Scanned pages/files
Request | Server response | Status |
http://al.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 14 Jul 2015 02:54:26 GMT Location: http://www.al.com/ Server: nginx/1.2.6 Content-Length: 184 Content-Type: text/html | clean |
http://www.al.com/ | 200 OK Content-Length: 155894 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://4385817.fls.doubleclick.net/activityi;src=4385817;type=Homep0;cat=Commo0;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://4385817.fls.doubleclick.net/activityi;src=4385817;type=homep0;cat=commo0;ord= <iframe src="http://4385817.fls.doubleclick.net/activityi;src=4385817;type=homep0;cat=commo0;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://4385817.fls.doubleclick.net/activityi;src=4385817;type=homep0;cat=commo0;ord=1? <iframe src="http://4385817.fls.doubleclick.net/activityi;src=4385817;type=homep0;cat=commo0;ord=1?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://www.al.com//tags.tiqcdn.com/utag/advancedigital/lib-common/prod/utag.sync.js/ | 404 Not Found Content-Length: 98411 Content-Type: text/html | clean |
http://www.al.com/static/common/js/libs/modernizr-2.6.2.min.js | 200 OK Content-Length: 13334 Content-Type: application/x-javascript | clean |
http://www.al.com/static/common/js/adv-js-loader.js | 200 OK Content-Length: 3919 Content-Type: application/x-javascript | clean |
http://media.al.com/static/common/js/jquery/jquery-1.8.2.min.js | 200 OK Content-Length: 93436 Content-Type: application/x-javascript | clean |
http://www.al.com/static/common/js/resimg.js | 200 OK Content-Length: 20535 Content-Type: application/x-javascript | clean |
http://media.al.com/design/baseline/js/movabletype.min.js | 200 OK Content-Length: 20591 Content-Type: application/x-javascript | clean |
http://www.al.com/static/common/js/adv_gigya.js | 200 OK Content-Length: 12410 Content-Type: application/x-javascript | clean |
http://media.al.com/static/common/js/ads/ads.js | 200 OK Content-Length: 51240 Content-Type: application/x-javascript | clean |
http://www.al.com/static/aff/static/js/index_res.js | 200 OK Content-Length: 176597 Content-Type: application/x-javascript | clean |
http://www.al.com/static/social/lf/build/adilf.254.js | 200 OK Content-Length: 300337 Content-Type: application/x-javascript | clean |
http://www.al.com/static/common/js/gw/gw.min.js | 200 OK Content-Length: 27744 Content-Type: application/x-javascript | clean |
http://www.al.com/news/ | 200 OK Content-Length: 115275 Content-Type: text/html | clean |
http://www.al.com/business | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=10 Connection: close Date: Tue, 14 Jul 2015 02:54:33 GMT Accept-Ranges: bytes Location: http://www.al.com/business/ Content-Length: 235 Content-Type: text/html; charset=iso-8859-1 Expires: Tue, 14 Jul 2015 02:54:43 GMT X-ADI-VCache: MISS X-Pad: avoid browser bug X-Varnish: 1433480795 | clean |
http://www.al.com/business/ | 200 OK Content-Length: 117746 Content-Type: text/html | clean |
http://www.al.com/opinion | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=10 Connection: close Date: Tue, 14 Jul 2015 02:54:34 GMT Accept-Ranges: bytes Location: http://www.al.com/opinion/ Content-Length: 234 Content-Type: text/html; charset=iso-8859-1 Expires: Tue, 14 Jul 2015 02:54:44 GMT X-ADI-VCache: MISS X-Pad: avoid browser bug X-Varnish: 1433480868 | clean |
http://www.al.com/opinion/ | 200 OK Content-Length: 122017 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: al.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 14 Jul 2015 02:54:26 GMT
Location: http://www.al.com/
Server: nginx/1.2.6
Content-Length: 184
Content-Type: text/html
...184 bytes of data.
GET / HTTP/1.1
Host: al.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 14 Jul 2015 02:54:26 GMT
Location: http://www.al.com/
Server: nginx/1.2.6
Content-Length: 184
Content-Type: text/html
...184 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: al.com
Referer: http://www.google.com/search?q=al.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: al.com
Referer: http://www.google.com/search?q=al.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=al.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://al.com/
Result: al.com is not infected or malware details are not published yet.
Result: al.com is not infected or malware details are not published yet.