Scanned pages/files
Request | Server response | Status |
http://xmenzone.net/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 23:04:31 GMT Location: http://marvel.com/ Server: Apache Vary: Accept-Encoding Content-Length: 226 Content-Type: text/html; charset=iso-8859-1 | clean |
http://marvel.com/ | 200 OK Content-Length: 143572 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1? <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord= <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://i.annihil.us/u/prod/marvel/s/js/4712f50cc156b4e1ae664b83c693c9a4.js | 200 OK Content-Length: 182865 Content-Type: application/javascript | clean |
http://i.annihil.us/u/prod/marvel/s/js/fdece4ebb271cc9039c77cdd7d297d1a.js | 200 OK Content-Length: 953 Content-Type: application/javascript | clean |
http://admin.brightcove.com/js/BrightcoveExperiences_all.js | 200 OK Content-Length: 109526 Content-Type: application/x-javascript | clean |
http://xmenzone.net//marvel.com/i/js/marvelvideo.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 23:04:44 GMT Location: http://marvel.com/marvel.com/i/js/marvelvideo.js/ Server: Apache Vary: Accept-Encoding Content-Length: 257 Content-Type: text/html; charset=iso-8859-1 | clean |
http://marvel.com/marvel.com/i/js/marvelvideo.js/ | 404 Not Found Content-Length: 33275 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1? <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord= <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://www.googleadservices.com/pagead/conversion.js | 200 OK Content-Length: 9448 Content-Type: text/javascript | clean |
http://i.annihil.us/u/prod/marvel/s/js/c131c5f5e1add64db9ef9748da6b913a.js | 200 OK Content-Length: 21528 Content-Type: application/javascript | clean |
http://xmenzone.net/characters | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 23:04:47 GMT Location: http://marvel.com/characters Server: Apache Vary: Accept-Encoding Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 | clean |
http://marvel.com/characters | 200 OK Content-Length: 95812 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord= <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1? <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://i.annihil.us/u/prod/marvel/s/js/cfb5f4bb1f1a83c01111ca26c20b208e.js | 200 OK Content-Length: 32981 Content-Type: application/javascript | clean |
http://i.annihil.us/u/prod/marvel/s/js/82c29872f39aca59ae7a170d16f7d0ae.js | 200 OK Content-Length: 13405 Content-Type: application/javascript | clean |
http://xmenzone.net/characters/browse | 404 Not Found Content-Length: 11161 Content-Type: text/html | clean |
http://i.annihil.us/u/prod/newkids/s/js/v7_global_head_default_3bc9c21a6e9c679c193402ff46fe074b29f53fb7.js | 200 OK Content-Length: 126541 Content-Type: application/javascript | clean |
http://xmenzone.net/characters/1009610/spider-man | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 23:04:53 GMT Location: http://marvel.com/characters/1009610/spider-man Server: Apache Vary: Accept-Encoding Content-Length: 255 Content-Type: text/html; charset=iso-8859-1 | clean |
http://marvel.com/characters/1009610/spider-man | 404 Not Found Content-Length: 35144 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1? <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord= <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://i.annihil.us/u/prod/marvel/s/js/480d5703a58c52fb494a155a5fb777fc.js | 200 OK Content-Length: 25636 Content-Type: application/javascript | clean |
http://xmenzone.net/characters/list/994/top_marvel_heroes | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 02 Sep 2014 23:04:55 GMT Location: http://marvel.com/characters/list/994/top_marvel_heroes Server: Apache Vary: Accept-Encoding Content-Length: 263 Content-Type: text/html; charset=iso-8859-1 | clean |
http://marvel.com/characters/list/994/top_marvel_heroes | 200 OK Content-Length: 42522 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1? <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord= <iframe src="http://3944448.fls.doubleclick.net/activityi;src=3944448;type=m_mar096;cat=m_mar451;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xmenzone.net
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 02 Sep 2014 23:04:31 GMT
Location: http://marvel.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1
...226 bytes of data.
GET / HTTP/1.1
Host: xmenzone.net
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 02 Sep 2014 23:04:31 GMT
Location: http://marvel.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 226
Content-Type: text/html; charset=iso-8859-1
...226 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xmenzone.net
Referer: http://www.google.com/search?q=xmenzone.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xmenzone.net
Referer: http://www.google.com/search?q=xmenzone.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xmenzone.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xmenzone.net/
Result: xmenzone.net is not infected or malware details are not published yet.
Result: xmenzone.net is not infected or malware details are not published yet.