Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.therivaspa.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.therivaspa.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 01 Sep 2014 02:15:21 GMT Location: http://goo.gl/qSaO2y Server: nginx/1.6.1 Content-Length: 296 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://goo.gl/qSaO2y (imitation of visitor from search engine) GET /qSaO2y HTTP/1.1 Host: goo.gl Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Mon, 01 Sep 2014 02:15:21 GMT Pragma: no-cache Location: http://glbonus.in/?partner=Pashkela Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | malicious |
URL: http://glbonus.in/?partner=Pashkela (imitation of visitor from search engine) GET /?partner=Pashkela HTTP/1.1 Host: glbonus.in Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Found Connection: close Date: Mon, 01 Sep 2014 02:16:04 GMT Location: http://goldline.pro/?partner=Pashkela Server: Apache/2.2.22 (Ubuntu) Vary: Accept-Encoding Content-Length: 221 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.therivaspa.com/ | 200 OK Content-Length: 7900 Content-Type: text/html | clean |
http://www.therivaspa.com/js/jquery.min.js | 200 OK Content-Length: 72176 Content-Type: application/javascript | clean |
http://www.therivaspa.com/js/s3Slider.js | 200 OK Content-Length: 4121 Content-Type: application/javascript | clean |
http://www.therivaspa.com/js/jquery.meerkat.1.3.js | 200 OK Content-Length: 8226 Content-Type: application/javascript | clean |
http://www.therivaspa.com/js/jquery.cookie.js | 200 OK Content-Length: 4249 Content-Type: application/javascript | clean |
http://www.therivaspa.com/index.html | 200 OK Content-Length: 7900 Content-Type: text/html | clean |
http://www.therivaspa.com/news.html | 200 OK Content-Length: 2976 Content-Type: text/html | clean |
http://www.therivaspa.com/treatment.html | 200 OK Content-Length: 10944 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) Galleria.loadTheme('classic/galleria.classic.js'); $('#galleria').galleria({ image_crop: true, transition: 'fade', data_config: function(img) { return { description: $(img).next('p').html() }; } }); Antivirus reports:
| ||
http://www.therivaspa.com/js/jquery.dropdownPlain.js | 200 OK Content-Length: 377 Content-Type: application/javascript | clean |
http://www.therivaspa.com/js/galleria.js | 200 OK Content-Length: 40760 Content-Type: application/javascript | clean |
http://www.therivaspa.com/gallery.html | 200 OK Content-Length: 13016 Content-Type: text/html | clean |
http://www.therivaspa.com/js/jquery.js | 200 OK Content-Length: 100198 Content-Type: application/javascript | clean |
http://www.therivaspa.com/js/jquery.lightbox-0.5.js | 200 OK Content-Length: 19607 Content-Type: application/javascript | clean |
http://www.therivaspa.com/promotion.html | 200 OK Content-Length: 4205 Content-Type: text/html | clean |
http://www.therivaspa.com/service.html | 200 OK Content-Length: 14717 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=therivaspa.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://therivaspa.com/
Result: therivaspa.com is not infected or malware details are not published yet.
Result: therivaspa.com is not infected or malware details are not published yet.