Scanned pages/files
Request | Server response | Status |
http://avengerskids.com/ | 200 OK Content-Length: 18615 Content-Type: text/html | clean |
http://i.annihil.us/u/prod/newkids/s/js/v7_global_head_default_3bc9c21a6e9c679c193402ff46fe074b29f53fb7.js | 200 OK Content-Length: 126541 Content-Type: application/javascript | clean |
http://admin.brightcove.com/js/BrightcoveExperiences_all.js | 200 OK Content-Length: 109526 Content-Type: application/x-javascript | clean |
http://avengerskids.com/characters/1009610/spider-man | 200 OK Content-Length: 17945 Content-Type: text/html | clean |
http://avengerskids.com/characters/1009368/iron_man | 200 OK Content-Length: 17786 Content-Type: text/html | clean |
http://avengerskids.com/characters/1009220/captain_america | 200 OK Content-Length: 18270 Content-Type: text/html | clean |
http://avengerskids.com/characters/1009351/hulk | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 13:21:42 GMT Location: http://marvel.com/characters/1009351/hulk Server: Apache Vary: Accept-Encoding Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 | clean |
http://marvel.com/characters/1009351/hulk | 404 Not Found Content-Length: 35114 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1? <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord= <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://i.annihil.us/u/prod/marvel/s/js/4712f50cc156b4e1ae664b83c693c9a4.js | 200 OK Content-Length: 182865 Content-Type: application/javascript | clean |
http://i.annihil.us/u/prod/marvel/s/js/cfb5f4bb1f1a83c01111ca26c20b208e.js | 200 OK Content-Length: 32981 Content-Type: application/javascript | clean |
http://i.annihil.us/u/prod/marvel/s/js/480d5703a58c52fb494a155a5fb777fc.js | 200 OK Content-Length: 25636 Content-Type: application/javascript | clean |
http://www.googleadservices.com/pagead/conversion.js | 200 OK Content-Length: 9448 Content-Type: text/javascript | clean |
http://i.annihil.us/u/prod/marvel/s/js/d5c5264c61201cfafc85e2dc9a168e49.js | 200 OK Content-Length: 22326 Content-Type: application/javascript | clean |
http://i.annihil.us/u/prod/marvel/s/js/82c29872f39aca59ae7a170d16f7d0ae.js | 200 OK Content-Length: 13405 Content-Type: application/javascript | clean |
http://avengerskids.com/characters | 404 Not Found Content-Length: 11143 Content-Type: text/html | clean |
http://avengerskids.com/characters/1009664/thor | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 13:21:48 GMT Location: http://marvel.com/characters/1009664/thor Server: Apache Vary: Accept-Encoding Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 | clean |
http://marvel.com/characters/1009664/thor | 404 Not Found Content-Length: 35116 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1? <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord= <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: avengerskids.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 13:21:35 GMT
Server: Apache
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=utf-8
Expire: -1
P3P: CP="ALL DSP COR NID CURa TAIa OTPi OUR BUS UNI INT PRE"
X-ServerNickName: Mj
X-UA-Compatible: IE=Edge
GET / HTTP/1.1
Host: avengerskids.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 13:21:35 GMT
Server: Apache
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=utf-8
Expire: -1
P3P: CP="ALL DSP COR NID CURa TAIa OTPi OUR BUS UNI INT PRE"
X-ServerNickName: Mj
X-UA-Compatible: IE=Edge
Second query (visit from search engine):
GET / HTTP/1.1
Host: avengerskids.com
Referer: http://www.google.com/search?q=avengerskids.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: avengerskids.com
Referer: http://www.google.com/search?q=avengerskids.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=avengerskids.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://avengerskids.com/
Result: avengerskids.com is not infected or malware details are not published yet.
Result: avengerskids.com is not infected or malware details are not published yet.