Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://moscowartexpo.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: moscowartexpo.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 22 May 2014 07:23:08 GMT Location: http://www.totalcarsolution.com/sctcom/cgi-bin/1.php Server: Apache Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.16 | malicious |
URL: http://www.totalcarsolution.com/sctcom/cgi-bin/1.php (imitation of visitor from search engine) GET /sctcom/cgi-bin/1.php HTTP/1.1 Host: www.totalcarsolution.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 22 May 2014 07:23:08 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
URL: http://www.csra.de/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: www.csra.de Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 22 May 2014 07:23:09 GMT Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.28 | malicious |
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php (imitation of visitor from search engine) GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1 Host: jbtconsultinggroup.com Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 22 May 2014 07:23:09 GMT Location: http://advredirects.net/ir/41/1405/63f2d05f52287574a579ef68950fac6a/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | suspicious |
Scanned pages/files
Request | Server response | Status |
http://moscowartexpo.com/ | 200 OK Content-Length: 2764 Content-Type: text/html | clean |
http://moscowartexpo.com/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 38076 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function JCommentsEvents(){} function JCommentsInput(){} function JCommentsIndicator(){this.init();} function JCommentsForm(id,editor){this.init(id,editor);} function JCommentsEditor(textarea,resizable){this.init(textarea,resizable);} function JComments(oi,og,r){this.init(oi,og,r);} JCommentsEvents.prototype = { add: function(o,e,f){if(o.addEventListener){o.addEventListener(e,f,false);return true;}else if(o.attachEvent){var r=o.attachEvent("on"+e,f);return r;}else{re Antivirus reports:
| ||
http://moscowartexpo.com/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 15236 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!window.jtajax) { function jtAJAX() { this.options = {url: '',type: 'post',nocache: true,data: ''}; this.$ = function(id) {if(!id){return null;}var o=document.getElementById(id);if(!o&&document.all){o=document.all[id];}return o;}; this.extend = function(o, e){for(var k in (e||{}))o[k]=e[k];return o;}; this.encode = function(t){return encodeURIComponent(t);}; this.setup = function(options) {this.options = this.extend(this.options, options);}; this Antivirus reports:
| ||
http://moscowartexpo.com/media/system/js/caption.js | 200 OK Content-Length: 12979 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://moscowartexpo.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=moscowartexpo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://moscowartexpo.com/
Result: moscowartexpo.com is not infected or malware details are not published yet.
Result: moscowartexpo.com is not infected or malware details are not published yet.