Scanned pages/files
Request | Server response | Status |
http://aviwallerstein.com/ | HTTP/1.1 302 Found Connection: close Date: Tue, 09 Sep 2014 20:15:22 GMT Location: http://www.lasikmd.com/our-surgeons/laser-eye-surgeons/dr-avi-wallerstein Server: Apache/2.2.22 (Debian) Content-Length: 341 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lasikmd.com/our-surgeons/laser-eye-surgeons/dr-avi-wallerstein | 200 OK Content-Length: 85640 Content-Type: text/html | clean |
http://www.lasikmd.com/js/sortabletable.js | 200 OK Content-Length: 3006 Content-Type: application/x-javascript | clean |
http://www.lasikmd.com/js/anatomy-of-the-eye-rollovers.js | 200 OK Content-Length: 1096 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/prototype/1.7.0.0/prototype.js | 200 OK Content-Length: 163313 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9.0/scriptaculous.js?load=effects | 200 OK Content-Length: 2931 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://www.lasikmd.com/js/slick.min.js | 200 OK Content-Length: 23476 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js | 200 OK Content-Length: 10220 Content-Type: text/javascript | clean |
http://www.lasikmd.com/js/lasikmd.js | 200 OK Content-Length: 9990 Content-Type: application/x-javascript | clean |
http://www.lasikmd.com/js/cufon.js | 200 OK Content-Length: 97132 Content-Type: application/x-javascript | clean |
http://www.lasikmd.com/js/superfish.js | 200 OK Content-Length: 3835 Content-Type: application/x-javascript | clean |
http://www.lasikmd.com/js/lightview.js | 200 OK Content-Length: 34892 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Lightview={Version:"2.5",options:{backgroundColor:"#ffffff",border:12,buttons:{opacity:{disabled:0.4,normal:0.75,hover:1},side:{display:true},innerPreviousNext:{display:true},slideshow:{display:true},topclose:{side:"right"}},controller:{backgroundColor:"#4d4d4d",border:6,buttons:{innerPreviousNext:true,side:false},margin:18,opacity:0.7,radius:6,setNumberTemplate:"#{position} of #{total}"},cyclic:false,images:"/images/lightview/",imgNumberTemplate:"Image #{position} of #{total}",keyboard:true Antivirus reports:
| ||
http://www.lasikmd.com/js/joannie-jquery.scrollTo-1.3.3.js | 200 OK Content-Length: 6593 Content-Type: application/x-javascript | clean |
http://www.lasikmd.com/js/joannie-jquery.localscroll-1.2.5.js | 200 OK Content-Length: 4354 Content-Type: application/x-javascript | clean |
http://www.lasikmd.com/js/joannie-jquery.serialScroll-1.2.1.js | 200 OK Content-Length: 7255 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aviwallerstein.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 09 Sep 2014 20:15:22 GMT
Location: http://www.lasikmd.com/our-surgeons/laser-eye-surgeons/dr-avi-wallerstein
Server: Apache/2.2.22 (Debian)
Content-Length: 341
Content-Type: text/html; charset=iso-8859-1
...341 bytes of data.
GET / HTTP/1.1
Host: aviwallerstein.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 09 Sep 2014 20:15:22 GMT
Location: http://www.lasikmd.com/our-surgeons/laser-eye-surgeons/dr-avi-wallerstein
Server: Apache/2.2.22 (Debian)
Content-Length: 341
Content-Type: text/html; charset=iso-8859-1
...341 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: aviwallerstein.com
Referer: http://www.google.com/search?q=aviwallerstein.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aviwallerstein.com
Referer: http://www.google.com/search?q=aviwallerstein.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=aviwallerstein.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://aviwallerstein.com/
Result: aviwallerstein.com is not infected or malware details are not published yet.
Result: aviwallerstein.com is not infected or malware details are not published yet.