Scanned pages/files
Request | Server response | Status |
http://paydayvendor.com/ | 200 OK Content-Length: 18968 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://paydayvendor.com/js/jquery.easing.1.3.js | 200 OK Content-Length: 8097 Content-Type: application/javascript | clean |
http://paydayvendor.com/js/jquery.ennui.contentslider.js | 200 OK Content-Length: 4514 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 22456 Content-Type: text/javascript | clean |
http://paydayvendor.com/index.shtml | 200 OK Content-Length: 18968 Content-Type: text/html | clean |
http://paydayvendor.com/paydayloans.shtml | 200 OK Content-Length: 23083 Content-Type: text/html | clean |
http://paydayvendor.com/js/jquery.chili-2.2.js | HTTP/1.1 302 Found Cache-Control: max-age=3600 Connection: close Date: Mon, 12 May 2014 21:55:18 GMT Accept-Ranges: bytes Age: 0 Location: http://www.linkingback.com Server: Apache/2 Content-Length: 210 Content-Type: text/html; charset=iso-8859-1 Expires: Mon, 12 May 2014 22:55:18 GMT | clean |
http://www.linkingback.com/ | 200 OK Content-Length: 120411 Content-Type: text/html | clean |
http://resources.infolinks.com/js/infolinks_main.js | 200 OK Content-Length: 2207 Content-Type: application/x-javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://cdn2.editmysite.com/js/site/main.js?buildTime=1399070697 | 200 OK Content-Length: 108373 Content-Type: application/x-javascript | clean |
http://cdn2.editmysite.com/js/site/commerce-core.js?buildTime=1399070697 | 200 OK Content-Length: 239377 Content-Type: application/x-javascript | clean |
http://cdn2.editmysite.com/js/site/main-commerce-browse.js?buildTime=1399070697 | 200 OK Content-Length: 31022 Content-Type: application/x-javascript | clean |
http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 200 OK Content-Length: 21017 Content-Type: text/javascript | clean |
http://ads.cpxcenter.com/cpxcenter/showAd.php?nid=4&zone=54668&type=banner&sid=40483&pid=38244&subid= | 200 OK Content-Length: 688 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<img src=\"http://tr4.myroitracking.com/newServing/tracking_id.php?d=ads.cpxcenter.com&r=http%3A%2F%2Fads.cpxcenter.com%2FnewServing%2Ftracking_id.php%3Fb%3D1%26>ruid=1\" width=\"1\" height=\"1\" />"); private_label_prefix = "cpxcenter"; cpxcenter_service = "ads.cpxcenter.com"; cpxcenter_nid = 4; cpxcenter_pid = 38244; cpxcenter_sid = 40483; cpxcenter_zone = 54668; cpxcenter_type = "banner"; if ( typeof(CpxCenter) == "undefined" ) { document.write('<script type="text/javascript" src="http://static.hatid.com/newServing/js/cpxcenter.js"></script>'); } else { CpxCenter.bootstrap(false); } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: paydayvendor.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 12 May 2014 21:55:13 GMT
Accept-Ranges: bytes
Accept-Ranges: bytes
Age: 0
Server: Apache/2
Content-Length: 18968
Content-Type: text/html
...18968 bytes of data.
GET / HTTP/1.1
Host: paydayvendor.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 12 May 2014 21:55:13 GMT
Accept-Ranges: bytes
Accept-Ranges: bytes
Age: 0
Server: Apache/2
Content-Length: 18968
Content-Type: text/html
...18968 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: paydayvendor.com
Referer: http://www.google.com/search?q=paydayvendor.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: paydayvendor.com
Referer: http://www.google.com/search?q=paydayvendor.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=paydayvendor.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://paydayvendor.com/
Result: paydayvendor.com is not infected or malware details are not published yet.
Result: paydayvendor.com is not infected or malware details are not published yet.