Scanned pages/files
Request | Server response | Status |
http://pinoy411.com/ | 200 OK Content-Length: 10553 Content-Type: text/html | clean |
http://pinoy411.com/scripts/common.js | 200 OK Content-Length: 14754 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isInternetExplorer = (navigator.appName.indexOf("Microsoft") != -1); function countSpaces(obj){ var iLength = obj.value.length; var strSpaces = obj.value.match(new RegExp("( )", "g")); var countSpaces = strSpaces ? strSpaces.length : 0; return countSpaces; } function countLineBreaks(obj){ var iLength = obj.value.length; var strLineBreaks = obj.value.match(new RegExp("(\\n)", "g")); var countLineBreaks = strLineBreaks ? strLineBreaks.length : 0;< histogram['\u0153'] = '%9C'; histogram['\u009D'] = '%9D'; histogram['\u017E'] = '%9E'; histogram['\u0178'] = '%9F'; ret = encodeURIComponent(ret); for (search in histogram) { replace = histogram[search]; ret = replacer(search, replace, ret) } return ret.replace(/(\%([a-z0-9]{2}))/g, function(full, m1, m2) { return "%"+m2.toUpperCase(); }); return ret; } Antivirus reports:
| ||
http://pinoy411.com/lang/en_us.js | 200 OK Content-Length: 2976 Content-Type: application/javascript | clean |
http://pinoy411.com/scripts/jquery.js | 200 OK Content-Length: 57254 Content-Type: application/javascript | clean |
http://pinoy411.com/scripts/jquery/jquery_ui/js/jquery-ui-1.7.2.custom.min.js | 200 OK Content-Length: 192628 Content-Type: application/javascript | clean |
http://pinoy411.com/scripts/jquery/jquery.autocomplete.min.js | 200 OK Content-Length: 13302 Content-Type: application/javascript | clean |
http://pinoy411.com/scripts/jquery/jquery.thickbox.min.js | 200 OK Content-Length: 9618 Content-Type: application/javascript | clean |
http://pinoy411.com/scripts/jquery/jquery.cookie.min.js | 200 OK Content-Length: 1207 Content-Type: application/javascript | clean |
http://pinoy411.com/frontend/nivo/scripts/jquery-1.4.3.min.js | 200 OK Content-Length: 77746 Content-Type: application/javascript | clean |
http://pinoy411.com/frontend/nivo/jquery.nivo.slider.pack.js | 200 OK Content-Length: 11939 Content-Type: application/javascript | clean |
http://pinoy411.com/profile/add.php | 200 OK Content-Length: 4945 Content-Type: text/html | clean |
http://pinoy411.com/index.php | 200 OK Content-Length: 11133 Content-Type: text/html | clean |
http://pinoy411.com/banner_reports.php?id=12 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 09 Oct 2014 14:22:03 GMT Pragma: no-cache Location: http://www.titorads.com/ Server: Apache Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=46052ad480aec406f059fdfdd3c01df9; path=/ Set-Cookie: fbcsrf_=7e97ce0286130b144ec5f7b4031faf87; expires=Thu, 09-Oct-2014 15:22:03 GMT; path=/ X-Powered-By: PHP/5.3.27 | clean |
http://www.titorads.com/ | 200 OK Content-Length: 9389 Content-Type: text/html | clean |
http://www.titorads.com/js/vendor/modernizr-2.6.2.min.js | 200 OK Content-Length: 15414 Content-Type: text/javascript | clean |
http://pinoy411.com/jquery.min.js | 404 Not Found Content-Length: 330 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pinoy411.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 09 Oct 2014 14:21:37 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=UTF-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Set-Cookie: PHPSESSID=e1eb3f469824a7c28210f1b1ee1b5d11; path=/
Set-Cookie: fbcsrf_=8289601c4ecdc213d6dbaac90cdf0510; expires=Thu, 09-Oct-2014 15:21:38 GMT; path=/
X-Died: timeout at scan.pm line 1546.
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: pinoy411.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 09 Oct 2014 14:21:37 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=UTF-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Set-Cookie: PHPSESSID=e1eb3f469824a7c28210f1b1ee1b5d11; path=/
Set-Cookie: fbcsrf_=8289601c4ecdc213d6dbaac90cdf0510; expires=Thu, 09-Oct-2014 15:21:38 GMT; path=/
X-Died: timeout at scan.pm line 1546.
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: pinoy411.com
Referer: http://www.google.com/search?q=pinoy411.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pinoy411.com
Referer: http://www.google.com/search?q=pinoy411.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pinoy411.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pinoy411.com/
Result: pinoy411.com is not infected or malware details are not published yet.
Result: pinoy411.com is not infected or malware details are not published yet.