Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.asapsheepskins.com.au/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.asapsheepskins.com.au Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 05 Sep 2014 01:43:25 GMT Location: http://www.holylandtime.us/joomla/images/com_jea/images/5/secondary/preview/index.html Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.asapsheepskins.com.au/ | 200 OK Content-Length: 22678 Content-Type: text/html | clean |
http://www.asapsheepskins.com.au/media/system/js/caption.js | 200 OK Content-Length: 2101 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.asapsheepskins.com.au/plugins/system/rokbox/rokbox.js | 200 OK Content-Length: 22214 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('V.6f({\'2K\':D(){L 8.1D(\'2C\',\'\')},\'1U\':D(){L 8.1D(\'2C\',\'3C\')}});8A.6f({\'8v\':D(){l 6i=/^(25|6h):\\/\\/([a-z-.0-9]+)[\\/]{0,1}/i.4S(I.35);l 1x=/^(25|6h):\ document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.asapsheepskins.com.au/plugins/system/rokbox/themes/light/rokbox-config.js | 200 OK Content-Length: 2736 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var rokbox; window.addEvent('domready', function() { rokbox = new RokBox({ 'theme': 'light', 'transition': Fx.Transitions.Quad.easeOut, 'duration': 400, 'chase': 50, 'frame-border': 20, 'content-padding': 0, 'arrows-height': 35, 'effect': 'growl', 'captions': 1, 'captionsDelay': 800, 'scrolling': 0, 'keyEvents': 1, 'overlay': { 'background': '#000', 'opacity': 0.2, 'duration': 200, 'transition': Fx.Transitions.Quad.easeInOut }, 'defaultSize': { 'width': 640, 'height': 460 }, 'autoplay': 'true', 'controller': 'true', 'bgcolor': '#ffffff', 'youtubeAutoplay': 0, 'vimeoColor': '00adef', 'vimeoPortrait': 0, 'vimeoTitle': 0, 'vimeoFullScreen': 1, 'vimeoByline': 0 }); }); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.asapsheepskins.com.au/components/com_gantry/js/gantry-buildspans.js | 200 OK Content-Length: 862 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var GantryBuildSpans=function(g,j,k){(g.length).times(function(i){var e="."+g[i];var f=function(a){a.setStyle('visibility','visible');var b=a.getText();var c=b.split(" ");first=c[0];rest=c.slice(1).join(" ");html=a.innerHTML;if(rest.length>0){var d=a.clone().setText(' '+rest),span=new Element('span').setText(first);span.inject(d,'top');a.replaceWith(d)}};$$(e).each(function(c){j.each(function(h){c.getElements(h).each(function(b){var a=b.getFirst();if(a&&a.getTag()=='a')f(a);else f(b)})})})})}; document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.asapsheepskins.com.au/components/com_gantry/js/gantry-inputs.js | 200 OK Content-Length: 3102 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var InputsExclusion = ['.content_vote']; eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('8 M=[\'.1j\'];8 2={1h:1.7,17:6(){2.v=$(1d.1c).1e(\'1b\')==\'v\';2.m=1f 1g({\'O\':[]});8 b=$$(\'x[y=U]\');8 c=$$(M.11(\' x[y document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.asapsheepskins.com.au/modules/mod_roknavmenu/themes/fusion/js/fusion.js | 200 OK Content-Length: 13831 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('w 2S=12 2T({3y:"1.9.6",4:{1I:1f,18:{x:0,y:0},W:{x:0,y:0},19:{\'t\':0,\'J\':0},1z:1Q,A:{x:\'E\',y:\'1A\'},Q:\'Z 1m 1a\',1b:\'1k\',C:1,2U:3z,1n:{1g:3A,1h:1B.2V.3B.2W},1t: document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.asapsheepskins.com.au/modules/mod_rokstories/tmpl/js/rokstories.js | 200 OK Content-Length: 7548 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('s 2o=j 3z({3y:1.8,7:{2p:0,1F:3t,2s:3r,1n:0.3,1T:1c,1J:3n,1V:3l,2B:H.3i.3h.3g,2H:\'K\',9:\'3c\',2M:p,2N:p,29:1c,19:1c,2e:\'35\',27:\'2f\',2S:{x:0,y:0},2T:{x:0,y:0}},2b:6 document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.asapsheepskins.com.au/news.html | 200 OK Content-Length: 24125 Content-Type: text/html | clean |
http://www.asapsheepskins.com.au/products.html | 200 OK Content-Length: 13402 Content-Type: text/html | clean |
http://www.asapsheepskins.com.au/products/sheep-skin.html | 200 OK Content-Length: 23502 Content-Type: text/html | clean |
http://www.asapsheepskins.com.au/products/lamb-skin/shorn-lambs.html | 200 OK Content-Length: 17946 Content-Type: text/html | clean |
http://www.asapsheepskins.com.au/products/lamb-skin/new-season-lambs.html | 200 OK Content-Length: 14221 Content-Type: text/html | clean |
http://www.asapsheepskins.com.au/products/other-products.html | 200 OK Content-Length: 10934 Content-Type: text/html | clean |
http://www.asapsheepskins.com.au/services.html | 200 OK Content-Length: 12779 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=asapsheepskins.com.au
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://asapsheepskins.com.au/
Result: asapsheepskins.com.au is not infected or malware details are not published yet.
Result: asapsheepskins.com.au is not infected or malware details are not published yet.