Scanned pages/files
Request | Server response | Status |
http://yourinsurancecantdothis.net/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 31 Aug 2014 16:41:19 GMT Location: http://www.aflac.com Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
http://www.aflac.com/ | 200 OK Content-Length: 49965 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=2013_716;cat=2013_029;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=2013_716;cat=2013_029;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=2013_716;cat=2013_029;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=2013_716;cat=2013_029;ord=1? <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=2013_716;cat=2013_029;ord=1?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://www.aflac.com/handlers/ResourceLoader.aspx?key=javascript | 200 OK Content-Length: 300383 Content-Type: text/javascript | clean |
http://yourinsurancecantdothis.net/js/jquery/jquery.pngFix.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 31 Aug 2014 16:41:25 GMT Location: http://www.aflac.com Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
http://www.aflac.com/test404page.js | 404 Not Found Content-Length: 54917 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_822;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_822;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_445;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_445;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_338;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_338;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_693;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_693;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_602;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_602;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_373;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_373;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_013;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_013;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_698;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_698;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_001;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_001;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_900;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_900;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_850;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_850;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_623;ord= <iframe src="http://2892239.fls.doubleclick.net/activityi;src=2892239;type=searc109;cat=2013_623;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://www.aflac.com/handlers/ResourceLoader.aspx?key=javascript&version=1 | 200 OK Content-Length: 300383 Content-Type: text/javascript | clean |
http://www.aflac.com/js/jquery/jquery.pngFix.js | 200 OK Content-Length: 4900 Content-Type: application/x-javascript | clean |
http://www.aflac.com/js/webtrends.load.js | 200 OK Content-Length: 900 Content-Type: application/x-javascript | clean |
http://www.aflac.com/WebResource.axd?d=5XfWHPcsnD5zirj6OmzTiWIChH-YHLZ4NNU0zAkYpC1hhoK19PHWJW16hr1QFFfug_OYP8R2GWC_dRMKyjwEfHBi6w41&t=635377059862937887 | 200 OK Content-Length: 20794 Content-Type: application/x-javascript | clean |
http://www.aflac.com/ScriptResource.axd?d=q3zR_k4xXkWSXOYwwPfkSWKaZmIkYyuRhxKDuuyJpYB7mSkKa69WYDQd2BswGe5hZK6Aht53bxCWMtOazPL2WBJHSGXoi8CR28QDyjDLxNKgMPJe1tyWJgqcxPyHgN1SvhaYD9tELAJnbkvSIcTEYma5umk1&t=ffffffff86eb03bc | 200 OK Content-Length: 99504 Content-Type: application/x-javascript | clean |
http://www.aflac.com/ScriptResource.axd?d=NVWciWHeDZjEtZq-k2uZcvd0j355qAUvZ8lZi4TPp3knJBspZWWmLy3Dg8MUAwuR9pQFp4LGvH2fHSjR6C9HpxP-IbqRDISeJLbqlI3WthRnqxkMQQUI8XjXbCre5mreQjgrzzCoBY32EutVFcfBMd9d298qUjhIuM7pcVwxy3YymBfH0&t=ffffffff86eb03bc | 200 OK Content-Length: 32226 Content-Type: application/x-javascript | clean |
http://s7.addthis.com/js/250/addthis_widget.js | 200 OK Content-Length: 6875 Content-Type: text/javascript | clean |
http://www.aflac.com/individuals/default.aspx | 200 OK Content-Length: 80008 Content-Type: text/html | clean |
http://www.aflac.com/WebResource.axd?d=5XfWHPcsnD5zirj6OmzTiWIChH-YHLZ4NNU0zAkYpC1hhoK19PHWJW16hr1QFFfug_OYP8R2GWC_dRMKyjwEfHBi6w41&t=635377095109066535 | 200 OK Content-Length: 20794 Content-Type: application/x-javascript | clean |
http://www.aflac.com/ScriptResource.axd?d=q3zR_k4xXkWSXOYwwPfkSWKaZmIkYyuRhxKDuuyJpYB7mSkKa69WYDQd2BswGe5hZK6Aht53bxCWMtOazPL2WBJHSGXoi8CR28QDyjDLxNKgMPJe1tyWJgqcxPyHgN1SvhaYD9tELAJnbkvSIcTEYma5umk1&t=ffffffff9e13b7d1 | 200 OK Content-Length: 99504 Content-Type: application/x-javascript | clean |
http://www.aflac.com/ScriptResource.axd?d=NVWciWHeDZjEtZq-k2uZcvd0j355qAUvZ8lZi4TPp3knJBspZWWmLy3Dg8MUAwuR9pQFp4LGvH2fHSjR6C9HpxP-IbqRDISeJLbqlI3WthRnqxkMQQUI8XjXbCre5mreQjgrzzCoBY32EutVFcfBMd9d298qUjhIuM7pcVwxy3YymBfH0&t=ffffffff9e13b7d1 | 200 OK Content-Length: 32226 Content-Type: application/x-javascript | clean |
http://www.aflac.com/js/jquery/arc90_multiselect.js | 200 OK Content-Length: 16886 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yourinsurancecantdothis.net
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 31 Aug 2014 16:41:19 GMT
Location: http://www.aflac.com
Server: Apache-Coyote/1.1
Content-Length: 0
...0 bytes of data.
GET / HTTP/1.1
Host: yourinsurancecantdothis.net
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sun, 31 Aug 2014 16:41:19 GMT
Location: http://www.aflac.com
Server: Apache-Coyote/1.1
Content-Length: 0
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: yourinsurancecantdothis.net
Referer: http://www.google.com/search?q=yourinsurancecantdothis.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yourinsurancecantdothis.net
Referer: http://www.google.com/search?q=yourinsurancecantdothis.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yourinsurancecantdothis.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://yourinsurancecantdothis.net/
Result: yourinsurancecantdothis.net is not infected or malware details are not published yet.
Result: yourinsurancecantdothis.net is not infected or malware details are not published yet.