Scanned pages/files
| Request | Server response | Status |
http://www.ironmankids.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 04 Sep 2014 03:50:30 GMT Location: http://marvel.com/ Server: Apache Vary: Accept-Encoding Content-Length: 226 Content-Type: text/html; charset=iso-8859-1 | clean |
http://marvel.com/ | 200 OK Content-Length: 124940 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord= <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1? <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://i.annihil.us/u/prod/marvel/s/js/4712f50cc156b4e1ae664b83c693c9a4.js | 200 OK Content-Length: 182865 Content-Type: application/javascript | clean |
http://i.annihil.us/u/prod/marvel/s/js/fdece4ebb271cc9039c77cdd7d297d1a.js | 200 OK Content-Length: 953 Content-Type: application/javascript | clean |
http://admin.brightcove.com/js/BrightcoveExperiences_all.js | 200 OK Content-Length: 109526 Content-Type: application/x-javascript | clean |
http://www.ironmankids.com//marvel.com/i/js/marvelvideo.js/ | 404 Not Found Content-Length: 11201 Content-Type: text/html | clean |
http://i.annihil.us/u/prod/newkids/s/js/v7_global_head_default_3bc9c21a6e9c679c193402ff46fe074b29f53fb7.js | 200 OK Content-Length: 126541 Content-Type: application/javascript | clean |
http://www.ironmankids.com/characters/1009610/spider-man | 200 OK Content-Length: 17948 Content-Type: text/html | clean |
http://www.ironmankids.com/characters/1009368/iron_man | 200 OK Content-Length: 19543 Content-Type: text/html | clean |
http://www.ironmankids.com/characters/1009220/captain_america | 200 OK Content-Length: 16519 Content-Type: text/html | clean |
http://www.ironmankids.com/characters/1009351/hulk | 200 OK Content-Length: 17717 Content-Type: text/html | clean |
http://www.ironmankids.com/characters/1009664/thor | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 04 Sep 2014 03:50:40 GMT Location: http://marvel.com/characters/1009664/thor Server: Apache Vary: Accept-Encoding Content-Length: 249 Content-Type: text/html; charset=iso-8859-1 | clean |
http://marvel.com/characters/1009664/thor | 404 Not Found Content-Length: 35114 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1? <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord= <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://i.annihil.us/u/prod/marvel/s/js/cfb5f4bb1f1a83c01111ca26c20b208e.js | 200 OK Content-Length: 32981 Content-Type: application/javascript | clean |
http://i.annihil.us/u/prod/marvel/s/js/480d5703a58c52fb494a155a5fb777fc.js | 200 OK Content-Length: 25636 Content-Type: application/javascript | clean |
http://www.googleadservices.com/pagead/conversion.js | 200 OK Content-Length: 9448 Content-Type: text/javascript | clean |
http://i.annihil.us/u/prod/marvel/s/js/c131c5f5e1add64db9ef9748da6b913a.js | 200 OK Content-Length: 21528 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ironmankids.com
Result:
GET / HTTP/1.1
Host: ironmankids.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ironmankids.com
Referer: http://www.google.com/search?q=ironmankids.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ironmankids.com
Referer: http://www.google.com/search?q=ironmankids.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ironmankids.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ironmankids.com/
Result: ironmankids.com is not infected or malware details are not published yet.
Result: ironmankids.com is not infected or malware details are not published yet.