google-analize.com is in the status bar of Fx3 when it loads the coupon page on a separate tab (after I click on the meal image on the main page). Proxo has a BUNCH of references to it in its log. Here's one:
+++GET 3108+++
GET /sl_style.css HTTP/1.1
Host: www.seniorlivinginstyle.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008051206 Firefox/3.0.9.9
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, x-gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: hxxp://www.seniorlivinginstyle.com/popup/coupon_01.html
Connection: keep-alive
Match 3105: : Mark First - Remove Dupes 7.07.23 (multi) [sd] (d.r)
Match 3105: Bottom Mark: Start - Close open Tags 7.06.15 (multi) [sd] (d.r)
Match 3105: Bottom Mark: Start - Close open Tags 7.06.15 (multi) [sd] (d.r)
Match 3105: Bottom Add: Final JS Code 7.09.06 (ccw! !mos) [...] (d.r)
Match 3105: Bottom Mark: End 3.12.08 [sd] (d.r)
Match 3105: : Mark First - Remove Dupes 7.07.23 (multi) [sd] (d.r)
Match 3105: : Mark First - Remove Dupes 7.07.23 (multi) [sd] (d.r)
+++CLOSE 3105+++
+++RESP 3108+++
HTTP/1.1 200 OK
Date: Sat, 06 Sep 2008 06:51:37 GMT
Server: Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.4
Last-Modified: Mon, 26 May 2008 10:40:08 GMT
ETag: "40058-280f-483a9388"
Accept-Ranges: bytes
Content-Length: 10255
Content-Type: text/css
Cache-Control: public, max-age=86400
Match 3108: Protect: CSS Comments 7.06.15 (dmp) [jd sd] (d.r)
Match 3108: Top All Mark: Start 4.07.11 (multi) [sd] (d.r)
Match 3108: Top All Mark: End 6.12.25 [sd] (d.r)
Match 3108: Protect: CSS Comments 7.06.15 (dmp) [jd sd] (d.r)
Match 3108: Protect: CSS Comments 7.06.15 (dmp) [jd sd] (d.r)
Match 3108: Protect: CSS Comments 7.06.15 (dmp) [jd sd] (d.r)
Match 3108: Protect: CSS Comments 7.06.15 (dmp) [jd sd] (d.r)
Match 3108: Protect: CSS Comments 7.06.15 (dmp) [jd sd] (d.r)
Match 3108: Protect: CSS Comments 7.06.15 (dmp) [jd sd] (d.r)
Match 3108: Protect: CSS Comments 7.06.15 (dmp) [jd sd] (d.r)
Match 3108: Protect: CSS Comments 7.06.15 (dmp) [jd sd] (d.r)
+++CLOSE 3108+++
BlockList 3109: in User-Agents, line 77
+++GET 3109+++
GET /in.cgi?15&xu=1& HTTP/1.1
Host: google-analize.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008051206 Firefox/3.0.9.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, x-gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: »
google-analize.com/Connection: keep-alive
+++CLOSE 3109+++
BlockList 3110: in Bypass-List, line 19
BlockList 3111: in User-Agents, line 77
I'm going to keep Proxo's log window open and go there again on IE.
+++GET 3397+++
GET /popup/coupon_01.html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-silverlight, application/x-shockwave-flash, */*
Referer: hxxp://www.seniorlivinginstyle.com/community/stoneybrook.html
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, x-gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)
Host: www.seniorlivinginstyle.com
Connection: keep-alive
+++RESP 3397+++
HTTP/1.1 200 OK
Date: Sat, 06 Sep 2008 07:36:26 GMT
Server: Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.4
Last-Modified: Fri, 27 Jun 2008 10:41:40 GMT
ETag: "f806b-d71-4864c3e4"
Accept-Ranges: bytes
Content-Length: 3441
Content-Type: text/html
Cache-Control: max-age=1
Match 3397: Top All Mark: Start 4.07.11 (multi) [sd] (d.r)
Match 3397: Top All Mark: End 6.12.25 [sd] (d.r)
Match 3397: Top JS Mark: Start 7.04.02 (multi) [sd] (d.r)
Match 3397: Top JS: Mark End 7.04.02 [sd] (d.r)
Match 3397: Top HTML Mark: Start 6.12.25 (multi) [sd] (d.r)
Match 3397: Top Sniff: HTML Content: HTML 7.08.05 (multi) [sd] (d.1)
Match 3397: Top HTML Mark: End 3.12.08 [sd] (d.r)
Match 3397: Header Top Mark: Start - Fix 7.09.09 (multi) [sd] (d.r)
Match 3397: Header Top Add: Initial JS Code 7.09.05 (ccw! !mos) [...] (d.r)
Match 3397: Header Top Mark: End 7.09.06 (multi) [sd] (d.r)
BlockList 3397: in AdPaths-J, line 83
Match 3397: Block: Scripts by URL 7.09.07 [pr] (d.2)
Match 3397: Header Bot Mark: Start - Fix 7.09.06 (multi) [sd] (d.r)
Match 3397: Header Bot Add: Default Script/Style Type if Missing 7.08.31 [sd] (d.1)
Match 3397: Header Bot Add: Navigation Links 4.11.01 [sd] (d.1)
Match 3397: Header Bot Mark: End 3.12.08 [sd] (d.r)
Match 3397: Mark: Start 5.11.05 (multi) [sd] (d.r)
Match 3397: : Mark First - Remove Dupes 7.07.23 (multi) [sd] (d.r)
Match 3397: Bottom Mark: Start - Close open Tags 7.06.15 (multi) [sd] (d.r)
Match 3397: : Mark First - Remove Dupes 7.07.23 (multi) [sd] (d.r)
Match 3397: Bottom Mark: Start - Close open Tags 7.06.15 (multi) [sd] (d.r)
Match 3397: Bottom Mark: Start - Close open Tags 7.06.15 (multi) [sd] (d.r)
Match 3397: Bottom Add: Final JS Code 7.09.06 (ccw! !mos) [...] (d.r)
Match 3397: Bottom Mark: End 3.12.08 [sd] (d.r)
Match 3397: : Mark First - Remove Dupes 7.07.23 (multi) [sd] (d.r)
Match 3397: : Mark First - Remove Dupes 7.07.23 (multi) [sd] (d.r)
+++CLOSE 3397+++
BlockList 3398: in User-Agents, line 72BlockList 3399: in User-Agents, line 72
+++GET 3399+++
GET /in.cgi?15&xu=1& HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-silverlight, application/x-shockwave-flash, */*
Referer: »
google-analize.com/Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, x-gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)
Host: google-analize.com
On IE I see a transparent gif. Could it be the problem?
BlockList 3400: in User-Agents, line 72
+++GET 3400+++
GET /images/coupon-freemeal.gif HTTP/1.1
Accept: */*
Referer: hxxp://www.seniorlivinginstyle.com/popup/coupon_01.html
Accept-Language: en-us
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)
Host: www.seniorlivinginstyle.com
Connection: keep-alive
BlockList 3401: in User-Agents, line 72
+++GET 3401+++
GET /images/trans.gif HTTP/1.1
Accept: */*
Referer: hxxp://www.seniorlivinginstyle.com/popup/coupon_01.html
Accept-Language: en-us
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1)
Host: www.seniorlivinginstyle.com
Connection: keep-alive
Avira now alerts AFTER the coupon tab opens on IE8. It was alerting before that earlier.
I reported the site as malicious to Microsoft.