Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.officepeers.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.officepeers.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 14 Sep 2014 13:48:25 GMT Location: http://kasoas.ru/space?7 Server: Apache Content-Length: 301 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.officepeers.com/ | 200 OK Content-Length: 16844 Content-Type: text/html | clean |
http://www.officepeers.com/cometchat/cometchatjs.php | 200 OK Content-Length: 213995 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),cm.close();d=c Antivirus reports:
| ||
http://www.google.com/recaptcha/api/js/recaptcha_ajax.js | 200 OK Content-Length: 115874 Content-Type: text/javascript | clean |
http://www.officepeers.com/static/jscript/jquery/jquery.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 93867 Content-Type: text/javascript | clean |
http://www.officepeers.com/static/jscript/jquery/ui.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 210463 Content-Type: text/javascript | clean |
http://www.officepeers.com/static/jscript/common.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 17640 Content-Type: text/javascript | clean |
http://www.officepeers.com/static/jscript/main.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 44097 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var $Cache = {}; var $oEventHistory = {}; var $oStaticHistory = {}; var $bDocumentIsLoaded = false; if (typeof window.console == 'undefined') { window.console = { log : function(sTxt){} }; } if (typeof window.console.log == 'undefined') { window.console.log = function(sTxt){}; } $.fn.message = function(sMessage, sType) { switch(sType) { case 'valid': sClass = 'valid_message'; break; case 'error': sC throw new TypeError(); var t = Object(this); var len = t.length >>> 0; if (typeof fun != "function") throw new TypeError(); var res = []; var thisp = arguments[1]; for (var i = 0; i < len; i++) { if (i in t) { var val = t[i]; if (fun.call(thisp, val, i, t)) res.push(val); } } return res; }; } Antivirus reports:
| ||
http://www.officepeers.com/static/jscript/ajax.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 4013 Content-Type: text/javascript | clean |
http://www.officepeers.com/static/jscript/thickbox/thickbox.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 22815 Content-Type: text/javascript | clean |
http://www.officepeers.com/module/friend/static/jscript/search.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 8140 Content-Type: text/javascript | clean |
http://www.officepeers.com/static/jscript/jquery/plugin/jquery.highlightFade.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 7510 Content-Type: text/javascript | clean |
http://www.officepeers.com/static/jscript/jquery/plugin/jquery.scrollTo.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 7715 Content-Type: text/javascript | clean |
http://www.officepeers.com/static/jscript/jquery/plugin/imgnotes/jquery.tag.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 4845 Content-Type: text/javascript | clean |
http://www.officepeers.com/static/jscript/jquery/plugin/imgnotes/jquery.imgareaselect.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 21173 Content-Type: text/javascript | clean |
http://www.officepeers.com/static/jscript/jquery/plugin/imgnotes/jquery.imgnotes.js?v=44f24726dcd044654a6abc02b19d2c2b | 200 OK Content-Length: 1873 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=officepeers.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://officepeers.com/
Result: officepeers.com is not infected or malware details are not published yet.
Result: officepeers.com is not infected or malware details are not published yet.