Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://mbaprofood.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: mbaprofood.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 20 Sep 2014 16:15:17 GMT Location: http://ibontu.25u.com/ Server: Apache/2 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.9 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://mbaprofood.com/ | 200 OK Content-Length: 77993 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Lkalke28 ...[53525 bytes skipped]... if" type="image/x-icon"> <img align="left" src="http://i564.photobucket.com/albums/ss87/Mafya_67/zix0zc.png"> <img align="right" src="http://i564.photobucket.com/albums/ss87/Mafya_67/66da48.png"> <br /> <center> <span style="font-size: xx-large;"><span style="color: rgb(255, 0, 0);"><span style="font-weight: bold; text-shadow: 0px 0px 20px;">Hacked By Lkalke28<br /> Hacked...</p><p class="nsp_info tleft fleft"></p></div></div> <div class="nsp_art unvisible" style="width:33.3333333333%;"><div style="padding:2px 4px 2px 4px"><h4 class="nsp_header tleft fnone"><a href="/index.php?option=com_content&view=article&id=80:dark-chocolate-brownie&catid=57:premium-brownie&Itemid=115" title="ALMOND STICK BROWNIE">ALMOND STICK B ...[41029 bytes skipped]... | ||
http://mbaprofood.com/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://mbaprofood.com/plugins/system/lknlightbox/lknlightbox.js | 200 OK Content-Length: 4593 Content-Type: application/javascript | clean |
http://mbaprofood.com/modules/mod_news_pro_gk4/interface/scripts/engine-mootools-11.js | 200 OK Content-Length: 8702 Content-Type: application/javascript | clean |
http://mbaprofood.com/modules/mod_news_show_gk3/scripts/engine_1_11_compressed.js | 200 OK Content-Length: 1560 Content-Type: application/javascript | clean |
http://mbaprofood.com/modules/mod_gk_news_image_3/js/engine_compressed.js | 200 OK Content-Length: 3787 Content-Type: application/javascript | clean |
http://mbaprofood.com/modules/mod_gk_news_image_3/js/importer.php?modid=newsimage3_2&anim_speed=1000&anim_interval=3000&autoanim=1&anim_type=0&anim_type_t=0&thumb_w=140&thumb_h=76&t_margin=5&t_border=1&t_col=3&t_row=1&bgcolor=ffffff&opacity=0.45&tooltips=1&tooltips_anim=1 | 200 OK Content-Length: 356 Content-Type: text/javascript | clean |
http://mbaprofood.com/modules/mod_gk_news_image_3/js/importer.php?modid=newsimage3_1&anim_speed=1000&anim_interval=3000&autoanim=1&anim_type=0&anim_type_t=0&thumb_w=140&thumb_h=76&t_margin=5&t_border=1&t_col=3&t_row=1&bgcolor=ffffff&opacity=0.45&tooltips=1&tooltips_anim=1 | 200 OK Content-Length: 356 Content-Type: text/javascript | clean |
http://mbaprofood.com/templates/gk_viyo_brown/lib/scripts/template_scripts.js | 200 OK Content-Length: 4208 Content-Type: application/javascript | clean |
http://mbaprofood.com/templates/gk_viyo_brown/lib/scripts/menu.php?width=1&height=1&opacity=1&animation=1&speed=180 | 200 OK Content-Length: 2411 Content-Type: text/javascript | clean |
http://mbaprofood.com/index.php?option=com_user&view=reset | 200 OK Content-Length: 13322 Content-Type: text/html | clean |
http://mbaprofood.com/media/system/js/validate.js | 200 OK Content-Length: 4246 Content-Type: application/javascript | clean |
http://mbaprofood.com/index.php?option=com_content&view=article&id=72&Itemid=79 | 200 OK Content-Length: 14995 Content-Type: text/html | clean |
http://mbaprofood.com/plugins/content/highslide/highslide-with-html.js | 200 OK Content-Length: 62872 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hs = { graphicsDir : 'plugins/content/highslide/graphics/', restoreCursor : 'zoomout.cur', expandSteps : 10, expandDuration : 250, restoreSteps : 10, restoreDuration : 250, marginLeft : 15, marginRight : 15, marginTop : 15, marginBottom : 15, zIndexCounter : 1001, restoreTitle : 'Click to close image, click and drag to move. Use arrow keys for next and previous.', loadingText : 'Loading...', loadingTitle : 'Cl } } hs.getElementByClass(this.content, 'DIV', 'highslide-body').innerHTML = s; this.onLoad(); for (var x in this) this[x] = null; } }; var HsExpander = hs.Expander; hs.addEventListener(document, 'mousedown', hs.mouseClickHandler); hs.addEventListener(document, 'mouseup', hs.mouseClickHandler); hs.addEventListener(window, 'load', hs.preloadImages); hs.addEventListener(window, 'load', hs.preloadAjax); Antivirus reports:
| ||
http://mbaprofood.com/plugins/content/highslide/swfobject.js | 200 OK Content-Length: 6889 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mbaprofood.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mbaprofood.com/
Result: mbaprofood.com is not infected or malware details are not published yet.
Result: mbaprofood.com is not infected or malware details are not published yet.