Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://www.ttisonlinedirectory.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.ttisonlinedirectory.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 21 May 2014 07:13:07 GMT Location: http://kmlps.mrslove.com/ Server: Apache/2.2.8 (Win32) PHP/5.2.6 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.6 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://www.ttisonlinedirectory.com/ | 200 OK Content-Length: 21850 Content-Type: text/html | clean |
http://www.ttisonlinedirectory.com/templates/ttis/js/encode.js | 200 OK Content-Length: 3634 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function urlencode( str ) {
var hash_map = {}, unicodeStr='', hexEscStr=''; var ret = (str+'').toString(); var replacer = function(search, replace, str) { var tmp_arr = []; tmp_arr = str.split(search); return tmp_arr.join(replace); }; hash_map["'"] = '%27'; hash_map['('] = '%28'; hash_map[')'] hash_map['\u009D'] = '%9D'; hash_map['\u017E'] = '%9E'; hash_map['\u0178'] = '%9F'; ret = encodeURIComponent(ret); for (unicodeStr in hash_map) { hexEscStr = hash_map[unicodeStr]; ret = replacer(unicodeStr, hexEscStr, ret); } return ret.replace(/(\%([a-z0-9]{2}))/g, function(full, m1, m2) { return "%"+m2.toUpperCase(); }); } Antivirus reports:
| ||
http://hits.truehits.in.th/data/t0029963.js | 200 OK Content-Length: 410 Content-Type: application/x-javascript | clean |
http://www.ttisonlinedirectory.com/home | 200 OK Content-Length: 21365 Content-Type: text/html | clean |
http://www.ttisonlinedirectory.com/Logistics1 | 200 OK Content-Length: 8016 Content-Type: text/html | clean |
http://202.176.82.68/modules/mod_fpss/mod_fpss/engines/jquery-comp.js | 200 OK Content-Length: 31043 Content-Type: application/javascript | clean |
http://202.176.82.68/modules/mod_fpss/mod_fpss/engines/jquery-fpss-comp.js | 200 OK Content-Length: 5978 Content-Type: application/javascript | clean |
http://www.ttisonlinedirectory.com/garment | 200 OK Content-Length: 42576 Content-Type: text/html | clean |
http://www.ttisonlinedirectory.com/Textile1 | 200 OK Content-Length: 47841 Content-Type: text/html | clean |
http://www.ttisonlinedirectory.com/user/login | 200 OK Content-Length: 15652 Content-Type: text/html | clean |
http://www.ttisonlinedirectory.com/user/register | 200 OK Content-Length: 20284 Content-Type: text/html | clean |
http://www.ttisonlinedirectory.com/7/home | 200 OK Content-Length: 18344 Content-Type: text/html | clean |
http://www.ttisonlinedirectory.com/1/home | 200 OK Content-Length: 15345 Content-Type: text/html | clean |
http://www.ttisonlinedirectory.com/2/home | 200 OK Content-Length: 14440 Content-Type: text/html | clean |
http://www.ttisonlinedirectory.com/3/home | 200 OK Content-Length: 16584 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ttisonlinedirectory.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ttisonlinedirectory.com/
Result: ttisonlinedirectory.com is not infected or malware details are not published yet.
Result: ttisonlinedirectory.com is not infected or malware details are not published yet.