- Additional Info ---
Magic:  ISO Media
Size:   3095618
Md5:    0d03e1f398c3933025feb3669138e55c
Sha1:   232a511e1d22ed186542f391f0cd9b847b52bff2
Sha256: 2c369c5bc22513b3428af06ec12aabb072881a5ef9803cffa9a3c1b5384547fd

Alerts:
  Blacklists:
    - fortinet: Malware
                                        
                                            GET /TXKUZ/wp-content/themes/twentyfifteen/qv9kwmr7.php?id=572811 HTTP/1.1 
Host: sheridanneighborhood.com
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://mariaselem.com/

                                         
                                         50.63.202.90
HTTP/1.1 302 Found
                                        
Connection: close
Pragma: no-cache
Cache-Control: no-cache
Location: /wp-content/themes/twentyfifteen/qv9kwmr7.php?id=572811


--- Additional Info ---