Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.miseismantilles.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.miseismantilles.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Fri, 18 Apr 2014 21:12:32 GMT Location: http://tinyurl.com/bnrs6vp Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Set-Cookie: 60gpBAK=R1224191420; path=/; expires=Fri, 18-Apr-2014 22:17:31 GMT Set-Cookie: 60gp=R4049307705; path=/; expires=Fri, 18-Apr-2014 22:13:38 GMT X-Powered-By: PHP/4.4.9 | malicious |
URL: http://tinyurl.com/bnrs6vp (imitation of visitor from search engine) GET /bnrs6vp HTTP/1.1 Host: tinyurl.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 21:12:32 GMT Location: http://www.mangacompass.altervista.org/libraries/pear/tard/www/all2.php Server: TinyURL/1.6 Content-Length: 0 Content-Type: text/html Set-Cookie: tinyUUID=3519545a147b4e9e0be2d8ca; expires=Sat, 18-Apr-2015 21:12:32 GMT; path=/; domain=.tinyurl.com X-Powered-By: PHP/5.4.27 X-Tiny: cache 0.010046005249023 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.miseismantilles.com/ | 200 OK Content-Length: 80619 Content-Type: text/html | clean |
http://www.miseismantilles.com/media/system/js/caption.js | 200 OK Content-Length: 1721 Content-Type: application/javascript | clean |
http://www.miseismantilles.com/modules/mod_rokslideshow/tmpl/rokslideshow.js | 200 OK Content-Length: 7925 Content-Type: application/javascript | clean |
http://www.miseismantilles.com/modules/mod_yoo_slider/mod_yoo_slider.js | 200 OK Content-Length: 1511 Content-Type: application/javascript | clean |
http://www.miseismantilles.com/plugins/content/highslide/highslide-with-html.js | 200 OK Content-Length: 62872 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hs = { graphicsDir : 'plugins/content/highslide/graphics/', restoreCursor : 'zoomout.cur', expandSteps : 10, expandDuration : 250, restoreSteps : 10, restoreDuration : 250, marginLeft : 15, marginRight : 15, marginTop : 15, marginBottom : 15, zIndexCounter : 1001, restoreTitle : 'Click to close image, click and drag to move. Use arrow keys for next and previous.', loadingText : 'Loading...', loadingTitle : 'Cl } } hs.getElementByClass(this.content, 'DIV', 'highslide-body').innerHTML = s; this.onLoad(); for (var x in this) this[x] = null; } }; var HsExpander = hs.Expander; hs.addEventListener(document, 'mousedown', hs.mouseClickHandler); hs.addEventListener(document, 'mouseup', hs.mouseClickHandler); hs.addEventListener(window, 'load', hs.preloadImages); hs.addEventListener(window, 'load', hs.preloadAjax); Antivirus reports:
| ||
http://www.miseismantilles.com/plugins/content/highslide/swfobject.js | 200 OK Content-Length: 6889 Content-Type: application/javascript | clean |
http://www.miseismantilles.com/plugins/content/highslide/do_cookie.js | 200 OK Content-Length: 2457 Content-Type: application/javascript | clean |
http://www.miseismantilles.com/plugins/system/yoo_effects/yoo_effects.js.php?lb=1&re=1&sl=1 | 200 OK Content-Length: 34737 Content-Type: application/x-javascript | clean |
http://www.miseismantilles.com/templates/greenlife/script.js | 200 OK Content-Length: 6527 Content-Type: application/javascript | clean |
http://www.miseismantilles.com/index.php?option=com_content&view=article&id=17&Itemid=3&d4dad6935f632ac35975e3001dc7bbe8=16d27f2a9503d9eab684aa7e22fc254a | 200 OK Content-Length: 25355 Content-Type: text/html | clean |
http://www.miseismantilles.com/index.php?option=com_content&view=article&id=20&Itemid=9&d4dad6935f632ac35975e3001dc7bbe8=16d27f2a9503d9eab684aa7e22fc254a | 200 OK Content-Length: 24713 Content-Type: text/html | clean |
http://www.miseismantilles.com/index.php?option=com_content&view=article&id=21&Itemid=8&d4dad6935f632ac35975e3001dc7bbe8=16d27f2a9503d9eab684aa7e22fc254a | 200 OK Content-Length: 21827 Content-Type: text/html | clean |
http://www.miseismantilles.com/index.php?option=com_content&view=article&id=19&Itemid=2&d4dad6935f632ac35975e3001dc7bbe8=16d27f2a9503d9eab684aa7e22fc254a | 200 OK Content-Length: 25520 Content-Type: text/html | clean |
http://www.miseismantilles.com/index.php?option=com_content&view=article&id=22&Itemid=34&d4dad6935f632ac35975e3001dc7bbe8=16d27f2a9503d9eab684aa7e22fc254a | 200 OK Content-Length: 49304 Content-Type: text/html | clean |
http://www.miseismantilles.com/index.php?option=com_content&view=article&id=18&Itemid=4&d4dad6935f632ac35975e3001dc7bbe8=16d27f2a9503d9eab684aa7e22fc254a | 200 OK Content-Length: 25017 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=miseismantilles.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://miseismantilles.com/
Result: miseismantilles.com is not infected or malware details are not published yet.
Result: miseismantilles.com is not infected or malware details are not published yet.