Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.nightingaleproperty.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.nightingaleproperty.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 15 Jul 2014 08:06:11 GMT Location: http://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.nightingaleproperty.com/ | 200 OK Content-Length: 3037 Content-Type: text/html | clean |
http://www.nightingaleproperty.com/media/system/js/caption.js | 200 OK Content-Length: 2100 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.nightingaleproperty.com/test404page.js | 404 Not Found Content-Length: 2445 Content-Type: text/html | clean |
http://cdn.dsultra.com/js/registrar.js | 200 OK Content-Length: 1652 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nightingaleproperty.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nightingaleproperty.com/
Result: nightingaleproperty.com is not infected or malware details are not published yet.
Result: nightingaleproperty.com is not infected or malware details are not published yet.