See: http://toolbar.netcraft.com/site_report?url=http://ptr7.bubbles.co.il
Site is into social and affiliation organizations
See: http://toolbar.netcraft.com/site_report?url=http://ptr7.bubbles.co.il
Unable to properly scan site: http://urlquery.net/report.php?id=1409604597490
See: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fptr7.bubbles.co.il%2F&useragent=Fetch+useragent&accept_encoding=
Microsoft-HTTPAPI/2.0- X-Powered-By: Express; site vulnerable to clickjacking
and Pre-Auth Remote Stack Overflow Exploit - It will bind a cmdshell on port 1154 if successful.
Mail server account → http://www.projecthoneypot.org/ip_64.34.182.212
All I see is test2.
Somehow there is active malware up and active there, but what?
Also consider: http://www.isoc.org.il/domain_heb/whois.html → http://domains.livedns.co.il
polonus