Scanned pages/files
| Request | Server response | Status |
http://toddlerstravel.com/ | HTTP/1.1 302 Object moved Cache-Control: private Connection: close Date: Tue, 26 Aug 2014 10:35:22 GMT Location: http://www.ibuddy.com Server: Microsoft-IIS/6.0 Content-Length: 142 Content-Type: text/html X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET X-Server: sjl08 | clean |
http://www.ibuddy.com/ | HTTP/1.1 302 Object moved Cache-Control: private Connection: close Date: Tue, 26 Aug 2014 10:35:22 GMT Location: http://signup.ibuddy.com Server: Microsoft-IIS/6.0 Content-Length: 145 Content-Type: text/html X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET X-Server: sjl08 | clean |
http://signup.ibuddy.com/ | 200 OK Content-Length: 3957 Content-Type: text/html | clean |
http://signup.ibuddy.com/js/ignition-current.min.js | 200 OK Content-Length: 145668 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) "object"!==typeof JSON&&(JSON={}); (function(){function e(f){return 10>f?"0"+f:f}function f(f){s.lastIndex=0;return s.test(f)?'"'+f.replace(s,function(f){var e=j[f];return"string"===typeof e?e:"\\u"+("0000"+f.charCodeAt(0).toString(16)).slice(-4)})+'"':'"'+f+'"'}function p(e,j){var l,B,q,s,Z=t,L,x=j[e];x&&("object"===typeof x&&"function"===typeof x.toJSON)&&(x=x.toJSON(e));"function"===typeof m&&(x=m.call(j,e,x));switch(typeof x){case "string":retur $.each(f,function(e,f){p(f)});e.empty()}})};window.IgnitionInstance=e;$("#lr-widget").each(function(){var f={};$(this).attr("rel")?f.site_id=$(this).attr("rel"):f.domain=window.location.hostname;$(this).attr("data-unlaunched")&&(f.useUnlaunchedInfo=!0);var j=new e($(this),f);j.initLive(function(){window.lrInitCallback&&window.lrInitCallback(j,this)});window.lrIgnition=j})})}(); Antivirus reports:
| ||
http://toddlerstravel.com/test404page.js | HTTP/1.1 302 Object moved Cache-Control: private Connection: close Date: Tue, 26 Aug 2014 10:35:26 GMT Location: http://www.ibuddy.com/test404page.js Server: Microsoft-IIS/6.0 Content-Length: 157 Content-Type: text/html X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET X-Server: ash06 | clean |
http://www.ibuddy.com/test404page.js | 500 Status read failed: Соединение ÑазоÑвано дÑÑгой ÑÑоÑоной Content-Length: 140 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: toddlerstravel.com
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Connection: close
Date: Tue, 26 Aug 2014 10:35:22 GMT
Location: http://www.ibuddy.com
Server: Microsoft-IIS/6.0
Content-Length: 142
Content-Type: text/html
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Server: sjl08
...142 bytes of data.
GET / HTTP/1.1
Host: toddlerstravel.com
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Connection: close
Date: Tue, 26 Aug 2014 10:35:22 GMT
Location: http://www.ibuddy.com
Server: Microsoft-IIS/6.0
Content-Length: 142
Content-Type: text/html
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Server: sjl08
...142 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: toddlerstravel.com
Referer: http://www.google.com/search?q=toddlerstravel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: toddlerstravel.com
Referer: http://www.google.com/search?q=toddlerstravel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=toddlerstravel.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://toddlerstravel.com/
Result: toddlerstravel.com is not infected or malware details are not published yet.
Result: toddlerstravel.com is not infected or malware details are not published yet.