Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bendervision.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.bendervision.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 28 Jan 2015 11:33:29 GMT Location: http://hiremyhero.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_auth_passthrough/2.1 Content-Length: 413 Content-Type: text/html; charset=iso-8859-1 | clean |
http://hiremyhero.com/ | 200 OK Content-Length: 9047 Content-Type: text/html | clean |
http://hiremyhero.com/test404page.js | 404 Not Found Content-Length: 16361 Content-Type: text/html | clean |
http://hiremyhero.com/scripts/common.js | 200 OK Content-Length: 15307 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isInternetExplorer = (navigator.appName.indexOf("Microsoft") != -1); function countSpaces(obj){ var iLength = obj.value.length; var strSpaces = obj.value.match(new RegExp("( )", "g")); var countSpaces = strSpaces ? strSpaces.length : 0; return countSpaces; } function countLineBreaks(obj){ var iLength = obj.value.length; var strLineBreaks = obj.value.match(new RegExp("(\\n)", "g")); var countLineBreaks = strLineB histogram['\u009D'] = '%9D'; histogram['\u017E'] = '%9E'; histogram['\u0178'] = '%9F'; ret = encodeURIComponent(ret); for (searchT in histogram) { replace = histogram[searchT]; ret = replacer(searchT, replace, ret) } return ret.replace(/(\%([a-z0-9]{2}))/g, function(full, m1, m2) { return "%"+m2.toUpperCase(); }); return ret; } Antivirus reports:
| ||
http://hiremyhero.com/lang/en_us.js | 200 OK Content-Length: 3011 Content-Type: application/javascript | clean |
http://hiremyhero.com/scripts/jquery.js | 200 OK Content-Length: 57272 Content-Type: application/javascript | clean |
http://hiremyhero.com/scripts/jquery/urlencode.js | 200 OK Content-Length: 560 Content-Type: application/javascript | clean |
http://hiremyhero.com/scripts/jquery/jquery.easySlider1.7.js | 200 OK Content-Length: 6021 Content-Type: application/javascript | clean |
http://hiremyhero.com/scripts/advancedsearch.js | 200 OK Content-Length: 3594 Content-Type: application/javascript | clean |
http://hiremyhero.com/scripts/jquery/jquery_ui/js/jquery-ui-1.7.2.custom.min.js | 200 OK Content-Length: 192925 Content-Type: application/javascript | clean |
http://hiremyhero.com/scripts/jquery/jquery.autocomplete.min.js | 200 OK Content-Length: 13374 Content-Type: application/javascript | clean |
http://hiremyhero.com/scripts/jquery/jquery.thickbox.min.js | 200 OK Content-Length: 9628 Content-Type: application/javascript | clean |
http://hiremyhero.com/scripts/jquery/jquery.cookie.min.js | 200 OK Content-Length: 1221 Content-Type: application/javascript | clean |
http://hiremyhero.com/custom/domain_1/tmp/min_errorpagephp_492066575568.js | 200 OK Content-Length: 21012 Content-Type: application/javascript | clean |
http://hiremyhero.com/profile/add.php | 200 OK Content-Length: 23853 Content-Type: text/html | clean |
http://hiremyhero.com/scripts/checkpasswordstrength.js | 200 OK Content-Length: 1921 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bendervision.com
Result:
GET / HTTP/1.1
Host: bendervision.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: bendervision.com
Referer: http://www.google.com/search?q=bendervision.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bendervision.com
Referer: http://www.google.com/search?q=bendervision.com
Result:
The result is similar to the first query. There are no suspicious redirects found.